Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ulQGCeP6wq.exe

Overview

General Information

Sample name:ulQGCeP6wq.exe
renamed because original name is a hash value
Original sample name:f4c43d3226246f970d2f7aa8152317b47021989a344b58c2df96014e385655e1.exe
Analysis ID:1633597
MD5:ffbc8b2d7da37ce14f5322a082204258
SHA1:2e31cbadb978045bd25729ef1db538e42ff1288a
SHA256:f4c43d3226246f970d2f7aa8152317b47021989a344b58c2df96014e385655e1
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ulQGCeP6wq.exe (PID: 7236 cmdline: "C:\Users\user\Desktop\ulQGCeP6wq.exe" MD5: FFBC8B2D7DA37CE14F5322A082204258)
    • ulQGCeP6wq.exe (PID: 7360 cmdline: "C:\Users\user\Desktop\ulQGCeP6wq.exe" MD5: FFBC8B2D7DA37CE14F5322A082204258)
    • ulQGCeP6wq.exe (PID: 7368 cmdline: "C:\Users\user\Desktop\ulQGCeP6wq.exe" MD5: FFBC8B2D7DA37CE14F5322A082204258)
      • L2mAf1MzZG7.exe (PID: 1020 cmdline: "C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\LM5kpV6VsQ3SP.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
        • wiaacmgr.exe (PID: 8156 cmdline: "C:\Windows\SysWOW64\wiaacmgr.exe" MD5: 2F1D379CE47E920BDDD2C50214457E0F)
          • L2mAf1MzZG7.exe (PID: 5296 cmdline: "C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\Iuioh5SBX7qtK.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
          • firefox.exe (PID: 2904 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1368864211.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000E.00000002.3454308235.0000000004B60000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000D.00000002.3452631025.00000000048F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000D.00000002.3450449095.0000000002A50000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000003.00000002.1369494752.0000000000FC0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.ulQGCeP6wq.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              3.2.ulQGCeP6wq.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-10T14:08:20.479703+010028554651A Network Trojan was detected192.168.2.849692188.114.96.380TCP
                2025-03-10T14:08:43.721351+010028554651A Network Trojan was detected192.168.2.84969713.248.169.4880TCP
                2025-03-10T14:08:56.916167+010028554651A Network Trojan was detected192.168.2.8497013.33.130.19080TCP
                2025-03-10T14:09:10.135793+010028554651A Network Trojan was detected192.168.2.84970513.248.169.4880TCP
                2025-03-10T14:09:23.331786+010028554651A Network Trojan was detected192.168.2.84970913.248.169.4880TCP
                2025-03-10T14:09:36.747478+010028554651A Network Trojan was detected192.168.2.849713188.114.97.380TCP
                2025-03-10T14:09:49.910052+010028554651A Network Trojan was detected192.168.2.8497173.33.130.19080TCP
                2025-03-10T14:10:03.917345+010028554651A Network Trojan was detected192.168.2.849721199.115.115.280TCP
                2025-03-10T14:10:17.248694+010028554651A Network Trojan was detected192.168.2.849725203.161.42.7380TCP
                2025-03-10T14:10:30.549241+010028554651A Network Trojan was detected192.168.2.84972913.248.169.4880TCP
                2025-03-10T14:10:43.728592+010028554651A Network Trojan was detected192.168.2.84973313.248.169.4880TCP
                2025-03-10T14:10:57.786092+010028554651A Network Trojan was detected192.168.2.849737208.91.197.2780TCP
                2025-03-10T14:11:11.058515+010028554651A Network Trojan was detected192.168.2.84974113.248.169.4880TCP
                2025-03-10T14:11:24.472178+010028554651A Network Trojan was detected192.168.2.84974515.197.172.6080TCP
                2025-03-10T14:11:38.289956+010028554651A Network Trojan was detected192.168.2.84974968.66.216.5280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-10T14:08:36.044326+010028554641A Network Trojan was detected192.168.2.84969413.248.169.4880TCP
                2025-03-10T14:08:38.584820+010028554641A Network Trojan was detected192.168.2.84969513.248.169.4880TCP
                2025-03-10T14:08:41.164195+010028554641A Network Trojan was detected192.168.2.84969613.248.169.4880TCP
                2025-03-10T14:08:49.232804+010028554641A Network Trojan was detected192.168.2.8496983.33.130.19080TCP
                2025-03-10T14:08:51.803718+010028554641A Network Trojan was detected192.168.2.8496993.33.130.19080TCP
                2025-03-10T14:08:54.357403+010028554641A Network Trojan was detected192.168.2.8497003.33.130.19080TCP
                2025-03-10T14:09:02.446743+010028554641A Network Trojan was detected192.168.2.84970213.248.169.4880TCP
                2025-03-10T14:09:05.015074+010028554641A Network Trojan was detected192.168.2.84970313.248.169.4880TCP
                2025-03-10T14:09:07.562913+010028554641A Network Trojan was detected192.168.2.84970413.248.169.4880TCP
                2025-03-10T14:09:15.669839+010028554641A Network Trojan was detected192.168.2.84970613.248.169.4880TCP
                2025-03-10T14:09:18.226245+010028554641A Network Trojan was detected192.168.2.84970713.248.169.4880TCP
                2025-03-10T14:09:20.773459+010028554641A Network Trojan was detected192.168.2.84970813.248.169.4880TCP
                2025-03-10T14:09:29.104596+010028554641A Network Trojan was detected192.168.2.849710188.114.97.380TCP
                2025-03-10T14:09:31.675661+010028554641A Network Trojan was detected192.168.2.849711188.114.97.380TCP
                2025-03-10T14:09:34.192498+010028554641A Network Trojan was detected192.168.2.849712188.114.97.380TCP
                2025-03-10T14:09:42.273412+010028554641A Network Trojan was detected192.168.2.8497143.33.130.19080TCP
                2025-03-10T14:09:44.817050+010028554641A Network Trojan was detected192.168.2.8497153.33.130.19080TCP
                2025-03-10T14:09:47.393151+010028554641A Network Trojan was detected192.168.2.8497163.33.130.19080TCP
                2025-03-10T14:09:55.628214+010028554641A Network Trojan was detected192.168.2.849718199.115.115.280TCP
                2025-03-10T14:09:58.177549+010028554641A Network Trojan was detected192.168.2.849719199.115.115.280TCP
                2025-03-10T14:10:00.897308+010028554641A Network Trojan was detected192.168.2.849720199.115.115.280TCP
                2025-03-10T14:10:09.603227+010028554641A Network Trojan was detected192.168.2.849722203.161.42.7380TCP
                2025-03-10T14:10:12.154434+010028554641A Network Trojan was detected192.168.2.849723203.161.42.7380TCP
                2025-03-10T14:10:14.677774+010028554641A Network Trojan was detected192.168.2.849724203.161.42.7380TCP
                2025-03-10T14:10:22.849983+010028554641A Network Trojan was detected192.168.2.84972613.248.169.4880TCP
                2025-03-10T14:10:25.430954+010028554641A Network Trojan was detected192.168.2.84972713.248.169.4880TCP
                2025-03-10T14:10:28.009850+010028554641A Network Trojan was detected192.168.2.84972813.248.169.4880TCP
                2025-03-10T14:10:36.066270+010028554641A Network Trojan was detected192.168.2.84973013.248.169.4880TCP
                2025-03-10T14:10:38.627169+010028554641A Network Trojan was detected192.168.2.84973113.248.169.4880TCP
                2025-03-10T14:10:41.159181+010028554641A Network Trojan was detected192.168.2.84973213.248.169.4880TCP
                2025-03-10T14:10:49.573998+010028554641A Network Trojan was detected192.168.2.849734208.91.197.2780TCP
                2025-03-10T14:10:52.139686+010028554641A Network Trojan was detected192.168.2.849735208.91.197.2780TCP
                2025-03-10T14:10:54.704671+010028554641A Network Trojan was detected192.168.2.849736208.91.197.2780TCP
                2025-03-10T14:11:03.415847+010028554641A Network Trojan was detected192.168.2.84973813.248.169.4880TCP
                2025-03-10T14:11:06.006599+010028554641A Network Trojan was detected192.168.2.84973913.248.169.4880TCP
                2025-03-10T14:11:08.514017+010028554641A Network Trojan was detected192.168.2.84974013.248.169.4880TCP
                2025-03-10T14:11:16.834690+010028554641A Network Trojan was detected192.168.2.84974215.197.172.6080TCP
                2025-03-10T14:11:19.405434+010028554641A Network Trojan was detected192.168.2.84974315.197.172.6080TCP
                2025-03-10T14:11:21.910125+010028554641A Network Trojan was detected192.168.2.84974415.197.172.6080TCP
                2025-03-10T14:11:30.124779+010028554641A Network Trojan was detected192.168.2.84974668.66.216.5280TCP
                2025-03-10T14:11:32.702417+010028554641A Network Trojan was detected192.168.2.84974768.66.216.5280TCP
                2025-03-10T14:11:35.737946+010028554641A Network Trojan was detected192.168.2.84974868.66.216.5280TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: ulQGCeP6wq.exeAvira: detected
                Antivirus detection for URL or domain
                Source: http://www.specialblockchain.xyz/71ew/?GtW0S=F62DssAaSBXl47FrM8t8pcOAHTSZxMiylQ4LvoBPcjMTKxdljQQb/6K5LtOxo7hYkzR0hOl+xy8fY2eWT2wGUuXM9joMLK5Ize4RBdA6l/ann8UONmjIwBM/LYrSf/QruA==&BFvhS=bDWhdNAvira URL Cloud: Label: malware
                Source: http://www.specialblockchain.xyz/71ew/Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: ulQGCeP6wq.exeVirustotal: Detection: 83%Perma Link
                Source: ulQGCeP6wq.exeReversingLabs: Detection: 76%
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.ulQGCeP6wq.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.ulQGCeP6wq.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1368864211.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3454308235.0000000004B60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3452631025.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3450449095.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1369494752.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3452552887.00000000048A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3452182714.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1372021275.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Joe Sandbox ML detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: ulQGCeP6wq.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: ulQGCeP6wq.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: Nstr.pdbSHA2562 source: ulQGCeP6wq.exe
