Windows Analysis Report
YHcZGpLBUw.exe

Overview

General Information

Sample name: YHcZGpLBUw.exe
renamed because original name is a hash value
Original sample name: d028e3b4d6ebc62c3c23bdb8d7e09f1dc85acda7547f9dea476ea8e3023e81f2.exe
Analysis ID: 1410997
MD5: 0cb08733be50d8a3c7685beb4aa1a65e
SHA1: 0baa67453d45c82ebcae84d57124b2bd237795d6
SHA256: d028e3b4d6ebc62c3c23bdb8d7e09f1dc85acda7547f9dea476ea8e3023e81f2
Tags: exe
Infos:

Detection

FormBook
Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
One or more processes crash
PE file does not import any functions
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: YHcZGpLBUw.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: YHcZGpLBUw.exe ReversingLabs: Detection: 55%
Yara detected FormBook
Source: Yara match File source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Machine Learning detection for sample
Source: YHcZGpLBUw.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: YHcZGpLBUw.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: YHcZGpLBUw.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: YHcZGpLBUw.exe, 00000000.00000003.1713007738.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000003.1710961964.0000000001447000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.000000000193E000.00000040.00001000.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: YHcZGpLBUw.exe, YHcZGpLBUw.exe, 00000000.00000003.1713007738.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000003.1710961964.0000000001447000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.000000000193E000.00000040.00001000.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp
Source: Amcache.hve.3.dr String found in binary or memory: http://upx.sf.net

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Contains functionality to call native functions
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0021B323 NtCreateFile, 0_2_0021B323
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0021B553 NtReadFile, 0_2_0021B553
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0023BD83 NtClose, 0_2_0023BD83
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0021BDE3 NtAllocateVirtualMemory, 0_2_0021BDE3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00211ABD NtProtectVirtualMemory,NtProtectVirtualMemory, 0_2_00211ABD
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00211A8D NtProtectVirtualMemory,NtProtectVirtualMemory, 0_2_00211A8D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812DF0 NtQuerySystemInformation,LdrInitializeThunk, 0_2_01812DF0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01814340 NtSetContextThread, 0_2_01814340
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01814650 NtSuspendThread, 0_2_01814650
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812B80 NtQueryInformationFile, 0_2_01812B80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812BA0 NtEnumerateValueKey, 0_2_01812BA0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812BE0 NtQueryValueKey, 0_2_01812BE0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812BF0 NtAllocateVirtualMemory, 0_2_01812BF0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812B60 NtClose, 0_2_01812B60
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812AB0 NtWaitForSingleObject, 0_2_01812AB0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812AD0 NtReadFile, 0_2_01812AD0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812AF0 NtWriteFile, 0_2_01812AF0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812DB0 NtEnumerateKey, 0_2_01812DB0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812DD0 NtDelayExecution, 0_2_01812DD0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812D00 NtSetInformationFile, 0_2_01812D00
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812D10 NtMapViewOfSection, 0_2_01812D10
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812D30 NtUnmapViewOfSection, 0_2_01812D30
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812CA0 NtQueryInformationToken, 0_2_01812CA0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812CC0 NtQueryVirtualMemory, 0_2_01812CC0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812CF0 NtOpenProcess, 0_2_01812CF0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812C00 NtQueryInformationProcess, 0_2_01812C00
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812C60 NtCreateKey, 0_2_01812C60
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812C70 NtFreeVirtualMemory, 0_2_01812C70
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812F90 NtProtectVirtualMemory, 0_2_01812F90
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812FA0 NtQuerySection, 0_2_01812FA0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812FB0 NtResumeThread, 0_2_01812FB0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812FE0 NtCreateFile, 0_2_01812FE0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812F30 NtCreateSection, 0_2_01812F30
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812F60 NtCreateProcessEx, 0_2_01812F60
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812E80 NtReadVirtualMemory, 0_2_01812E80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812EA0 NtAdjustPrivilegesToken, 0_2_01812EA0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812EE0 NtQueueApcThread, 0_2_01812EE0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812E30 NtWriteVirtualMemory, 0_2_01812E30
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01813090 NtSetValueKey, 0_2_01813090
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01813010 NtOpenDirectoryObject, 0_2_01813010
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018135C0 NtCreateMutant, 0_2_018135C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018139B0 NtGetContextThread, 0_2_018139B0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01813D10 NtOpenProcessToken, 0_2_01813D10
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01813D70 NtOpenThread, 0_2_01813D70
Detected potential crypto function
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0023E133 0_2_0023E133
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0021110B 0_2_0021110B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00211110 0_2_00211110
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00213260 0_2_00213260
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00212A50 0_2_00212A50
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00211280 0_2_00211280
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00227C73 0_2_00227C73
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0022152A 0_2_0022152A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00221533 0_2_00221533
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00212ECA 0_2_00212ECA
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00212ED0 0_2_00212ED0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00212710 0_2_00212710
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00221753 0_2_00221753
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0021F7C9 0_2_0021F7C9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0021F7D3 0_2_0021F7D3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A01AA 0_2_018A01AA
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018941A2 0_2_018941A2
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018981CC 0_2_018981CC
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0100 0_2_017D0100
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187A118 0_2_0187A118
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01868158 0_2_01868158
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01872000 0_2_01872000
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A03E6 0_2_018A03E6
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EE3F0 0_2_017EE3F0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189A352 0_2_0189A352
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018602C0 0_2_018602C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A0591 0_2_018A0591
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0535 0_2_017E0535
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0188E4F6 0_2_0188E4F6