                Source: Binary string: wntdll.pdbUGP source: ulQGCeP6wq.exe, 00000003.00000002.1369658603.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000003.1371610995.0000000004999000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000003.1369193620.00000000047E1000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3453029492.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3453029492.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: ulQGCeP6wq.exe, ulQGCeP6wq.exe, 00000003.00000002.1369658603.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, wiaacmgr.exe, wiaacmgr.exe, 0000000D.00000003.1371610995.0000000004999000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000003.1369193620.00000000047E1000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3453029492.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3453029492.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: Nstr.pdb source: ulQGCeP6wq.exe
                Source: Binary string: wiaacmgr.pdbGCTL source: ulQGCeP6wq.exe, 00000003.00000002.1369185991.0000000000C77000.00000004.00000020.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000C.00000002.3451074870.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wiaacmgr.pdb source: ulQGCeP6wq.exe, 00000003.00000002.1369185991.0000000000C77000.00000004.00000020.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000C.00000002.3451074870.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: L2mAf1MzZG7.exe, 0000000C.00000000.1292134237.000000000054F000.00000002.00000001.01000000.0000000C.sdmp, L2mAf1MzZG7.exe, 0000000E.00000000.1446105198.000000000054F000.00000002.00000001.01000000.0000000C.sdmp
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A6CDD0 FindFirstFileW,FindNextFileW,FindClose,13_2_02A6CDD0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 4x nop then jmp 06F4D8E7h1_2_06F4D034
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 4x nop then jmp 06F4D8E7h1_2_06F4D002
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 4x nop then xor eax, eax13_2_02A59F70
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 4x nop then pop edi13_2_02A5E9C8
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 4x nop then mov ebx, 00000004h13_2_049E04E8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49692 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49694 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49698 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49702 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49703 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49705 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49728 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49732 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49717 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49731 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49721 -> 199.115.115.2:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49723 -> 203.161.42.73:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49748 -> 68.66.216.52:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49729 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49727 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49724 -> 203.161.42.73:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49738 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49707 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49716 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49730 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49699 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49725 -> 203.161.42.73:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49714 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49701 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49739 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49700 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49736 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49742 -> 15.197.172.60:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49749 -> 68.66.216.52:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49708 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49735 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49711 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49696 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49695 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49734 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49704 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49697 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49737 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49712 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49713 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49709 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49710 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49722 -> 203.161.42.73:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49715 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49706 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49746 -> 68.66.216.52:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49718 -> 199.115.115.2:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49740 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49741 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49747 -> 68.66.216.52:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49726 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49745 -> 15.197.172.60:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49719 -> 199.115.115.2:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49743 -> 15.197.172.60:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49720 -> 199.115.115.2:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49733 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49744 -> 15.197.172.60:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.suheylamoda.xyz
                Source: DNS query: www.bursagrandfamily.xyz
                Source: DNS query: www.specialblockchain.xyz
                Source: DNS query: www.needethereum.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
                Source: Joe Sandbox ViewASN Name: LEASEWEB-USA-WDCUS LEASEWEB-USA-WDCUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /waic/?GtW0S=OwAE+uwHxEf6p0/WG0JnPeBl5Gw072seY7jdCRJfTnt7UpDs8JWxu3cBfXjpH2D8FSIn9OvlonvchRnqqO4ROS1I3qWRYB2FQyAs7Hebq+fn3SLcrlofgWaGwzV5qHUPiQ==&BFvhS=bDWhdN HTTP/1.1Host: www.fkrvhaupjtc.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /5z09/?GtW0S=+PCjSKArQKXXeZi6Qr9/eyIkYSRGc5g1OPmPOwopnXraLAxoM4y+UgyJjI6wIJ5Jq9nQlpUIaWdSfS6Qn8eKyySBGRVCAsq4YDUACrexnuPcDihHn5L8vDk1EkQVw8hCQA==&BFvhS=bDWhdN HTTP/1.1Host: www.yard.chatAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /4zxr/?BFvhS=bDWhdN&GtW0S=pm8L1Q5WEl/4YVByK8OG/fmUd+g5/wE0xOnM55YNIwZfCOAiglGaqM9p2uGaevVszuBjfzzK9hf5kLML8KCjJbC74X17nnmvfbEtc+MXNOaLh8KX2B7UQsdFLUeQkBGlcw== HTTP/1.1Host: www.valorpackaging.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /q2ol/?GtW0S=DoH9aL4zVOKpPk80V6mr9CSXIEUiv7yZK+hJVLLnWriefGamohR9dPbFRJTbpKXfWC/3r0c7FqsLH0boz9uSrKWYxU7pKZZhqVhmFeVHQ68xPpWMIX9RcPhyog6d9gjfTQ==&BFvhS=bDWhdN HTTP/1.1Host: www.suheylamoda.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /yldl/?BFvhS=bDWhdN&GtW0S=mljX5PRO5zw/QZ4qRoEEIBYVbC5lnLgu3sj6/pnrm/c0ENlV0L5ofONEbTm1POoc9/Vr3DzGQ/UQC913yFE9aLyqhn40oGm0epFoBxx0sTwfj+oaXcLLJyFgzdyWpfwEUA== HTTP/1.1Host: www.bursagrandfamily.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /a5hz/?GtW0S=i7ThJZ3xUE8OpiQF+JDy+g3BpPjqGiNHHziKYE8c0Rf3IjDWIVWtkfoM2k+XlRB9o1Tae9oBOUpM4kyvejsjf5p82rmcTPr54ewCrJrIt8C5lgd2knmwZdwCKMhJ/U4rIw==&BFvhS=bDWhdN HTTP/1.1Host: www.braposaldesk.cyouAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /u9nh/?BFvhS=bDWhdN&GtW0S=nTwn5TeDJJI8EVbprCJJ1rfCpUyT1tohU1HwIckCV0zxIJTIDjcQGmK/dWUKO1fAFuPVchYTHKx68Ltrac6QZ31QSiVyRpNaDdRUHzi2HbkG3DjfJKGM22oBfxjF6aoL2A== HTTP/1.1Host: www.eatdaba.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /cvig/?GtW0S=oH5LnBM0cnMSdzveTKA6XpMXkNevPLwh/iM5kEMSqvYNLuPX8yf19yYueh3IvrZ7h7IQwVdWGgtrPGVm6RdMIRalbvaV7H9jt9C5CCgQecpg7fGzukCaAgr6x32zEH7lRA==&BFvhS=bDWhdN HTTP/1.1Host: www.boldproductspot.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /httu/?BFvhS=bDWhdN&GtW0S=C65EGV9envHm8+5MObmTsSBUE6DJnlVHdzxV0aj6bLsFLBkavIgUQdsviu0u0zkeRpEmHw70C2KnLMDKwsnk7yHVj6ssmiBXSkbFv3smRh1kmRmLC0dd8QJyayL5PTYnQw== HTTP/1.1Host: www.nextpeak.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /71ew/?GtW0S=F62DssAaSBXl47FrM8t8pcOAHTSZxMiylQ4LvoBPcjMTKxdljQQb/6K5LtOxo7hYkzR0hOl+xy8fY2eWT2wGUuXM9joMLK5Ize4RBdA6l/ann8UONmjIwBM/LYrSf/QruA==&BFvhS=bDWhdN HTTP/1.1Host: www.specialblockchain.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /hae1/?GtW0S=q04VW04nVtD9FT11qBHKIzNdysqA8y5BfH6w0Hv+vPf8hkk1q5VqpgpQ7UIl8UpeJzIivA8Ook0sn7+5RhAf8CFEYfgPVQSK9DFtGXW5a73ZaWUqZ1fE3KYwNZJjSfjx9Q==&BFvhS=bDWhdN HTTP/1.1Host: www.needethereum.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /mu1l/?GtW0S=ABvdJTgTYZ/EXf0A6Sr6WIURc2Z7RVe9mmYeGF+vBqXnJQsydQwmbkTF68rKec0q1piydu2WXAt/U6JwxndwwwIO0ysNDF544WykWHltFh4gXOV3glqpHPnHEzhB26tGZg==&BFvhS=bDWhdN HTTP/1.1Host: www.calimade.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /ya0b/?BFvhS=bDWhdN&GtW0S=w5c6AMUNkKKT2xhSHylxeIXMYN5KSMVDonY3rZtnoYxW2D6BUycMMzYG/cSETfrn8/k2LWpJ65XOtMeAX1YC0xrtxlymw5T+R5Ypl056NHYmgD7wiFVJvGs5ZO4lo+3tog== HTTP/1.1Host: www.royalpets.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /3p28/?GtW0S=8bEjHipR5fPPdfvi/b2wF9xr04NiMDrP1t0/Uffda6k9sj3N19Dz+4uqm1J+VBcsF8CE9zd5eY6waJMkLrVSXu6/ccgEXrjph3VUxUf9szsqODrN2yWHLj0FndIednigyw==&BFvhS=bDWhdN HTTP/1.1Host: www.fandatv.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /u9p8/?GtW0S=hzhbH9ThGiM8VmMnwDfCODJ/dcZR362RFgOwjNPKsE2qM8VeKLXmgKEo3JdUhysF3Z6jpfXVsf4Wvb+twHw6aP/cgNclkl78IHDowbylKNd/ZRtU9NfozrdBnkmeyPBcYg==&BFvhS=bDWhdN HTTP/1.1Host: www.mayaheenterprise.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficDNS traffic detected: DNS query: www.fkrvhaupjtc.info
                Source: global trafficDNS traffic detected: DNS query: www.yard.chat
                Source: global trafficDNS traffic detected: DNS query: www.valorpackaging.shop
                Source: global trafficDNS traffic detected: DNS query: www.suheylamoda.xyz
                Source: global trafficDNS traffic detected: DNS query: www.bursagrandfamily.xyz
                Source: global trafficDNS traffic detected: DNS query: www.braposaldesk.cyou
                Source: global trafficDNS traffic detected: DNS query: www.eatdaba.shop
                Source: global trafficDNS traffic detected: DNS query: www.boldproductspot.shop
                Source: global trafficDNS traffic detected: DNS query: www.nextpeak.site
                Source: global trafficDNS traffic detected: DNS query: www.specialblockchain.xyz
                Source: global trafficDNS traffic detected: DNS query: www.needethereum.xyz
                Source: global trafficDNS traffic detected: DNS query: www.calimade.net
                Source: global trafficDNS traffic detected: DNS query: www.royalpets.shop
                Source: global trafficDNS traffic detected: DNS query: www.fandatv.net
                Source: global trafficDNS traffic detected: DNS query: www.mayaheenterprise.shop
                Source: unknownHTTP traffic detected: POST /5z09/ HTTP/1.1Host: www.yard.chatAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Origin: http://www.yard.chatCache-Control: no-cacheContent-Length: 206Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.yard.chat/5z09/User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MC40N0 Build/03-4AJ11-J-0900-0016-V0-M1-051415) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30Data Raw: 47 74 57 30 53 3d 7a 4e 71 44 52 2b 6f 74 52 39 53 43 56 61 4b 45 52 2b 70 36 48 54 38 4d 62 69 42 35 62 66 6b 65 4a 65 75 52 50 53 6c 34 70 52 66 73 48 7a 55 65 46 50 79 52 4d 41 6d 31 6a 71 69 5a 41 4d 52 4d 31 73 62 6f 6b 4c 77 53 66 6b 6c 6d 64 68 43 57 32 38 2b 74 74 51 50 62 48 32 55 77 65 35 71 36 41 47 56 59 56 4c 4b 33 6f 75 57 36 44 7a 56 41 6e 70 7a 43 70 54 78 6d 59 44 68 33 34 4d 73 54 4d 4f 42 70 56 6d 35 69 39 36 53 49 69 6c 78 54 2b 42 58 2f 75 36 4d 41 62 44 64 2f 5a 77 70 53 73 48 51 32 67 6f 76 36 41 54 58 6f 47 43 2b 2b 39 50 4c 6b 42 45 4b 70 58 70 4b 4f 54 47 4d 76 43 77 41 66 2b 6f 30 3d Data Ascii: GtW0S=zNqDR+otR9SCVaKER+p6HT8MbiB5bfkeJeuRPSl4pRfsHzUeFPyRMAm1jqiZAMRM1sbokLwSfklmdhCW28+ttQPbH2Uwe5q6AGVYVLK3ouW6DzVAnpzCpTxmYDh34MsTMOBpVm5i96SIilxT+BX/u6MAbDd/ZwpSsHQ2gov6ATXoGC++9PLkBEKpXpKOTGMvCwAf+o0=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Mar 2025 13:08:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CNUg5BTijjPSaZ9HN%2FhqF7VwgS%2F8%2F1ojp4vFXQlgJCXmnAHujU%2Frb7gKhZWFr8nUffTD8diXFwp%2F5WJkov4hLlioKOeY%2Bm5UWpHBC6iNdEtNsME1EotW0Aw8f%2FChLaPRSQ16tadLyQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e30a4a9d05dafc-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1676&min_rtt=1676&rtt_var=838&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=539&delivery_rate=0&cwnd=154&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: c4<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Mar 2025 13:09:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 28 Nov 2024 18:44:05 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=990hLHTjWrmezblRO%2BvdqBfvewtG7P0fQB57URZUtJb%2B5DcYgYEkK6JEXjwJ5x9PdPGlRmevEHjQ5y7x5DPULdO%2Fbob1BEOcvHAm445ImL1a2vp80mw3xgUWJOUFtLx%2B5hbtOfiQ4h4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e30bf77c735e7a-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2470&min_rtt=2470&rtt_var=1235&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=809&delivery_rate=0&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 65 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f db 36 10 7e cf af b8 a9 d8 b0 01 95 68 59 69 13 4b b2 80 cc 4e b0 02 5d 17 ac 2e b6 3e d2 d2 59 64 23 91 1a 79 92 ad 05 fd ef 05 25 c5 76 b0 ad 0f 43 a9 17 ea f8 dd f7 1d 0f f7 31 fd 6e fd db 6a f3 f1 fe 16 04 d5 15 dc 7f f8 f9 ed 9b 15 78 3e 63 7f 44 2b c6 d6 9b 35 fc f9 cb e6 d7 b7 10 06 33 78 4f 46 e6 c4 d8 ed 3b 0f 3c 41 d4 c4 8c ed f7 fb 60 1f 05 da 94 6c f3 3b 3b 38 96 d0 a5 4d 5b df 0e 39 41 41 85 97 5d a4 83 c8 a1 ae 94 5d fe 0b 41 b8 58 2c c6 3c cf 81 e2 8a ab 72 e9 a1 f2 e0 b8 cb 52 81 bc c8 2e 00 00 52 92 54 61 76 39 bb 84 1f ea 82 5b 91 c0 3b 4d 70 a7 5b 55 a4 6c 3c 1c 81 35 12 07 a7 e7 e3 5f ad ec 96 de 4a 2b 42 45 fe a6 6f d0 83 7c fc 5b 7a 84 07 62 4e 3f 81 5c 70 63 91 96 1f 36 77 fe b5 c7 ce 89 14 af 71 e9 15 68 73 23 1b 92 5a 9d 31 bc d7 c6 f4 2f a1 e1 25 82 d2 04 3b 57 cc 31 dd 52 5f 21 50 df e0 a4 95 5b eb 8d 67 6e 6d 75 d1 c3 e3 4e 2b f2 ad fc 1b e3 f0 b2 39 24 90 eb 4a 9b f8 c5 d5 b0 12 18 8e 77 bc 96 55 1f 73 23 79 95 80 a3 f2 79 25 4b 15 e7 a8 08 4d f2 f9 c8 29 c2 67 8c d7 b3 33 ca c5 e2 e6 ea e6 Data Ascii: 2ecTQo6~hYiKN].>Yd#y%vC1njx>cD+53xOF;<A`l;;8M[9AA]]AX,<rR.RTav9[;Mp[Ul<5_J+BEo|[zbN?\pc6wqhs#Z1/%;W1R_!P[gnmuN+9$JwUs#yy%KM)g3
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Mar 2025 13:09:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 28 Nov 2024 18:44:05 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q1ymTrcH67jRbiSBMGjKnFxq82rVvahM6BbngNkUPZbklVhzUSxEh3%2Bz%2FV4h%2Bv1tr88Vlao3CHBAItkEpap9IPKG7uSp%2FZ2f2rEOjMj4xmmwhAhimpZmzbggTlUNePPod4mKFwD3Mvw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e30c078c1a42b3-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1716&min_rtt=1716&rtt_var=858&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=829&delivery_rate=0&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 65 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f db 36 10 7e cf af b8 a9 d8 b0 01 95 68 59 69 13 4b b2 80 cc 4e b0 02 5d 17 ac 2e b6 3e d2 d2 59 64 23 91 1a 79 92 ad 05 fd ef 05 25 c5 76 b0 ad 0f 43 a9 17 ea f8 dd f7 1d 0f f7 31 fd 6e fd db 6a f3 f1 fe 16 04 d5 15 dc 7f f8 f9 ed 9b 15 78 3e 63 7f 44 2b c6 d6 9b 35 fc f9 cb e6 d7 b7 10 06 33 78 4f 46 e6 c4 d8 ed 3b 0f 3c 41 d4 c4 8c ed f7 fb 60 1f 05 da 94 6c f3 3b 3b 38 96 d0 a5 4d 5b df 0e 39 41 41 85 97 5d a4 83 c8 a1 ae 94 5d fe 0b 41 b8 58 2c c6 3c cf 81 e2 8a ab 72 e9 a1 f2 e0 b8 cb 52 81 bc c8 2e 00 00 52 92 54 61 76 39 bb 84 1f ea 82 5b 91 c0 3b 4d 70 a7 5b 55 a4 6c 3c 1c 81 35 12 07 a7 e7 e3 5f ad ec 96 de 4a 2b 42 45 fe a6 6f d0 83 7c fc 5b 7a 84 07 62 4e 3f 81 5c 70 63 91 96 1f 36 77 fe b5 c7 ce 89 14 af 71 e9 15 68 73 23 1b 92 5a 9d 31 bc d7 c6 f4 2f a1 e1 25 82 d2 04 3b 57 cc 31 dd 52 5f 21 50 df e0 a4 95 5b eb 8d 67 6e 6d 75 d1 c3 e3 4e 2b f2 ad fc 1b e3 f0 b2 39 24 90 eb 4a 9b f8 c5 d5 b0 12 18 8e 77 bc 96 55 1f 73 23 79 95 80 a3 f2 79 25 4b 15 e7 a8 08 4d f2 f9 c8 29 c2 67 8c d7 b3 33 ca c5 e2 e6 ea e6 2e Data Ascii: 2ecTQo6~hYiKN].>Yd#y%vC1njx>cD+53xOF;<A`l;;8M[9AA]]AX,<rR.RTav9[;Mp[Ul<5_J+BEo|[zbN?\pc6wqhs#Z1/%;W1R_!P[gnmuN+9$JwUs#yy%KM)g3.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Mar 2025 13:09:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 28 Nov 2024 18:44:05 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PHNKq9eeJRL1LQbn0mPYVXcwh9RXTAGfSvJ6vqNTVP2IPHj37BbTswVD9e4MhLYq%2FKd2R%2FOgpyR0wzvsDDdGzqjR5mNT5XZj4NsbKjkJOEv4wv47ZqbRCOjhkvolHvKAU%2BBWveGjuP0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e30c175e4d7c8a-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1764&min_rtt=1764&rtt_var=882&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=821&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 66 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 51 6f db 36 10 7e cf af b8 a9 d8 b0 01 95 68 59 69 13 4b b2 80 cc 4e b0 02 5d 17 ac 2e b6 3e d2 d2 59 64 23 91 1a 79 92 ad 05 fd ef 05 25 c5 76 b0 ad 0f 43 a9 17 ea f8 dd f7 1d 0f f7 31 fd 6e fd db 6a f3 f1 fe 16 04 d5 15 dc 7f f8 f9 ed 9b 15 78 3e 63 7f 44 2b c6 d6 9b 35 fc f9 cb e6 d7 b7 10 06 33 78 4f 46 e6 c4 d8 ed 3b 0f 3c 41 d4 c4 8c ed f7 fb 60 1f 05 da 94 6c f3 3b 3b 38 96 d0 a5 4d 5b df 0e 39 41 41 85 97 5d a4 83 c8 a1 ae 94 5d fe 0b 41 b8 58 2c c6 3c cf 81 e2 8a ab 72 e9 a1 f2 e0 b8 cb 52 81 bc c8 2e 00 00 52 92 54 61 76 39 bb 84 1f ea 82 5b 91 c0 3b 4d 70 a7 5b 55 a4 6c 3c 1c 81 35 12 07 a7 e7 e3 5f ad ec 96 de 4a 2b 42 45 fe a6 6f d0 83 7c fc 5b 7a 84 07 62 4e 3f 81 5c 70 63 91 96 1f 36 77 fe b5 c7 ce 89 14 af 71 e9 15 68 73 23 1b 92 5a 9d 31 bc d7 c6 f4 2f a1 e1 25 82 d2 04 3b 57 cc 31 dd 52 5f 21 50 df e0 a4 95 5b eb 8d 67 6e 6d 75 d1 c3 e3 4e 2b f2 ad fc 1b e3 f0 b2 39 24 90 eb 4a 9b f8 c5 d5 b0 12 18 8e 77 bc 96 55 1f 73 23 79 95 80 a3 f2 79 25 4b 15 e7 a8 08 4d f2 f9 c8 29 c2 67 8c d7 b3 33 ca c5 e2 e6 ea e6 2e 81 9a Data Ascii: 2f7TQo6~hYiKN].>Yd#y%vC1njx>cD+53xOF;<A`l;;8M[9AA]]AX,<rR.RTav9[;Mp[Ul<5_J+BEo|[zbN?\pc6wqhs#Z1/%;W1R_!P[gnmuN+9$JwUs#yy%KM)g3.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Mar 2025 13:09:36 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 28 Nov 2024 18:44:05 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FgCaonmLjHUIIKVTtlsRXD3BAK3lnfwXp6Y59cpVHp6oehXX1WCxbwCdGvgnQKBZ4eQqSsUzfhOLNiKej2GkdGgUHXvLasFdjGnleXQy3r%2BnxcFnon5f86FyWUzMKm%2FQOrqwRTDDjWk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e30c275c21a4a0-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2440&min_rtt=2440&rtt_var=1220&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=540&delivery_rate=0&cwnd=141&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 30 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 6f 72 72 79 2c 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 Data Ascii: 604<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 10 Mar 2025 13:09:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 12 Jan 2024 07:09:40 GMTETag: W/"49d-60eba59032da1"Content-Encoding: gzipData Raw: 32 34 62 0d 0a 1f 8b 08 00 00 00 00 00 02 03 ad 53 4d 73 da 30 10 bd e7 57 6c 9d b3 11 86 7c 21 8c 67 52 4c a6 9d 49 52 a6 38 93 f6 28 ec 05 6b 2a cb ae b5 c1 d0 4c ff 7b e5 0f 02 99 b6 e9 a5 f2 c1 d2 ee db f7 9e 34 bb fe bb f0 d3 34 fa 3a 9f 41 4a 99 82 f9 c3 fb db 8f 53 70 5c c6 1e 87 53 c6 c2 28 84 2f 1f a2 bb 5b f0 7a 7d 58 50 29 63 62 6c 76 ef 80 93 12 15 9c b1 aa aa 7a d5 b0 97 97 6b 16 7d 66 db 9a c5 ab cb ba ad 6b 9a 9a 5e 42 89 13 9c f8 8d c8 36 53 da 4c fe 40 e0 8d 46 a3 b6 ce a9 41 5c 09 bd 9e 38 a8 1d 78 d9 05 7e 8a 22 09 4e c0 2e 9f 24 29 0c 1e 71 69 24 21 2c 9e 4c 81 3a c1 c4 67 6d a2 05 65 48 02 6a 2d 17 bf 3f c9 cd c4 99 e6 9a 50 93 1b ed 0a 74 20 6e 4f 13 87 70 4b ac d6 1e 43 9c 8a d2 20 4d 1e a2 1b f7 ca 61 c7 44 5a 64 38 71 12 34 71 29 0b 92 b9 3e 62 88 52 69 a0 ea dc a4 c2 c0 12 51 83 d9 db ea bd 30 19 da 29 04 b2 fa 9d 6c 6c 8c d3 e6 ea b5 cc 93 1d 3c af 2c ad 6b e4 0f e4 de 59 b1 b5 a6 72 95 97 fc f4 b2 59 63 68 d2 2b 91 49 b5 e3 a2 94 c2 da ae a9 5c a1 e4 5a f3 d8 1a c2 72 fc f3 85 33 f5 8e 19 af 8e 19 47 a3 eb cb eb 9b 31 64 a2 5c 4b cd e1 b2 5f 6c a1 5f 7f c7 f5 03 78 6e f1 70 1a ce 2e a6 e7 e1 6b 0b d0 79 38 68 c0 a0 5f 8b 34 81 0a e5 3a 25 6e 6f a6 92 31 28 24 6b ce 35 85 88 a5 5e 73 70 bd 1a b8 97 f7 ce 1b f9 81 fd 1d e9 17 f0 5c c9 84 52 3e 6c 69 7f bf 6b 47 e0 2a 5c 11 17 4f 94 8f bb 40 d9 68 37 91 3d 86 f2 82 c3 b0 be e7 41 21 91 9b ff a2 71 60 14 5c 49 fd ed f0 6e c3 b3 f3 e1 c5 f5 2b c0 46 d6 cd 92 bc 89 11 31 c9 0d be 09 49 f3 0d 96 7f 41 f8 ac 69 37 3b 7c ac 1d 1d bf ee af ae 13 53 2f 58 3c 2c e6 b3 fb 70 16 da bc b7 0f 0f 82 7f 35 b3 45 0f 3a b4 7d b9 43 f3 ce 15 0a 83 cd 50 58 e3 40 a9 6d 74 8c 53 2d 63 a1 6c 79 51 e4 25 41 82 85 28 29 b3 8f da eb 3c 36 1c 3e 6b ad f9 cd 1c 06 27 bf 00 dc 27 15 ee 9d 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 24bSMs0Wl|!gRLIR8(k*L{44:AJSp\S(/[z}XP)cblvzk}fk^B6SL@FA\8x~"N.