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01884420 0_2_01884420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01892446 0_2_01892446
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DC7C0 0_2_017DC7C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01804750 0_2_01804750
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FC6E0 0_2_017FC6E0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F6962 0_2_017F6962
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018AA9A6 0_2_018AA9A6
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E2840 0_2_017E2840
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EA840 0_2_017EA840
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E8F0 0_2_0180E8F0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017C68B8 0_2_017C68B8
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01896BD7 0_2_01896BD7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189AB40 0_2_0189AB40
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DEA80 0_2_017DEA80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EAD00 0_2_017EAD00
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187CD1F 0_2_0187CD1F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DADE0 0_2_017DADE0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F8DBF 0_2_017F8DBF
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880CB5 0_2_01880CB5
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0C00 0_2_017E0C00
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0CF2 0_2_017D0CF2
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185EFA0 0_2_0185EFA0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01822F28 0_2_01822F28
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01800F30 0_2_01800F30
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D2FC8 0_2_017D2FC8
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01882F30 0_2_01882F30
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01854F40 0_2_01854F40
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189CE93 0_2_0189CE93
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0E59 0_2_017E0E59
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189EEDB 0_2_0189EEDB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189EE26 0_2_0189EE26
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F2E90 0_2_017F2E90
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CF172 0_2_017CF172
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EB1B0 0_2_017EB1B0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018AB16B 0_2_018AB16B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0181516C 0_2_0181516C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0188F0CC 0_2_0188F0CC
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018970E9 0_2_018970E9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189F0E0 0_2_0189F0E0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E70C0 0_2_017E70C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0182739A 0_2_0182739A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CD34C 0_2_017CD34C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189132D 0_2_0189132D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018812ED 0_2_018812ED
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FB2C0 0_2_017FB2C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E52A0 0_2_017E52A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187D5B0 0_2_0187D5B0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01897571 0_2_01897571
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D1460 0_2_017D1460
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189F43F 0_2_0189F43F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189F7B0 0_2_0189F7B0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018916CC 0_2_018916CC
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E9950 0_2_017E9950
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FB950 0_2_017FB950
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01875910 0_2_01875910
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184D800 0_2_0184D800
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E38E0 0_2_017E38E0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01855BF0 0_2_01855BF0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0181DBF9 0_2_0181DBF9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189FB76 0_2_0189FB76
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FFB80 0_2_017FFB80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01825AA0 0_2_01825AA0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187DAAC 0_2_0187DAAC
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01881AA3 0_2_01881AA3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0188DAC6 0_2_0188DAC6
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189FA49 0_2_0189FA49
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01897A46 0_2_01897A46
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01853A6C 0_2_01853A6C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E3D40 0_2_017E3D40
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FFDC0 0_2_017FFDC0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01891D5A 0_2_01891D5A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01897D73 0_2_01897D73
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189FCF2 0_2_0189FCF2
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01859C32 0_2_01859C32
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189FFB1 0_2_0189FFB1
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189FF09 0_2_0189FF09
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E1F92 0_2_017E1F92
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E9EB0 0_2_017E9EB0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: String function: 017CB970 appears 265 times
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: String function: 01815130 appears 58 times
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: String function: 0184EA12 appears 86 times
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: String function: 0185F290 appears 105 times
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: String function: 01827E54 appears 100 times
One or more processes crash
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 232
PE file does not import any functions
Source: YHcZGpLBUw.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: YHcZGpLBUw.exe, 00000000.00000002.1801310756.0000000001A71000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs YHcZGpLBUw.exe
Source: YHcZGpLBUw.exe, 00000000.00000003.1713007738.0000000001724000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs YHcZGpLBUw.exe
Source: YHcZGpLBUw.exe, 00000000.00000003.1710961964.000000000156A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs YHcZGpLBUw.exe
Tries to load missing DLLs
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Section loaded: apphelp.dll Jump to behavior
Uses 32bit PE files
Source: YHcZGpLBUw.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: YHcZGpLBUw.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: YHcZGpLBUw.exe Static PE information: Section .text
Source: classification engine Classification label: mal76.troj.winEXE@2/5@0/0
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6444
Source: C:\Windows\SysWOW64\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\6e5e9a11-6bf9-4eec-a547-2a0c265f9772 Jump to behavior
Source: YHcZGpLBUw.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: YHcZGpLBUw.exe ReversingLabs: Detection: 55%
Source: unknown Process created: C:\Users\user\Desktop\YHcZGpLBUw.exe C:\Users\user\Desktop\YHcZGpLBUw.exe
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 232
Source: YHcZGpLBUw.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: YHcZGpLBUw.exe, 00000000.00000003.1713007738.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000003.1710961964.0000000001447000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.000000000193E000.00000040.00001000.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: YHcZGpLBUw.exe, YHcZGpLBUw.exe, 00000000.00000003.1713007738.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000003.1710961964.0000000001447000.00000004.00000020.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.000000000193E000.00000040.00001000.00020000.00000000.sdmp, YHcZGpLBUw.exe, 00000000.00000002.1801310756.00000000017A0000.00000040.00001000.00020000.00000000.sdmp
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_002248C3 push esi; retf 0_2_002248CE
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0023F1F2 push eax; ret 0_2_0023F1F4
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00212223 push cs; iretd 0_2_00212226
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00213570 push eax; ret 0_2_00213572
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00211E26 push esp; retf 0_2_00211E27
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_00237E33 pushfd ; ret 0_2_00237E7A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0022B7F3 push edi; retf 0_2_0022B7F9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D09AD push ecx; mov dword ptr [esp], ecx 0_2_017D09B6
Source: YHcZGpLBUw.exe Static PE information: section name: .text entropy: 7.9948131187267615
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0181096E rdtsc 0_2_0181096E
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe API coverage: 0.5 %
Source: Amcache.hve.3.dr Binary or memory string: VMware
Source: Amcache.hve.3.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.3.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.3.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.3.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.3.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.3.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.3.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.dr Binary or memory string: vmci.sys
Source: Amcache.hve.3.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.3.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.3.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.3.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.dr Binary or memory string: VMware20,1
Source: Amcache.hve.3.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.3.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.3.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.3.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.3.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.3.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.3.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.3.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.3.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.3.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.3.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0181096E rdtsc 0_2_0181096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812DF0 NtQuerySystemInformation,LdrInitializeThunk, 0_2_01812DF0
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0188C188 mov eax, dword ptr fs:[00000030h] 0_2_0188C188
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0188C188 mov eax, dword ptr fs:[00000030h] 0_2_0188C188
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01810185 mov eax, dword ptr fs:[00000030h] 0_2_01810185
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01874180 mov eax, dword ptr fs:[00000030h] 0_2_01874180
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01874180 mov eax, dword ptr fs:[00000030h] 0_2_01874180
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185019F mov eax, dword ptr fs:[00000030h] 0_2_0185019F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185019F mov eax, dword ptr fs:[00000030h] 0_2_0185019F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185019F mov eax, dword ptr fs:[00000030h] 0_2_0185019F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185019F mov eax, dword ptr fs:[00000030h] 0_2_0185019F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D6154 mov eax, dword ptr fs:[00000030h] 0_2_017D6154
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D6154 mov eax, dword ptr fs:[00000030h] 0_2_017D6154
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CC156 mov eax, dword ptr fs:[00000030h] 0_2_017CC156
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018961C3 mov eax, dword ptr fs:[00000030h] 0_2_018961C3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018961C3 mov eax, dword ptr fs:[00000030h] 0_2_018961C3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0184E1D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0184E1D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E1D0 mov ecx, dword ptr fs:[00000030h] 0_2_0184E1D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0184E1D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0184E1D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A61E5 mov eax, dword ptr fs:[00000030h] 0_2_018A61E5
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018001F8 mov eax, dword ptr fs:[00000030h] 0_2_018001F8
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h] 0_2_0187E10E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E10E mov ecx, dword ptr fs:[00000030h] 0_2_0187E10E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h] 0_2_0187E10E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h] 0_2_0187E10E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E10E mov ecx, dword ptr fs:[00000030h] 0_2_0187E10E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h] 0_2_0187E10E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h] 0_2_0187E10E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E10E mov ecx, dword ptr fs:[00000030h] 0_2_0187E10E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E10E mov eax, dword ptr fs:[00000030h] 0_2_0187E10E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E10E mov ecx, dword ptr fs:[00000030h] 0_2_0187E10E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01890115 mov eax, dword ptr fs:[00000030h] 0_2_01890115
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187A118 mov ecx, dword ptr fs:[00000030h] 0_2_0187A118
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187A118 mov eax, dword ptr fs:[00000030h] 0_2_0187A118
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187A118 mov eax, dword ptr fs:[00000030h] 0_2_0187A118
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187A118 mov eax, dword ptr fs:[00000030h] 0_2_0187A118
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01800124 mov eax, dword ptr fs:[00000030h] 0_2_01800124
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01864144 mov eax, dword ptr fs:[00000030h] 0_2_01864144
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01864144 mov eax, dword ptr fs:[00000030h] 0_2_01864144
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01864144 mov ecx, dword ptr fs:[00000030h] 0_2_01864144
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01864144 mov eax, dword ptr fs:[00000030h] 0_2_01864144
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01864144 mov eax, dword ptr fs:[00000030h] 0_2_01864144
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01868158 mov eax, dword ptr fs:[00000030h] 0_2_01868158
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CA197 mov eax, dword ptr fs:[00000030h] 0_2_017CA197
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CA197 mov eax, dword ptr fs:[00000030h] 0_2_017CA197
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CA197 mov eax, dword ptr fs:[00000030h] 0_2_017CA197
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FC073 mov eax, dword ptr fs:[00000030h] 0_2_017FC073
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D2050 mov eax, dword ptr fs:[00000030h] 0_2_017D2050
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018680A8 mov eax, dword ptr fs:[00000030h] 0_2_018680A8
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018960B8 mov eax, dword ptr fs:[00000030h] 0_2_018960B8
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018960B8 mov ecx, dword ptr fs:[00000030h] 0_2_018960B8
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018520DE mov eax, dword ptr fs:[00000030h] 0_2_018520DE
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CA020 mov eax, dword ptr fs:[00000030h] 0_2_017CA020
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CC020 mov eax, dword ptr fs:[00000030h] 0_2_017CC020