$)qi$!,L:gmeHj-?Pt nOpKC MaDZd8q4q)>bRiQ0)ll<,kYrYch+I\Zr3G1d\K_l_xnp.ky8h_4:%no1($k5^sp\R>likG*\O@h7=A!q`\In+F1IAi7;|S/X<,p5E:}CPX@mtS-clyQ%A()<6>k''0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 10 Mar 2025 13:09:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 12 Jan 2024 07:09:40 GMTETag: W/"49d-60eba59032da1"Content-Encoding: gzipData Raw: 32 34 62 0d 0a 1f 8b 08 00 00 00 00 00 02 03 ad 53 4d 73 da 30 10 bd e7 57 6c 9d b3 11 86 7c 21 8c 67 52 4c a6 9d 49 52 a6 38 93 f6 28 ec 05 6b 2a cb ae b5 c1 d0 4c ff 7b e5 0f 02 99 b6 e9 a5 f2 c1 d2 ee db f7 9e 34 bb fe bb f0 d3 34 fa 3a 9f 41 4a 99 82 f9 c3 fb db 8f 53 70 5c c6 1e 87 53 c6 c2 28 84 2f 1f a2 bb 5b f0 7a 7d 58 50 29 63 62 6c 76 ef 80 93 12 15 9c b1 aa aa 7a d5 b0 97 97 6b 16 7d 66 db 9a c5 ab cb ba ad 6b 9a 9a 5e 42 89 13 9c f8 8d c8 36 53 da 4c fe 40 e0 8d 46 a3 b6 ce a9 41 5c 09 bd 9e 38 a8 1d 78 d9 05 7e 8a 22 09 4e c0 2e 9f 24 29 0c 1e 71 69 24 21 2c 9e 4c 81 3a c1 c4 67 6d a2 05 65 48 02 6a 2d 17 bf 3f c9 cd c4 99 e6 9a 50 93 1b ed 0a 74 20 6e 4f 13 87 70 4b ac d6 1e 43 9c 8a d2 20 4d 1e a2 1b f7 ca 61 c7 44 5a 64 38 71 12 34 71 29 0b 92 b9 3e 62 88 52 69 a0 ea dc a4 c2 c0 12 51 83 d9 db ea bd 30 19 da 29 04 b2 fa 9d 6c 6c 8c d3 e6 ea b5 cc 93 1d 3c af 2c ad 6b e4 0f e4 de 59 b1 b5 a6 72 95 97 fc f4 b2 59 63 68 d2 2b 91 49 b5 e3 a2 94 c2 da ae a9 5c a1 e4 5a f3 d8 1a c2 72 fc f3 85 33 f5 8e 19 af 8e 19 47 a3 eb cb eb 9b 31 64 a2 5c 4b cd e1 b2 5f 6c a1 5f 7f c7 f5 03 78 6e f1 70 1a ce 2e a6 e7 e1 6b 0b d0 79 38 68 c0 a0 5f 8b 34 81 0a e5 3a 25 6e 6f a6 92 31 28 24 6b ce 35 85 88 a5 5e 73 70 bd 1a b8 97 f7 ce 1b f9 81 fd 1d e9 17 f0 5c c9 84 52 3e 6c 69 7f bf 6b 47 e0 2a 5c 11 17 4f 94 8f bb 40 d9 68 37 91 3d 86 f2 82 c3 b0 be e7 41 21 91 9b ff a2 71 60 14 5c 49 fd ed f0 6e c3 b3 f3 e1 c5 f5 2b c0 46 d6 cd 92 bc 89 11 31 c9 0d be 09 49 f3 0d 96 7f 41 f8 ac 69 37 3b 7c ac 1d 1d bf ee af ae 13 53 2f 58 3c 2c e6 b3 fb 70 16 da bc b7 0f 0f 82 7f 35 b3 45 0f 3a b4 7d b9 43 f3 ce 15 0a 83 cd 50 58 e3 40 a9 6d 74 8c 53 2d 63 a1 6c 79 51 e4 25 41 82 85 28 29 b3 8f da eb 3c 36 1c 3e 6b ad f9 cd 1c 06 27 bf 00 dc 27 15 ee 9d 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 24bSMs0Wl|!gRLIR8(k*L{44:AJSp\S(/[z}XP)cblvzk}fk^B6SL@FA\8x~"N.$)qi$!,L:gmeHj-?Pt nOpKC MaDZd8q4q)>bRiQ0)ll<,kYrYch+I\Zr3G1d\K_l_xnp.ky8h_4:%no1($k5^sp\R>likG*\O@h7=A!q`\In+F1IAi7;|S/X<,p5E:}CPX@mtS-clyQ%A()<6>k''0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 10 Mar 2025 13:10:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 12 Jan 2024 07:09:40 GMTETag: W/"49d-60eba59032da1"Content-Encoding: gzipData Raw: 32 34 62 0d 0a 1f 8b 08 00 00 00 00 00 02 03 ad 53 4d 73 da 30 10 bd e7 57 6c 9d b3 11 86 7c 21 8c 67 52 4c a6 9d 49 52 a6 38 93 f6 28 ec 05 6b 2a cb ae b5 c1 d0 4c ff 7b e5 0f 02 99 b6 e9 a5 f2 c1 d2 ee db f7 9e 34 bb fe bb f0 d3 34 fa 3a 9f 41 4a 99 82 f9 c3 fb db 8f 53 70 5c c6 1e 87 53 c6 c2 28 84 2f 1f a2 bb 5b f0 7a 7d 58 50 29 63 62 6c 76 ef 80 93 12 15 9c b1 aa aa 7a d5 b0 97 97 6b 16 7d 66 db 9a c5 ab cb ba ad 6b 9a 9a 5e 42 89 13 9c f8 8d c8 36 53 da 4c fe 40 e0 8d 46 a3 b6 ce a9 41 5c 09 bd 9e 38 a8 1d 78 d9 05 7e 8a 22 09 4e c0 2e 9f 24 29 0c 1e 71 69 24 21 2c 9e 4c 81 3a c1 c4 67 6d a2 05 65 48 02 6a 2d 17 bf 3f c9 cd c4 99 e6 9a 50 93 1b ed 0a 74 20 6e 4f 13 87 70 4b ac d6 1e 43 9c 8a d2 20 4d 1e a2 1b f7 ca 61 c7 44 5a 64 38 71 12 34 71 29 0b 92 b9 3e 62 88 52 69 a0 ea dc a4 c2 c0 12 51 83 d9 db ea bd 30 19 da 29 04 b2 fa 9d 6c 6c 8c d3 e6 ea b5 cc 93 1d 3c af 2c ad 6b e4 0f e4 de 59 b1 b5 a6 72 95 97 fc f4 b2 59 63 68 d2 2b 91 49 b5 e3 a2 94 c2 da ae a9 5c a1 e4 5a f3 d8 1a c2 72 fc f3 85 33 f5 8e 19 af 8e 19 47 a3 eb cb eb 9b 31 64 a2 5c 4b cd e1 b2 5f 6c a1 5f 7f c7 f5 03 78 6e f1 70 1a ce 2e a6 e7 e1 6b 0b d0 79 38 68 c0 a0 5f 8b 34 81 0a e5 3a 25 6e 6f a6 92 31 28 24 6b ce 35 85 88 a5 5e 73 70 bd 1a b8 97 f7 ce 1b f9 81 fd 1d e9 17 f0 5c c9 84 52 3e 6c 69 7f bf 6b 47 e0 2a 5c 11 17 4f 94 8f bb 40 d9 68 37 91 3d 86 f2 82 c3 b0 be e7 41 21 91 9b ff a2 71 60 14 5c 49 fd ed f0 6e c3 b3 f3 e1 c5 f5 2b c0 46 d6 cd 92 bc 89 11 31 c9 0d be 09 49 f3 0d 96 7f 41 f8 ac 69 37 3b 7c ac 1d 1d bf ee af ae 13 53 2f 58 3c 2c e6 b3 fb 70 16 da bc b7 0f 0f 82 7f 35 b3 45 0f 3a b4 7d b9 43 f3 ce 15 0a 83 cd 50 58 e3 40 a9 6d 74 8c 53 2d 63 a1 6c 79 51 e4 25 41 82 85 28 29 b3 8f da eb 3c 36 1c 3e 6b ad f9 cd 1c 06 27 bf 00 dc 27 15 ee 9d 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 24bSMs0Wl|!gRLIR8(k*L{44:AJSp\S(/[z}XP)cblvzk}fk^B6SL@FA\8x~"N.$)qi$!,L:gmeHj-?Pt nOpKC MaDZd8q4q)>bRiQ0)ll<,kYrYch+I\Zr3G1d\K_l_xnp.ky8h_4:%no1($k5^sp\R>likG*\O@h7=A!q`\In+F1IAi7;|S/X<,p5E:}CPX@mtS-clyQ%A()<6>k''0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 10 Mar 2025 13:10:04 GMTContent-Type: text/html; charset=UTF-8Content-Length: 1181Connection: closeVary: Accept-EncodingLast-Modified: Fri, 12 Jan 2024 07:09:40 GMTETag: "49d-60eba59032da1"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 53 75 73 70 65 6e 64 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 77 65 62 73 69 74 65 20 68 61 73 20 62 65 65 6e 20 73 75 73 70 65 6e 64 65 64 2e 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 37 37 37 37 37 37 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 38 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 39 39 41 37 41 46 3b 20 6d 61 72 67 69 6e 3a 20 37 30 70 78 20 30 20 30 20 30 3b 7d 0a 20 20 20 20 20 20 20 20 68 32 20 7b 63 6f 6c 6f 72 3a 20 23 44 45 36 43 35 44 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6d 61 72 67 69 6e 3a 20 31 35 70 78 20 30 20 32 35 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 70 20 7b 77 69 64 74 68 3a 33 32 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 20 7d 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 77 69 64 74 68 3a 33 32 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 63 6f 6c 6f 72 3a 20 23 33 34 35 33 36 41 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 76 69 73 69 74 65 64 20 7b 63
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Mar 2025 13:10:09 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Mar 2025 13:10:12 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Mar 2025 13:10:14 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 10 Mar 2025 13:10:17 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 10 Mar 2025 13:11:30 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 10 Mar 2025 13:11:32 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 10 Mar 2025 13:11:35 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Mon, 10 Mar 2025 13:11:38 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/Dialis.cfm?fp=rqH%2F7QYwcrVUrhErClF6vqpVmobftKznsjjNu2jgo4sZGVMx%2BUQYeMHhp
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/Fethiye%2C_Calis.cfm?fp=rqH%2F7QYwcrVUrhErClF6vqpVmobftKznsjjNu2jgo4sZGVMx%
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/Los_Calis.cfm?fp=rqH%2F7QYwcrVUrhErClF6vqpVmobftKznsjjNu2jgo4sZGVMx%2BUQYeM
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/South_America_Travel_Packages.cfm?fp=rqH%2F7QYwcrVUrhErClF6vqpVmobftKznsjjN
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digi-searches.com/Travel_Service_International.cfm?fp=rqH%2F7QYwcrVUrhErClF6vqpVmobftKznsjjNu
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/js/min.js?v2.3
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/28903/search.png)
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/28905/arrrow.png)
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/29590/bg1.png)
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
                Source: L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.00000000032EE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://ibm-p8-kvm-03-guest-02.virt.pnr.lab.eng.rdu2.redhat.com/
                Source: ulQGCeP6wq.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Calimade.net
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.calimade.net/__media__/design/underconstructionnotice.php?d=calimade.net
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3455694643.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.calimade.net/__media__/js/trademark.php?d=calimade.net&type=ns
                Source: L2mAf1MzZG7.exe, 0000000E.00000002.3454308235.0000000004BC3000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.mayaheenterprise.shop
                Source: L2mAf1MzZG7.exe, 0000000E.00000002.3454308235.0000000004BC3000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.mayaheenterprise.shop/u9p8/
                Source: wiaacmgr.exe, 0000000D.00000003.1569787270.0000000007E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
                Source: wiaacmgr.exe, 0000000D.00000003.1569787270.0000000007E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.00000000061E4000.00000004.10000000.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.00000000037A4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
                Source: wiaacmgr.exe, 0000000D.00000003.1569787270.0000000007E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: wiaacmgr.exe, 0000000D.00000003.1569787270.0000000007E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: wiaacmgr.exe, 0000000D.00000002.3453795151.000000000669A000.00000004.10000000.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
                Source: L2mAf1MzZG7.exe, 0000000E.00000002.3452561185.0000000003C5A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                Source: wiaacmgr.exe, 0000000D.00000003.1569787270.0000000007E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: wiaacmgr.exe, 0000000D.00000003.1569787270.0000000007E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
                Source: wiaacmgr.exe, 0000000D.00000003.1569787270.0000000007E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: wiaacmgr.exe, 0000000D.00000003.1569787270.0000000007E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: wiaacmgr.exe, 0000000D.00000002.3451033841.0000000002E0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: wiaacmgr.exe, 0000000D.00000002.3451033841.0000000002E2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: wiaacmgr.exe, 0000000D.00000003.1564038662.0000000007E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                Source: wiaacmgr.exe, 0000000D.00000002.3451033841.0000000002E0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: wiaacmgr.exe, 0000000D.00000002.3451033841.0000000002E0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: wiaacmgr.exe, 0000000D.00000002.3451033841.0000000002E0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: wiaacmgr.exe, 0000000D.00000002.3451033841.0000000002E2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: wiaacmgr.exe, 0000000D.00000003.1569787270.0000000007E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20w