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018560E0 mov eax, dword ptr fs:[00000030h] 0_2_018560E0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EE016 mov eax, dword ptr fs:[00000030h] 0_2_017EE016
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EE016 mov eax, dword ptr fs:[00000030h] 0_2_017EE016
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EE016 mov eax, dword ptr fs:[00000030h] 0_2_017EE016
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EE016 mov eax, dword ptr fs:[00000030h] 0_2_017EE016
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018120F0 mov ecx, dword ptr fs:[00000030h] 0_2_018120F0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01854000 mov ecx, dword ptr fs:[00000030h] 0_2_01854000
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01872000 mov eax, dword ptr fs:[00000030h] 0_2_01872000
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01872000 mov eax, dword ptr fs:[00000030h] 0_2_01872000
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01872000 mov eax, dword ptr fs:[00000030h] 0_2_01872000
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01872000 mov eax, dword ptr fs:[00000030h] 0_2_01872000
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01872000 mov eax, dword ptr fs:[00000030h] 0_2_01872000
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01872000 mov eax, dword ptr fs:[00000030h] 0_2_01872000
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01872000 mov eax, dword ptr fs:[00000030h] 0_2_01872000
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01872000 mov eax, dword ptr fs:[00000030h] 0_2_01872000
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CC0F0 mov eax, dword ptr fs:[00000030h] 0_2_017CC0F0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D80E9 mov eax, dword ptr fs:[00000030h] 0_2_017D80E9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CA0E3 mov ecx, dword ptr fs:[00000030h] 0_2_017CA0E3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01866030 mov eax, dword ptr fs:[00000030h] 0_2_01866030
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01856050 mov eax, dword ptr fs:[00000030h] 0_2_01856050
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D208A mov eax, dword ptr fs:[00000030h] 0_2_017D208A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0188C3CD mov eax, dword ptr fs:[00000030h] 0_2_0188C3CD
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018563C0 mov eax, dword ptr fs:[00000030h] 0_2_018563C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018743D4 mov eax, dword ptr fs:[00000030h] 0_2_018743D4
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018743D4 mov eax, dword ptr fs:[00000030h] 0_2_018743D4
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E3DB mov eax, dword ptr fs:[00000030h] 0_2_0187E3DB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E3DB mov eax, dword ptr fs:[00000030h] 0_2_0187E3DB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E3DB mov ecx, dword ptr fs:[00000030h] 0_2_0187E3DB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187E3DB mov eax, dword ptr fs:[00000030h] 0_2_0187E3DB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CC310 mov ecx, dword ptr fs:[00000030h] 0_2_017CC310
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F0310 mov ecx, dword ptr fs:[00000030h] 0_2_017F0310
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018063FF mov eax, dword ptr fs:[00000030h] 0_2_018063FF
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A30B mov eax, dword ptr fs:[00000030h] 0_2_0180A30B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A30B mov eax, dword ptr fs:[00000030h] 0_2_0180A30B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A30B mov eax, dword ptr fs:[00000030h] 0_2_0180A30B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EE3F0 mov eax, dword ptr fs:[00000030h] 0_2_017EE3F0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EE3F0 mov eax, dword ptr fs:[00000030h] 0_2_017EE3F0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EE3F0 mov eax, dword ptr fs:[00000030h] 0_2_017EE3F0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h] 0_2_017E03E9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h] 0_2_017E03E9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h] 0_2_017E03E9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h] 0_2_017E03E9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h] 0_2_017E03E9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h] 0_2_017E03E9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h] 0_2_017E03E9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E03E9 mov eax, dword ptr fs:[00000030h] 0_2_017E03E9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h] 0_2_017DA3C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h] 0_2_017DA3C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h] 0_2_017DA3C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h] 0_2_017DA3C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h] 0_2_017DA3C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA3C0 mov eax, dword ptr fs:[00000030h] 0_2_017DA3C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D83C0 mov eax, dword ptr fs:[00000030h] 0_2_017D83C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D83C0 mov eax, dword ptr fs:[00000030h] 0_2_017D83C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D83C0 mov eax, dword ptr fs:[00000030h] 0_2_017D83C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D83C0 mov eax, dword ptr fs:[00000030h] 0_2_017D83C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01852349 mov eax, dword ptr fs:[00000030h] 0_2_01852349
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01878350 mov ecx, dword ptr fs:[00000030h] 0_2_01878350
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185035C mov eax, dword ptr fs:[00000030h] 0_2_0185035C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185035C mov eax, dword ptr fs:[00000030h] 0_2_0185035C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185035C mov eax, dword ptr fs:[00000030h] 0_2_0185035C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185035C mov ecx, dword ptr fs:[00000030h] 0_2_0185035C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185035C mov eax, dword ptr fs:[00000030h] 0_2_0185035C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185035C mov eax, dword ptr fs:[00000030h] 0_2_0185035C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189A352 mov eax, dword ptr fs:[00000030h] 0_2_0189A352
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017C8397 mov eax, dword ptr fs:[00000030h] 0_2_017C8397
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017C8397 mov eax, dword ptr fs:[00000030h] 0_2_017C8397
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017C8397 mov eax, dword ptr fs:[00000030h] 0_2_017C8397
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F438F mov eax, dword ptr fs:[00000030h] 0_2_017F438F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F438F mov eax, dword ptr fs:[00000030h] 0_2_017F438F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CE388 mov eax, dword ptr fs:[00000030h] 0_2_017CE388
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CE388 mov eax, dword ptr fs:[00000030h] 0_2_017CE388
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CE388 mov eax, dword ptr fs:[00000030h] 0_2_017CE388
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187437C mov eax, dword ptr fs:[00000030h] 0_2_0187437C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E284 mov eax, dword ptr fs:[00000030h] 0_2_0180E284
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E284 mov eax, dword ptr fs:[00000030h] 0_2_0180E284
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01850283 mov eax, dword ptr fs:[00000030h] 0_2_01850283
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01850283 mov eax, dword ptr fs:[00000030h] 0_2_01850283
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01850283 mov eax, dword ptr fs:[00000030h] 0_2_01850283
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017C826B mov eax, dword ptr fs:[00000030h] 0_2_017C826B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D4260 mov eax, dword ptr fs:[00000030h] 0_2_017D4260
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D4260 mov eax, dword ptr fs:[00000030h] 0_2_017D4260
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D4260 mov eax, dword ptr fs:[00000030h] 0_2_017D4260
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D6259 mov eax, dword ptr fs:[00000030h] 0_2_017D6259
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018662A0 mov eax, dword ptr fs:[00000030h] 0_2_018662A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018662A0 mov ecx, dword ptr fs:[00000030h] 0_2_018662A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018662A0 mov eax, dword ptr fs:[00000030h] 0_2_018662A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018662A0 mov eax, dword ptr fs:[00000030h] 0_2_018662A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018662A0 mov eax, dword ptr fs:[00000030h] 0_2_018662A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018662A0 mov eax, dword ptr fs:[00000030h] 0_2_018662A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CA250 mov eax, dword ptr fs:[00000030h] 0_2_017CA250
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017C823B mov eax, dword ptr fs:[00000030h] 0_2_017C823B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E02E1 mov eax, dword ptr fs:[00000030h] 0_2_017E02E1
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E02E1 mov eax, dword ptr fs:[00000030h] 0_2_017E02E1
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E02E1 mov eax, dword ptr fs:[00000030h] 0_2_017E02E1
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA2C3 mov eax, dword ptr fs:[00000030h] 0_2_017DA2C3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA2C3 mov eax, dword ptr fs:[00000030h] 0_2_017DA2C3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA2C3 mov eax, dword ptr fs:[00000030h] 0_2_017DA2C3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA2C3 mov eax, dword ptr fs:[00000030h] 0_2_017DA2C3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA2C3 mov eax, dword ptr fs:[00000030h] 0_2_017DA2C3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01858243 mov eax, dword ptr fs:[00000030h] 0_2_01858243
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01858243 mov ecx, dword ptr fs:[00000030h] 0_2_01858243
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0188A250 mov eax, dword ptr fs:[00000030h] 0_2_0188A250
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0188A250 mov eax, dword ptr fs:[00000030h] 0_2_0188A250
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E02A0 mov eax, dword ptr fs:[00000030h] 0_2_017E02A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E02A0 mov eax, dword ptr fs:[00000030h] 0_2_017E02A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01880274 mov eax, dword ptr fs:[00000030h] 0_2_01880274
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01804588 mov eax, dword ptr fs:[00000030h] 0_2_01804588
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E59C mov eax, dword ptr fs:[00000030h] 0_2_0180E59C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018505A7 mov eax, dword ptr fs:[00000030h] 0_2_018505A7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018505A7 mov eax, dword ptr fs:[00000030h] 0_2_018505A7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018505A7 mov eax, dword ptr fs:[00000030h] 0_2_018505A7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8550 mov eax, dword ptr fs:[00000030h] 0_2_017D8550
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8550 mov eax, dword ptr fs:[00000030h] 0_2_017D8550
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE53E mov eax, dword ptr fs:[00000030h] 0_2_017FE53E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE53E mov eax, dword ptr fs:[00000030h] 0_2_017FE53E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE53E mov eax, dword ptr fs:[00000030h] 0_2_017FE53E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE53E mov eax, dword ptr fs:[00000030h] 0_2_017FE53E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE53E mov eax, dword ptr fs:[00000030h] 0_2_017FE53E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h] 0_2_017E0535
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h] 0_2_017E0535
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h] 0_2_017E0535
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h] 0_2_017E0535
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h] 0_2_017E0535
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0535 mov eax, dword ptr fs:[00000030h] 0_2_017E0535
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E5CF mov eax, dword ptr fs:[00000030h] 0_2_0180E5CF
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E5CF mov eax, dword ptr fs:[00000030h] 0_2_0180E5CF
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A5D0 mov eax, dword ptr fs:[00000030h] 0_2_0180A5D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A5D0 mov eax, dword ptr fs:[00000030h] 0_2_0180A5D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180C5ED mov eax, dword ptr fs:[00000030h] 0_2_0180C5ED
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180C5ED mov eax, dword ptr fs:[00000030h] 0_2_0180C5ED
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01866500 mov eax, dword ptr fs:[00000030h] 0_2_01866500
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h] 0_2_018A4500
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h] 0_2_018A4500
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h] 0_2_018A4500
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h] 0_2_018A4500
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h] 0_2_018A4500
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h] 0_2_018A4500
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A4500 mov eax, dword ptr fs:[00000030h] 0_2_018A4500
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h] 0_2_017FE5E7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h] 0_2_017FE5E7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h] 0_2_017FE5E7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h] 0_2_017FE5E7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h] 0_2_017FE5E7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h] 0_2_017FE5E7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h] 0_2_017FE5E7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE5E7 mov eax, dword ptr fs:[00000030h] 0_2_017FE5E7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D25E0 mov eax, dword ptr fs:[00000030h] 0_2_017D25E0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D65D0 mov eax, dword ptr fs:[00000030h] 0_2_017D65D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F45B1 mov eax, dword ptr fs:[00000030h] 0_2_017F45B1
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F45B1 mov eax, dword ptr fs:[00000030h] 0_2_017F45B1
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180656A mov eax, dword ptr fs:[00000030h] 0_2_0180656A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180656A mov eax, dword ptr fs:[00000030h] 0_2_0180656A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180656A mov eax, dword ptr fs:[00000030h] 0_2_0180656A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D2582 mov eax, dword ptr fs:[00000030h] 0_2_017D2582
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D2582 mov ecx, dword ptr fs:[00000030h] 0_2_017D2582
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FA470 mov eax, dword ptr fs:[00000030h] 0_2_017FA470
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FA470 mov eax, dword ptr fs:[00000030h] 0_2_017FA470
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FA470 mov eax, dword ptr fs:[00000030h] 0_2_017FA470
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0188A49A mov eax, dword ptr fs:[00000030h] 0_2_0188A49A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017C645D mov eax, dword ptr fs:[00000030h] 0_2_017C645D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F245A mov eax, dword ptr fs:[00000030h] 0_2_017F245A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018044B0 mov ecx, dword ptr fs:[00000030h] 0_2_018044B0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185A4B0 mov eax, dword ptr fs:[00000030h] 0_2_0185A4B0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CC427 mov eax, dword ptr fs:[00000030h] 0_2_017CC427