                Source: wiaacmgr.exe, 0000000D.00000003.1569787270.0000000007E68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.ulQGCeP6wq.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.ulQGCeP6wq.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1368864211.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3454308235.0000000004B60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3452631025.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3450449095.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1369494752.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3452552887.00000000048A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3452182714.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1372021275.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0042D093 NtClose,3_2_0042D093
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142B60 NtClose,LdrInitializeThunk,3_2_01142B60
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01142DF0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01142C70
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011435C0 NtCreateMutant,LdrInitializeThunk,3_2_011435C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01144340 NtSetContextThread,3_2_01144340
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01144650 NtSuspendThread,3_2_01144650
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142B80 NtQueryInformationFile,3_2_01142B80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142BA0 NtEnumerateValueKey,3_2_01142BA0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142BF0 NtAllocateVirtualMemory,3_2_01142BF0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142BE0 NtQueryValueKey,3_2_01142BE0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142AB0 NtWaitForSingleObject,3_2_01142AB0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142AD0 NtReadFile,3_2_01142AD0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142AF0 NtWriteFile,3_2_01142AF0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142D10 NtMapViewOfSection,3_2_01142D10
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142D00 NtSetInformationFile,3_2_01142D00
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142D30 NtUnmapViewOfSection,3_2_01142D30
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142DB0 NtEnumerateKey,3_2_01142DB0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142DD0 NtDelayExecution,3_2_01142DD0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142C00 NtQueryInformationProcess,3_2_01142C00
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142C60 NtCreateKey,3_2_01142C60
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142CA0 NtQueryInformationToken,3_2_01142CA0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142CC0 NtQueryVirtualMemory,3_2_01142CC0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142CF0 NtOpenProcess,3_2_01142CF0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142F30 NtCreateSection,3_2_01142F30
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142F60 NtCreateProcessEx,3_2_01142F60
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142F90 NtProtectVirtualMemory,3_2_01142F90
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142FB0 NtResumeThread,3_2_01142FB0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142FA0 NtQuerySection,3_2_01142FA0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142FE0 NtCreateFile,3_2_01142FE0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142E30 NtWriteVirtualMemory,3_2_01142E30
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142E80 NtReadVirtualMemory,3_2_01142E80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142EA0 NtAdjustPrivilegesToken,3_2_01142EA0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142EE0 NtQueueApcThread,3_2_01142EE0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01143010 NtOpenDirectoryObject,3_2_01143010
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01143090 NtSetValueKey,3_2_01143090
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011439B0 NtGetContextThread,3_2_011439B0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01143D10 NtOpenProcessToken,3_2_01143D10
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01143D70 NtOpenThread,3_2_01143D70
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB4650 NtSuspendThread,LdrInitializeThunk,13_2_04BB4650
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB4340 NtSetContextThread,LdrInitializeThunk,13_2_04BB4340
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2CA0 NtQueryInformationToken,LdrInitializeThunk,13_2_04BB2CA0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2C70 NtFreeVirtualMemory,LdrInitializeThunk,13_2_04BB2C70
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2C60 NtCreateKey,LdrInitializeThunk,13_2_04BB2C60
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2DF0 NtQuerySystemInformation,LdrInitializeThunk,13_2_04BB2DF0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2DD0 NtDelayExecution,LdrInitializeThunk,13_2_04BB2DD0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2D30 NtUnmapViewOfSection,LdrInitializeThunk,13_2_04BB2D30
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2D10 NtMapViewOfSection,LdrInitializeThunk,13_2_04BB2D10
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2E80 NtReadVirtualMemory,LdrInitializeThunk,13_2_04BB2E80
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2EE0 NtQueueApcThread,LdrInitializeThunk,13_2_04BB2EE0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2FB0 NtResumeThread,LdrInitializeThunk,13_2_04BB2FB0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2FE0 NtCreateFile,LdrInitializeThunk,13_2_04BB2FE0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2F30 NtCreateSection,LdrInitializeThunk,13_2_04BB2F30
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2AF0 NtWriteFile,LdrInitializeThunk,13_2_04BB2AF0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2AD0 NtReadFile,LdrInitializeThunk,13_2_04BB2AD0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2BA0 NtEnumerateValueKey,LdrInitializeThunk,13_2_04BB2BA0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,13_2_04BB2BF0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2BE0 NtQueryValueKey,LdrInitializeThunk,13_2_04BB2BE0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2B60 NtClose,LdrInitializeThunk,13_2_04BB2B60
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB35C0 NtCreateMutant,LdrInitializeThunk,13_2_04BB35C0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB39B0 NtGetContextThread,LdrInitializeThunk,13_2_04BB39B0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2CF0 NtOpenProcess,13_2_04BB2CF0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2CC0 NtQueryVirtualMemory,13_2_04BB2CC0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2C00 NtQueryInformationProcess,13_2_04BB2C00
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2DB0 NtEnumerateKey,13_2_04BB2DB0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2D00 NtSetInformationFile,13_2_04BB2D00
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2EA0 NtAdjustPrivilegesToken,13_2_04BB2EA0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2E30 NtWriteVirtualMemory,13_2_04BB2E30
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2FA0 NtQuerySection,13_2_04BB2FA0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2F90 NtProtectVirtualMemory,13_2_04BB2F90
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2F60 NtCreateProcessEx,13_2_04BB2F60
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2AB0 NtWaitForSingleObject,13_2_04BB2AB0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB2B80 NtQueryInformationFile,13_2_04BB2B80
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB3090 NtSetValueKey,13_2_04BB3090
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB3010 NtOpenDirectoryObject,13_2_04BB3010
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB3D10 NtOpenProcessToken,13_2_04BB3D10
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB3D70 NtOpenThread,13_2_04BB3D70
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A79B40 NtReadFile,13_2_02A79B40
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A799D0 NtCreateFile,13_2_02A799D0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A79E30 NtAllocateVirtualMemory,13_2_02A79E30
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A79CD0 NtClose,13_2_02A79CD0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A79C30 NtDeleteFile,13_2_02A79C30
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_026F3E401_2_026F3E40
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_026F6F931_2_026F6F93
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_026FDE6C1_2_026FDE6C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_0539BF2D1_2_0539BF2D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_06F497881_2_06F49788
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_06F4AE601_2_06F4AE60
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_06F48F181_2_06F48F18
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_06F4AA281_2_06F4AA28
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00418FB33_2_00418FB3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_004031403_2_00403140
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0040E9633_2_0040E963
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_004109833_2_00410983
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_004171A33_2_004171A3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0040EAA73_2_0040EAA7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0040EAB33_2_0040EAB3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0040EB953_2_0040EB95
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00402C5A3_2_00402C5A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00402C603_2_00402C60
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_004025403_2_00402540
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0040253E3_2_0040253E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0042F6833_2_0042F683
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0041075A3_2_0041075A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_004107633_2_00410763
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AA1183_2_011AA118
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011001003_2_01100100
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011981583_2_01198158
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D01AA3_2_011D01AA
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C41A23_2_011C41A2
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C81CC3_2_011C81CC
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A20003_2_011A2000
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CA3523_2_011CA352
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111E3F03_2_0111E3F0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D03E63_2_011D03E6
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B02743_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011902C03_2_011902C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011105353_2_01110535
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D05913_2_011D0591
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B44203_2_011B4420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C24463_2_011C2446
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011BE4F63_2_011BE4F6
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011347503_2_01134750
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011107703_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110C7C03_2_0110C7C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112C6E03_2_0112C6E0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011269623_2_01126962
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A03_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011DA9A63_2_011DA9A6
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111A8403_2_0111A840
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011128403_2_01112840
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010F68B83_2_010F68B8
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E8F03_2_0113E8F0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CAB403_2_011CAB40
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C6BD73_2_011C6BD7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110EA803_2_0110EA80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011ACD1F3_2_011ACD1F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111AD003_2_0111AD00
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01128DBF3_2_01128DBF
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110ADE03_2_0110ADE0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110C003_2_01110C00
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0CB53_2_011B0CB5
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01100CF23_2_01100CF2
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01130F303_2_01130F30
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B2F303_2_011B2F30
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01152F283_2_01152F28
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01184F403_2_01184F40
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118EFA03_2_0118EFA0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01102FC83_2_01102FC8
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111CFE03_2_0111CFE0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CEE263_2_011CEE26
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110E593_2_01110E59
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01122E903_2_01122E90
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CCE933_2_011CCE93
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CEEDB3_2_011CEEDB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011DB16B3_2_011DB16B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0114516C3_2_0114516C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FF1723_2_010FF172
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111B1B03_2_0111B1B0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011170C03_2_011170C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011BF0CC3_2_011BF0CC
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C70E93_2_011C70E9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CF0E03_2_011CF0E0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C132D3_2_011C132D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FD34C3_2_010FD34C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0115739A3_2_0115739A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011152A03_2_011152A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112B2C03_2_0112B2C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B12ED3_2_011B12ED
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C75713_2_011C7571
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AD5B03_2_011AD5B0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CF43F3_2_011CF43F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011014603_2_01101460
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CF7B03_2_011CF7B0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C16CC3_2_011C16CC
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A59103_2_011A5910
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011199503_2_01119950
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112B9503_2_0112B950
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117D8003_2_0117D800
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011138E03_2_011138E0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CFB763_2_011CFB76
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112FB803_2_0112FB80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01185BF03_2_01185BF0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0114DBF93_2_0114DBF9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CFA493_2_011CFA49
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C7A463_2_011C7A46
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01183A6C3_2_01183A6C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01155AA03_2_01155AA0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011ADAAC3_2_011ADAAC
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B1AA33_2_011B1AA3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011BDAC63_2_011BDAC6
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C1D5A3_2_011C1D5A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01113D403_2_01113D40
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C7D733_2_011C7D73
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112FDC03_2_0112FDC0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01189C323_2_01189C32
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CFCF23_2_011CFCF2
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CFF093_2_011CFF09
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01111F923_2_01111F92
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CFFB13_2_011CFFB1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01119EB03_2_01119EB0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C2E4F613_2_04C2E4F6
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3244613_2_04C32446
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C2442013_2_04C24420
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C4059113_2_04C40591
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B8053513_2_04B80535
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B9C6E013_2_04B9C6E0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B7C7C013_2_04B7C7C0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B8077013_2_04B80770
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BA475013_2_04BA4750
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C1200013_2_04C12000
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C381CC13_2_04C381CC
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C401AA13_2_04C401AA
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C0815813_2_04C08158
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B7010013_2_04B70100
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C1A11813_2_04C1A118
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C002C013_2_04C002C0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C2027413_2_04C20274
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C403E613_2_04C403E6
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B8E3F013_2_04B8E3F0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3A35213_2_04C3A352
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B70CF213_2_04B70CF2
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C20CB513_2_04C20CB5
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B80C0013_2_04B80C00
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B98DBF13_2_04B98DBF
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B7ADE013_2_04B7ADE0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B8AD0013_2_04B8AD00
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C1CD1F13_2_04C1CD1F
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3EEDB13_2_04C3EEDB
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B92E9013_2_04B92E90
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3CE9313_2_04C3CE93
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B80E5913_2_04B80E59
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3EE2613_2_04C3EE26
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BFEFA013_2_04BFEFA0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B8CFE013_2_04B8CFE0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B72FC813_2_04B72FC8
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BA0F3013_2_04BA0F30
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BC2F2813_2_04BC2F28
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C22F3013_2_04C22F30
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BF4F4013_2_04BF4F40
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B668B813_2_04B668B8
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BAE8F013_2_04BAE8F0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B8284013_2_04B82840
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B8A84013_2_04B8A840
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B829A013_2_04B829A0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C4A9A613_2_04C4A9A6
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B9696213_2_04B96962
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B7EA8013_2_04B7EA80
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C36BD713_2_04C36BD7
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3AB4013_2_04C3AB40
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B7146013_2_04B71460
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3F43F13_2_04C3F43F
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C1D5B013_2_04C1D5B0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3757113_2_04C37571
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C316CC13_2_04C316CC
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3F7B013_2_04C3F7B0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C2F0CC13_2_04C2F0CC
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3F0E013_2_04C3F0E0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C370E913_2_04C370E9
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B870C013_2_04B870C0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B8B1B013_2_04B8B1B0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C4B16B13_2_04C4B16B
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B6F17213_2_04B6F172
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BB516C13_2_04BB516C
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B852A013_2_04B852A0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C212ED13_2_04C212ED