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CE420 mov eax, dword ptr fs:[00000030h] 0_2_017CE420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CE420 mov eax, dword ptr fs:[00000030h] 0_2_017CE420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CE420 mov eax, dword ptr fs:[00000030h] 0_2_017CE420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01808402 mov eax, dword ptr fs:[00000030h] 0_2_01808402
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01808402 mov eax, dword ptr fs:[00000030h] 0_2_01808402
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01808402 mov eax, dword ptr fs:[00000030h] 0_2_01808402
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D04E5 mov ecx, dword ptr fs:[00000030h] 0_2_017D04E5
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01856420 mov eax, dword ptr fs:[00000030h] 0_2_01856420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01856420 mov eax, dword ptr fs:[00000030h] 0_2_01856420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01856420 mov eax, dword ptr fs:[00000030h] 0_2_01856420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01856420 mov eax, dword ptr fs:[00000030h] 0_2_01856420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01856420 mov eax, dword ptr fs:[00000030h] 0_2_01856420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01856420 mov eax, dword ptr fs:[00000030h] 0_2_01856420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01856420 mov eax, dword ptr fs:[00000030h] 0_2_01856420
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A430 mov eax, dword ptr fs:[00000030h] 0_2_0180A430
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h] 0_2_0180E443
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h] 0_2_0180E443
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h] 0_2_0180E443
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h] 0_2_0180E443
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h] 0_2_0180E443
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h] 0_2_0180E443
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h] 0_2_0180E443
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180E443 mov eax, dword ptr fs:[00000030h] 0_2_0180E443
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D64AB mov eax, dword ptr fs:[00000030h] 0_2_017D64AB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0188A456 mov eax, dword ptr fs:[00000030h] 0_2_0188A456
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185C460 mov ecx, dword ptr fs:[00000030h] 0_2_0185C460
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187678E mov eax, dword ptr fs:[00000030h] 0_2_0187678E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8770 mov eax, dword ptr fs:[00000030h] 0_2_017D8770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0770 mov eax, dword ptr fs:[00000030h] 0_2_017E0770
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018847A0 mov eax, dword ptr fs:[00000030h] 0_2_018847A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0750 mov eax, dword ptr fs:[00000030h] 0_2_017D0750
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018507C3 mov eax, dword ptr fs:[00000030h] 0_2_018507C3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185E7E1 mov eax, dword ptr fs:[00000030h] 0_2_0185E7E1
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0710 mov eax, dword ptr fs:[00000030h] 0_2_017D0710
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180C700 mov eax, dword ptr fs:[00000030h] 0_2_0180C700
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D47FB mov eax, dword ptr fs:[00000030h] 0_2_017D47FB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D47FB mov eax, dword ptr fs:[00000030h] 0_2_017D47FB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01800710 mov eax, dword ptr fs:[00000030h] 0_2_01800710
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F27ED mov eax, dword ptr fs:[00000030h] 0_2_017F27ED
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F27ED mov eax, dword ptr fs:[00000030h] 0_2_017F27ED
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F27ED mov eax, dword ptr fs:[00000030h] 0_2_017F27ED
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180C720 mov eax, dword ptr fs:[00000030h] 0_2_0180C720
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180C720 mov eax, dword ptr fs:[00000030h] 0_2_0180C720
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184C730 mov eax, dword ptr fs:[00000030h] 0_2_0184C730
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180273C mov eax, dword ptr fs:[00000030h] 0_2_0180273C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180273C mov ecx, dword ptr fs:[00000030h] 0_2_0180273C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180273C mov eax, dword ptr fs:[00000030h] 0_2_0180273C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DC7C0 mov eax, dword ptr fs:[00000030h] 0_2_017DC7C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180674D mov esi, dword ptr fs:[00000030h] 0_2_0180674D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180674D mov eax, dword ptr fs:[00000030h] 0_2_0180674D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180674D mov eax, dword ptr fs:[00000030h] 0_2_0180674D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01854755 mov eax, dword ptr fs:[00000030h] 0_2_01854755
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812750 mov eax, dword ptr fs:[00000030h] 0_2_01812750
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812750 mov eax, dword ptr fs:[00000030h] 0_2_01812750
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D07AF mov eax, dword ptr fs:[00000030h] 0_2_017D07AF
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185E75D mov eax, dword ptr fs:[00000030h] 0_2_0185E75D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180C6A6 mov eax, dword ptr fs:[00000030h] 0_2_0180C6A6
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018066B0 mov eax, dword ptr fs:[00000030h] 0_2_018066B0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EC640 mov eax, dword ptr fs:[00000030h] 0_2_017EC640
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A6C7 mov ebx, dword ptr fs:[00000030h] 0_2_0180A6C7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A6C7 mov eax, dword ptr fs:[00000030h] 0_2_0180A6C7
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D262C mov eax, dword ptr fs:[00000030h] 0_2_017D262C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017EE627 mov eax, dword ptr fs:[00000030h] 0_2_017EE627
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018506F1 mov eax, dword ptr fs:[00000030h] 0_2_018506F1
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018506F1 mov eax, dword ptr fs:[00000030h] 0_2_018506F1
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E260B mov eax, dword ptr fs:[00000030h] 0_2_017E260B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E260B mov eax, dword ptr fs:[00000030h] 0_2_017E260B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E260B mov eax, dword ptr fs:[00000030h] 0_2_017E260B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E260B mov eax, dword ptr fs:[00000030h] 0_2_017E260B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E260B mov eax, dword ptr fs:[00000030h] 0_2_017E260B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E260B mov eax, dword ptr fs:[00000030h] 0_2_017E260B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E260B mov eax, dword ptr fs:[00000030h] 0_2_017E260B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0184E6F2
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0184E6F2
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0184E6F2
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0184E6F2
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E609 mov eax, dword ptr fs:[00000030h] 0_2_0184E609
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01812619 mov eax, dword ptr fs:[00000030h] 0_2_01812619
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01806620 mov eax, dword ptr fs:[00000030h] 0_2_01806620