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B9B2C013_2_04B9B2C0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BC739A13_2_04BC739A
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3132D13_2_04C3132D
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B6D34C13_2_04B6D34C
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3FCF213_2_04C3FCF2
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BF9C3213_2_04BF9C32
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B9FDC013_2_04B9FDC0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C31D5A13_2_04C31D5A
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C37D7313_2_04C37D73
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B83D4013_2_04B83D40
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B89EB013_2_04B89EB0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B81F9213_2_04B81F92
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3FFB113_2_04C3FFB1
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3FF0913_2_04C3FF09
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B838E013_2_04B838E0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BED80013_2_04BED800
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C1591013_2_04C15910
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B8995013_2_04B89950
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B9B95013_2_04B9B950
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C2DAC613_2_04C2DAC6
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BC5AA013_2_04BC5AA0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C21AA313_2_04C21AA3
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C1DAAC13_2_04C1DAAC
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C37A4613_2_04C37A46
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3FA4913_2_04C3FA49
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BF3A6C13_2_04BF3A6C
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B9FB8013_2_04B9FB80
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BBDBF913_2_04BBDBF9
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04BF5BF013_2_04BF5BF0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04C3FB7613_2_04C3FB76
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A6255013_2_02A62550
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A7C2C013_2_02A7C2C0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A5D3A013_2_02A5D3A0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A5D39713_2_02A5D397
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A5B6E413_2_02A5B6E4
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A5B6F013_2_02A5B6F0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A5B7D213_2_02A5B7D2
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A5B5A013_2_02A5B5A0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A5D5C013_2_02A5D5C0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A65BF013_2_02A65BF0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A63DE013_2_02A63DE0
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_049EE4D313_2_049EE4D3
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_049EE3B413_2_049EE3B4
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_049EE87313_2_049EE873
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_049ED93813_2_049ED938
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: String function: 01145130 appears 58 times
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: String function: 0117EA12 appears 86 times
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: String function: 010FB970 appears 280 times
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: String function: 01157E54 appears 102 times
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: String function: 0118F290 appears 105 times
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: String function: 04BEEA12 appears 86 times
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: String function: 04B6B970 appears 280 times
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: String function: 04BB5130 appears 58 times
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: String function: 04BFF290 appears 105 times
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: String function: 04BC7E54 appears 102 times
                Source: ulQGCeP6wq.exe, 00000001.00000000.990695367.0000000000522000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNstr.exeB vs ulQGCeP6wq.exe
                Source: ulQGCeP6wq.exe, 00000001.00000002.1030759908.0000000006F80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs ulQGCeP6wq.exe
                Source: ulQGCeP6wq.exe, 00000001.00000002.1028236464.00000000038D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs ulQGCeP6wq.exe
                Source: ulQGCeP6wq.exe, 00000001.00000002.1027093118.000000000291B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs ulQGCeP6wq.exe
                Source: ulQGCeP6wq.exe, 00000001.00000002.1026387546.0000000000A3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ulQGCeP6wq.exe
                Source: ulQGCeP6wq.exe, 00000001.00000002.1027093118.00000000028D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs ulQGCeP6wq.exe
                Source: ulQGCeP6wq.exe, 00000001.00000002.1030176023.0000000005270000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs ulQGCeP6wq.exe
                Source: ulQGCeP6wq.exe, 00000003.00000002.1369658603.00000000011FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ulQGCeP6wq.exe
                Source: ulQGCeP6wq.exe, 00000003.00000002.1369185991.0000000000C77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWIAACMGR.EXEj% vs ulQGCeP6wq.exe
                Source: ulQGCeP6wq.exeBinary or memory string: OriginalFilenameNstr.exeB vs ulQGCeP6wq.exe
                Source: ulQGCeP6wq.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: ulQGCeP6wq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, wULDeENZLMS9NMTbHD.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, wULDeENZLMS9NMTbHD.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, wULDeENZLMS9NMTbHD.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, wULDeENZLMS9NMTbHD.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, wULDeENZLMS9NMTbHD.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, wULDeENZLMS9NMTbHD.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, wrMdch5HB7Tc50IT9T.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, wrMdch5HB7Tc50IT9T.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, wrMdch5HB7Tc50IT9T.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, wrMdch5HB7Tc50IT9T.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@15/9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ulQGCeP6wq.exe.logJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\wiaacmgr.exeFile created: C:\Users\user\AppData\Local\Temp\5gR5588Jump to behavior
                Source: ulQGCeP6wq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: ulQGCeP6wq.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: wiaacmgr.exe, 0000000D.00000003.1565704016.0000000002E45000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000003.1565859908.0000000002E65000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000003.1568639741.0000000002E73000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3451033841.0000000002E96000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3451033841.0000000002E65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: ulQGCeP6wq.exeVirustotal: Detection: 83%
                Source: ulQGCeP6wq.exeReversingLabs: Detection: 76%
                Source: unknownProcess created: C:\Users\user\Desktop\ulQGCeP6wq.exe "C:\Users\user\Desktop\ulQGCeP6wq.exe"
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess created: C:\Users\user\Desktop\ulQGCeP6wq.exe "C:\Users\user\Desktop\ulQGCeP6wq.exe"
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess created: C:\Users\user\Desktop\ulQGCeP6wq.exe "C:\Users\user\Desktop\ulQGCeP6wq.exe"
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeProcess created: C:\Windows\SysWOW64\wiaacmgr.exe "C:\Windows\SysWOW64\wiaacmgr.exe"
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess created: C:\Users\user\Desktop\ulQGCeP6wq.exe "C:\Users\user\Desktop\ulQGCeP6wq.exe"Jump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess created: C:\Users\user\Desktop\ulQGCeP6wq.exe "C:\Users\user\Desktop\ulQGCeP6wq.exe"Jump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeProcess created: C:\Windows\SysWOW64\wiaacmgr.exe "C:\Windows\SysWOW64\wiaacmgr.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: scansetting.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: mfc42u.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: ulQGCeP6wq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: ulQGCeP6wq.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: ulQGCeP6wq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: Nstr.pdbSHA2562 source: ulQGCeP6wq.exe
                Source: Binary string: wntdll.pdbUGP source: ulQGCeP6wq.exe, 00000003.00000002.1369658603.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000003.1371610995.0000000004999000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000003.1369193620.00000000047E1000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3453029492.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3453029492.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: ulQGCeP6wq.exe, ulQGCeP6wq.exe, 00000003.00000002.1369658603.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, wiaacmgr.exe, wiaacmgr.exe, 0000000D.00000003.1371610995.0000000004999000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000003.1369193620.00000000047E1000.00000004.00000020.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3453029492.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, wiaacmgr.exe, 0000000D.00000002.3453029492.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: Nstr.pdb source: ulQGCeP6wq.exe
                Source: Binary string: wiaacmgr.pdbGCTL source: ulQGCeP6wq.exe, 00000003.00000002.1369185991.0000000000C77000.00000004.00000020.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000C.00000002.3451074870.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wiaacmgr.pdb source: ulQGCeP6wq.exe, 00000003.00000002.1369185991.0000000000C77000.00000004.00000020.00020000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000C.00000002.3451074870.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: L2mAf1MzZG7.exe, 0000000C.00000000.1292134237.000000000054F000.00000002.00000001.01000000.0000000C.sdmp, L2mAf1MzZG7.exe, 0000000E.00000000.1446105198.000000000054F000.00000002.00000001.01000000.0000000C.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: ulQGCeP6wq.exe, Form3.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, wULDeENZLMS9NMTbHD.cs.Net Code: kqQCPvdsKv System.Reflection.Assembly.Load(byte[])