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01808620 mov eax, dword ptr fs:[00000030h] 0_2_01808620
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A660 mov eax, dword ptr fs:[00000030h] 0_2_0180A660
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A660 mov eax, dword ptr fs:[00000030h] 0_2_0180A660
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189866E mov eax, dword ptr fs:[00000030h] 0_2_0189866E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189866E mov eax, dword ptr fs:[00000030h] 0_2_0189866E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D4690 mov eax, dword ptr fs:[00000030h] 0_2_017D4690
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D4690 mov eax, dword ptr fs:[00000030h] 0_2_017D4690
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01802674 mov eax, dword ptr fs:[00000030h] 0_2_01802674
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F6962 mov eax, dword ptr fs:[00000030h] 0_2_017F6962
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F6962 mov eax, dword ptr fs:[00000030h] 0_2_017F6962
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F6962 mov eax, dword ptr fs:[00000030h] 0_2_017F6962
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018589B3 mov esi, dword ptr fs:[00000030h] 0_2_018589B3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018589B3 mov eax, dword ptr fs:[00000030h] 0_2_018589B3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018589B3 mov eax, dword ptr fs:[00000030h] 0_2_018589B3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018669C0 mov eax, dword ptr fs:[00000030h] 0_2_018669C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018049D0 mov eax, dword ptr fs:[00000030h] 0_2_018049D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189A9D3 mov eax, dword ptr fs:[00000030h] 0_2_0189A9D3
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017C8918 mov eax, dword ptr fs:[00000030h] 0_2_017C8918
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017C8918 mov eax, dword ptr fs:[00000030h] 0_2_017C8918
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185E9E0 mov eax, dword ptr fs:[00000030h] 0_2_0185E9E0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018029F9 mov eax, dword ptr fs:[00000030h] 0_2_018029F9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018029F9 mov eax, dword ptr fs:[00000030h] 0_2_018029F9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E908 mov eax, dword ptr fs:[00000030h] 0_2_0184E908
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184E908 mov eax, dword ptr fs:[00000030h] 0_2_0184E908
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185C912 mov eax, dword ptr fs:[00000030h] 0_2_0185C912
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h] 0_2_017DA9D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h] 0_2_017DA9D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h] 0_2_017DA9D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h] 0_2_017DA9D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h] 0_2_017DA9D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DA9D0 mov eax, dword ptr fs:[00000030h] 0_2_017DA9D0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0186892B mov eax, dword ptr fs:[00000030h] 0_2_0186892B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185892A mov eax, dword ptr fs:[00000030h] 0_2_0185892A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01850946 mov eax, dword ptr fs:[00000030h] 0_2_01850946
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D09AD mov eax, dword ptr fs:[00000030h] 0_2_017D09AD
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D09AD mov eax, dword ptr fs:[00000030h] 0_2_017D09AD
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E29A0 mov eax, dword ptr fs:[00000030h] 0_2_017E29A0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0181096E mov eax, dword ptr fs:[00000030h] 0_2_0181096E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0181096E mov edx, dword ptr fs:[00000030h] 0_2_0181096E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0181096E mov eax, dword ptr fs:[00000030h] 0_2_0181096E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185C97C mov eax, dword ptr fs:[00000030h] 0_2_0185C97C
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01874978 mov eax, dword ptr fs:[00000030h] 0_2_01874978
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01874978 mov eax, dword ptr fs:[00000030h] 0_2_01874978
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185C89D mov eax, dword ptr fs:[00000030h] 0_2_0185C89D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D4859 mov eax, dword ptr fs:[00000030h] 0_2_017D4859
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D4859 mov eax, dword ptr fs:[00000030h] 0_2_017D4859
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E2840 mov ecx, dword ptr fs:[00000030h] 0_2_017E2840
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F2835 mov eax, dword ptr fs:[00000030h] 0_2_017F2835
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F2835 mov eax, dword ptr fs:[00000030h] 0_2_017F2835
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F2835 mov eax, dword ptr fs:[00000030h] 0_2_017F2835
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F2835 mov ecx, dword ptr fs:[00000030h] 0_2_017F2835
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F2835 mov eax, dword ptr fs:[00000030h] 0_2_017F2835
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F2835 mov eax, dword ptr fs:[00000030h] 0_2_017F2835
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189A8E4 mov eax, dword ptr fs:[00000030h] 0_2_0189A8E4
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180C8F9 mov eax, dword ptr fs:[00000030h] 0_2_0180C8F9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180C8F9 mov eax, dword ptr fs:[00000030h] 0_2_0180C8F9
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185C810 mov eax, dword ptr fs:[00000030h] 0_2_0185C810
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180A830 mov eax, dword ptr fs:[00000030h] 0_2_0180A830
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187483A mov eax, dword ptr fs:[00000030h] 0_2_0187483A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187483A mov eax, dword ptr fs:[00000030h] 0_2_0187483A
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FE8C0 mov eax, dword ptr fs:[00000030h] 0_2_017FE8C0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01800854 mov eax, dword ptr fs:[00000030h] 0_2_01800854
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01866870 mov eax, dword ptr fs:[00000030h] 0_2_01866870
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01866870 mov eax, dword ptr fs:[00000030h] 0_2_01866870
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185E872 mov eax, dword ptr fs:[00000030h] 0_2_0185E872
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185E872 mov eax, dword ptr fs:[00000030h] 0_2_0185E872
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0887 mov eax, dword ptr fs:[00000030h] 0_2_017D0887
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017CCB7E mov eax, dword ptr fs:[00000030h] 0_2_017CCB7E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01884BB0 mov eax, dword ptr fs:[00000030h] 0_2_01884BB0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01884BB0 mov eax, dword ptr fs:[00000030h] 0_2_01884BB0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187EBD0 mov eax, dword ptr fs:[00000030h] 0_2_0187EBD0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FEB20 mov eax, dword ptr fs:[00000030h] 0_2_017FEB20
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FEB20 mov eax, dword ptr fs:[00000030h] 0_2_017FEB20
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185CBF0 mov eax, dword ptr fs:[00000030h] 0_2_0185CBF0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FEBFC mov eax, dword ptr fs:[00000030h] 0_2_017FEBFC
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8BF0 mov eax, dword ptr fs:[00000030h] 0_2_017D8BF0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8BF0 mov eax, dword ptr fs:[00000030h] 0_2_017D8BF0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8BF0 mov eax, dword ptr fs:[00000030h] 0_2_017D8BF0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h] 0_2_0184EB1D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h] 0_2_0184EB1D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h] 0_2_0184EB1D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h] 0_2_0184EB1D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h] 0_2_0184EB1D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h] 0_2_0184EB1D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h] 0_2_0184EB1D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h] 0_2_0184EB1D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184EB1D mov eax, dword ptr fs:[00000030h] 0_2_0184EB1D
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01898B28 mov eax, dword ptr fs:[00000030h] 0_2_01898B28
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01898B28 mov eax, dword ptr fs:[00000030h] 0_2_01898B28
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0BCD mov eax, dword ptr fs:[00000030h] 0_2_017D0BCD
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0BCD mov eax, dword ptr fs:[00000030h] 0_2_017D0BCD
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0BCD mov eax, dword ptr fs:[00000030h] 0_2_017D0BCD
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F0BCB mov eax, dword ptr fs:[00000030h] 0_2_017F0BCB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F0BCB mov eax, dword ptr fs:[00000030h] 0_2_017F0BCB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F0BCB mov eax, dword ptr fs:[00000030h] 0_2_017F0BCB
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0BBE mov eax, dword ptr fs:[00000030h] 0_2_017E0BBE
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0BBE mov eax, dword ptr fs:[00000030h] 0_2_017E0BBE
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01884B4B mov eax, dword ptr fs:[00000030h] 0_2_01884B4B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01884B4B mov eax, dword ptr fs:[00000030h] 0_2_01884B4B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01878B42 mov eax, dword ptr fs:[00000030h] 0_2_01878B42
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01866B40 mov eax, dword ptr fs:[00000030h] 0_2_01866B40
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01866B40 mov eax, dword ptr fs:[00000030h] 0_2_01866B40
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0189AB40 mov eax, dword ptr fs:[00000030h] 0_2_0189AB40
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187EB50 mov eax, dword ptr fs:[00000030h] 0_2_0187EB50
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_018A4A80 mov eax, dword ptr fs:[00000030h] 0_2_018A4A80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01808A90 mov edx, dword ptr fs:[00000030h] 0_2_01808A90
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0A5B mov eax, dword ptr fs:[00000030h] 0_2_017E0A5B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017E0A5B mov eax, dword ptr fs:[00000030h] 0_2_017E0A5B
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01826AA4 mov eax, dword ptr fs:[00000030h] 0_2_01826AA4
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h] 0_2_017D6A50
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h] 0_2_017D6A50
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h] 0_2_017D6A50
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h] 0_2_017D6A50
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h] 0_2_017D6A50
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h] 0_2_017D6A50
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D6A50 mov eax, dword ptr fs:[00000030h] 0_2_017D6A50
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F4A35 mov eax, dword ptr fs:[00000030h] 0_2_017F4A35
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017F4A35 mov eax, dword ptr fs:[00000030h] 0_2_017F4A35
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01826ACC mov eax, dword ptr fs:[00000030h] 0_2_01826ACC
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01826ACC mov eax, dword ptr fs:[00000030h] 0_2_01826ACC
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01826ACC mov eax, dword ptr fs:[00000030h] 0_2_01826ACC
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01804AD0 mov eax, dword ptr fs:[00000030h] 0_2_01804AD0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01804AD0 mov eax, dword ptr fs:[00000030h] 0_2_01804AD0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017FEA2E mov eax, dword ptr fs:[00000030h] 0_2_017FEA2E
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180AAEE mov eax, dword ptr fs:[00000030h] 0_2_0180AAEE
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180AAEE mov eax, dword ptr fs:[00000030h] 0_2_0180AAEE
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0185CA11 mov eax, dword ptr fs:[00000030h] 0_2_0185CA11
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180CA24 mov eax, dword ptr fs:[00000030h] 0_2_0180CA24
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0AD0 mov eax, dword ptr fs:[00000030h] 0_2_017D0AD0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180CA38 mov eax, dword ptr fs:[00000030h] 0_2_0180CA38
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8AA0 mov eax, dword ptr fs:[00000030h] 0_2_017D8AA0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8AA0 mov eax, dword ptr fs:[00000030h] 0_2_017D8AA0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0187EA60 mov eax, dword ptr fs:[00000030h] 0_2_0187EA60
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180CA6F mov eax, dword ptr fs:[00000030h] 0_2_0180CA6F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180CA6F mov eax, dword ptr fs:[00000030h] 0_2_0180CA6F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0180CA6F mov eax, dword ptr fs:[00000030h] 0_2_0180CA6F
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184CA72 mov eax, dword ptr fs:[00000030h] 0_2_0184CA72
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_0184CA72 mov eax, dword ptr fs:[00000030h] 0_2_0184CA72
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h] 0_2_017DEA80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h] 0_2_017DEA80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h] 0_2_017DEA80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h] 0_2_017DEA80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h] 0_2_017DEA80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h] 0_2_017DEA80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h] 0_2_017DEA80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h] 0_2_017DEA80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017DEA80 mov eax, dword ptr fs:[00000030h] 0_2_017DEA80
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_01806DA0 mov eax, dword ptr fs:[00000030h] 0_2_01806DA0
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0D59 mov eax, dword ptr fs:[00000030h] 0_2_017D0D59
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0D59 mov eax, dword ptr fs:[00000030h] 0_2_017D0D59
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D0D59 mov eax, dword ptr fs:[00000030h] 0_2_017D0D59
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8D59 mov eax, dword ptr fs:[00000030h] 0_2_017D8D59
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8D59 mov eax, dword ptr fs:[00000030h] 0_2_017D8D59
Source: C:\Users\user\Desktop\YHcZGpLBUw.exe Code function: 0_2_017D8D59 mov eax, dword ptr fs:[00000030h] 0_2_017D8D59
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.3.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.3.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.3.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.3.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 0.2.YHcZGpLBUw.exe.210000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1801110770.0000000000211000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1410997 Sample: YHcZGpLBUw.exe Startdate: 18/03/2024 Architecture: WINDOWS Score: 76 10 Malicious sample detected (through community Yara rule) 2->10 12 Antivirus / Scanner detection for submitted sample 2->12 14 Multi AV Scanner detection for submitted file 2->14 16 2 other signatures 2->16 6 YHcZGpLBUw.exe 2->6         started        process3 process4 8 WerFault.exe 21 16 6->8         started       
No contacted IP infos