                Source: 1.2.ulQGCeP6wq.exe.294a118.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 1.2.ulQGCeP6wq.exe.5270000.4.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, wULDeENZLMS9NMTbHD.cs.Net Code: kqQCPvdsKv System.Reflection.Assembly.Load(byte[])
                Source: 13.2.wiaacmgr.exe.516cd14.2.raw.unpack, Form3.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 14.2.L2mAf1MzZG7.exe.272cd14.1.raw.unpack, Form3.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 14.0.L2mAf1MzZG7.exe.272cd14.1.raw.unpack, Form3.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 15.2.firefox.exe.328bcd14.0.raw.unpack, Form3.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: ulQGCeP6wq.exeStatic PE information: 0xCCBC764F [Sat Nov 5 19:45:19 2078 UTC]
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_0539E4AB pushad ; retf 1_2_0539E4B1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_0539F3F1 push 5DFFFFEDh; ret 1_2_0539F409
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_06F4FA4D push FFFFFF8Bh; iretd 1_2_06F4FA4F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 1_2_06F479D2 push esp; retf 1_2_06F479D9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00414D77 push ecx; retn FC8Ch3_2_00414DC1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00414114 push ss; iretd 3_2_00414115
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00418A7B push ds; ret 3_2_00418A7C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_004122C8 push edx; retf 3_2_004122C9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_004122BE push edi; ret 3_2_004122BF
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_004033C0 push eax; ret 3_2_004033C2
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00416413 push 00000048h; iretd 3_2_00416556
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0041B483 pushad ; retf 3_2_0041B4A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00417CA3 push ebx; retf 3_2_00417CA4
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00424643 push esi; retf 3_2_0042464E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00401F83 pushad ; iretd 3_2_00401F84
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011009AD push ecx; mov dword ptr [esp], ecx3_2_011009B6
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_04B709AD push ecx; mov dword ptr [esp], ecx13_2_04B709B6
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A66481 push ds; retf F397h13_2_02A66494
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A680BC pushad ; retf 13_2_02A680DD
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A680C0 pushad ; retf 13_2_02A680DD
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A6C039 pushad ; iretd 13_2_02A6C042
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A6E1CC push edi; retf 13_2_02A6E17D
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A6E169 push edi; retf 13_2_02A6E17D
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A648E0 push ebx; retf 13_2_02A648E1
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A5EEFB push edi; ret 13_2_02A5EEFC
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A5EF05 push edx; retf 13_2_02A5EF06
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A70C5A push eax; iretd 13_2_02A70C5B
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A62DE2 push 0000002Ah; retf 13_2_02A62DE4
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A60D51 push ss; iretd 13_2_02A60D52
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A71280 push esi; retf 13_2_02A7128B
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A71278 push esi; retf 13_2_02A7128B
                Source: ulQGCeP6wq.exeStatic PE information: section name: .text entropy: 7.800021022444532
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, rhY12vEBJe5xyjSaVD.csHigh entropy of concatenated method names: 'Dispose', 'PqwFtwAigc', 'uD5RTfpsTj', 'UcMyifalwf', 'WNlFeL9jvc', 'Di2FzTZlB6', 'ProcessDialogKey', 'ef6RD3Yba4', 'IpyRFQkgVE', 'CPJRRr0qSe'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, uEIIKizbZL6xt4lhbO.csHigh entropy of concatenated method names: 'X5tpoBZFFv', 'ciVp5LM6M2', 'PTCpWem2nN', 'rX9pqWmosy', 'cwQpT5GgS1', 'YV4pB7JY1C', 'l49pGpUQsH', 'qFLpSdCVxX', 'Bjfpri43bh', 'K9LpiYHKi2'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, ri2JkIKpcigWpVhmrP.csHigh entropy of concatenated method names: 'dPR9sIONpM', 'aVt910dxyr', 'WMC92N07rX', 'ToString', 'MFd9jVAWeG', 'vqH9Un6V71', 'uo5U8jBtfk4NpZgo50w', 'qLwvYABpN9Gs6FEruKf'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, EXNLokZc8TQYdBf6sC.csHigh entropy of concatenated method names: 'JcsOQIeZ3l', 'D2nOLnf4EV', 'bkHv0LvvKH', 'SR5vB0XSbw', 'eIavG67RfF', 'nKXvKPlrjU', 'xbCvJlnTbB', 'GBcvYJ1E6R', 'UVhvHPHguU', 'zqIvknMh2u'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, PMTbJOFF9VqieMN8fTj.csHigh entropy of concatenated method names: 'cnqpejnc0L', 'OqYpz1lbpc', 'frs8DQNy7w', 'XcP8FjtbE7', 'mIs8R2Gp8S', 'fqd8mkAKji', 'hFS8CVblvF', 'ohy8fQr5P3', 'm3986EZem6', 'YNZ8EVjtZD'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, f3Yba4t0pyQkgVELPJ.csHigh entropy of concatenated method names: 'SBflqWb6x2', 'UaKlTCxnkN', 'khsl0c8WNX', 'vublBN1Iwu', 'qUplGZmway', 'yVYlKQAq79', 'Ja0lJ4wABI', 'QIqlY04F3d', 'hPIlH7diAw', 'jHHlknGbf8'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, RQ9jL2FRBETJWZI5AS1.csHigh entropy of concatenated method names: 'ToString', 'o1885IkJ99', 'gBh8WAkQrX', 'tqk8ZLbRmb', 'E4u8qDqJXn', 'Cbb8TPhAcK', 'eKO8001HN9', 'DI78BHitZU', 'Jh4yn9vRyFvZUYBSkZf', 'o18dyFvVSXrxdj45OVc'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, JXVxiOvXg1hXYrWXoH.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'IdwRtZ1U7d', 'BisReJFCRC', 'Fb5RzpH33m', 'EvkmDDYEON', 'NAfmFdZXl2', 'HPdmRirHwn', 'gAZmmJPteW', 'XHN9joVyitMNj2TPH1F'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, mQBPIdRBk5sp5Qnmjl.csHigh entropy of concatenated method names: 'd9FPORWyw', 'LUn3XqL3E', 's38oALFwE', 'NdRLsOew5', 'yGuW20nME', 'EPuZjFFJ2', 'SypIlmIjaEJCL3iOm5', 'yloYY2PUJVfqDZucyh', 'Rv4MLTkbg', 'BIfpdR9jW'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, B9a7h8uOFwBYf5ljVD.csHigh entropy of concatenated method names: 'tlRa5E34J9', 'lsDaWA26F9', 'SDIaq1VreI', 'K12aTfK6xb', 'WZPaB1opZd', 'duCaGSMIJs', 'axVaJ2ZODa', 'uZJaYZdwEb', 'baFakw5yir', 'zh8ab3TUpH'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, x0qSeseLrpypP14Uit.csHigh entropy of concatenated method names: 'n6UpvTWtbx', 'o1xpOMD3yl', 'Hrmp9435Qt', 'bgSpxofM0u', 'k6cplsRQ0h', 'r0OpNL2xGn', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, wrMdch5HB7Tc50IT9T.csHigh entropy of concatenated method names: 'q27EVBRDOr', 'U3PEyJcNav', 'ekNEsTOqUK', 'dKwE19HN8h', 'rZnE2ZlMth', 'AgkEjbVYyD', 'MMHEUybaoZ', 'N5tEd29RAW', 'UjVEt6e83t', 'pUGEeV4Vc2'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, eXkock1Zfnx66HvhOK.csHigh entropy of concatenated method names: 'Ns3I4WLSuG', 'TixIwBOviW', 'ToString', 'PgoI6fVgFi', 'TuyIELQf5i', 'TKjIvoLsjC', 'z2WIOOKRtK', 'P3QI9IPOTc', 'RTiIxCvTlW', 'XfmINMJKbg'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, wULDeENZLMS9NMTbHD.csHigh entropy of concatenated method names: 'JagmfFcOAR', 'nLmm6yhVr6', 'iHXmEulIUF', 'xQcmvmp6bC', 'PS9mOTD3Mg', 'coIm9cdgsu', 'BF1mxJEQT8', 'ijImNo3pkd', 'jOSmcux6C6', 'qOTm4tgBkj'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, hZ6MfcqC7KDyU1V4H4.csHigh entropy of concatenated method names: 'slc9fbU1bu', 'erY9E4kpYH', 'Gq49O1RDrt', 'X4a9xSl7y8', 'aWU9NcSFNq', 'CVhO2nLFkq', 'nRyOjFhECV', 'aN4OUTbHSn', 'rKNOdMSbMG', 'kFIOttrJT3'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, t9jUShFCp6D7l4ksAvS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ewSnlrygh0', 'MLXnpBJ23g', 'ikIn8DpLjl', 'HnwnnHIuwI', 'fr6n7D6M3O', 'f0KnXdMkNy', 'iCjnS89NEF'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, WKNiKyjCQRj50YGvwN.csHigh entropy of concatenated method names: 'oCJIdLJ3TT', 'E5uIeQLVlZ', 'VgeMD0O4GL', 'P2nMFOTaAg', 'X6mIbs5GAs', 'dFPIgmAhJI', 'bWlIugjSrr', 'gD3IV6TGB3', 'VriIyPWZZf', 'SAaIs0vnVk'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, y71QDYVZGNsag8ISdS.csHigh entropy of concatenated method names: 'praAko3EoC', 'niTAgqQdDT', 'hfWAVIGMbE', 'bOOAyW8Ljb', 'BQTATp61DJ', 'bH6A0IU0dW', 'ktGABLhlTA', 'VJYAGvlnEP', 'TLlAKyuob8', 'picAJk5uTc'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, ENcYTFWYpZ7S9btVqL.csHigh entropy of concatenated method names: 'o35v3AFZUU', 'elcvoJD2qU', 'maFv51Jh57', 'vgcvW1gbTX', 'j9YvAR1rHA', 'DUBvhXAjEO', 'YATvI878Wf', 'LaTvMWwT6R', 'gMfvls84Ff', 'NxIvpaPRNd'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, EwiekBUlsgqwwAigcd.csHigh entropy of concatenated method names: 'RI9lAQIMFB', 'UtSlI1o2mQ', 'dqTllNFSrm', 'JP4l8wA2vS', 'CLXl7Zxe3S', 'naKlSkGo6C', 'Dispose', 'V7tM6Xxbku', 'cQoMEacVPj', 'UK7MvtMxNZ'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, Qm7hkuCZ7uPJ5a6ql5.csHigh entropy of concatenated method names: 'aeXFxrMdch', 'MB7FNTc50I', 'bYpF4Z7S9b', 'YVqFwL5XNL', 'If6FAsCOZ6', 'qfcFhC7KDy', 'V9yZkvjYEh6sFuCK1R', 'R9NeKJqmLo4NPCWaal', 'H6WRFMw0KIAgyxA5tP', 'wuaFFNculu'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, roox3LFDaLvP5n78K80.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hhdpbLW7Ks', 'uxbpgBA8KJ', 'x1Gpu3w8eK', 'bMdpVExIcr', 'nBRpyEtFxZ', 'mb8pseA6X5', 'QGYp1wt6vg'
                Source: 1.2.ulQGCeP6wq.exe.3b50f48.3.raw.unpack, Jd32sZHHSgVeVOWkia.csHigh entropy of concatenated method names: 'B3txrNAoiH', 'axGxiSY856', 'gJcxPxR5Q8', 'mV1x3TVRee', 'zb0xQVymxl', 'AvLxoYl6fQ', 'DvRxLVa3FM', 'jYDx59LAIn', 'sMVxWRuPKA', 'xnGxZkaU4E'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, rhY12vEBJe5xyjSaVD.csHigh entropy of concatenated method names: 'Dispose', 'PqwFtwAigc', 'uD5RTfpsTj', 'UcMyifalwf', 'WNlFeL9jvc', 'Di2FzTZlB6', 'ProcessDialogKey', 'ef6RD3Yba4', 'IpyRFQkgVE', 'CPJRRr0qSe'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, uEIIKizbZL6xt4lhbO.csHigh entropy of concatenated method names: 'X5tpoBZFFv', 'ciVp5LM6M2', 'PTCpWem2nN', 'rX9pqWmosy', 'cwQpT5GgS1', 'YV4pB7JY1C', 'l49pGpUQsH', 'qFLpSdCVxX', 'Bjfpri43bh', 'K9LpiYHKi2'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, ri2JkIKpcigWpVhmrP.csHigh entropy of concatenated method names: 'dPR9sIONpM', 'aVt910dxyr', 'WMC92N07rX', 'ToString', 'MFd9jVAWeG', 'vqH9Un6V71', 'uo5U8jBtfk4NpZgo50w', 'qLwvYABpN9Gs6FEruKf'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, EXNLokZc8TQYdBf6sC.csHigh entropy of concatenated method names: 'JcsOQIeZ3l', 'D2nOLnf4EV', 'bkHv0LvvKH', 'SR5vB0XSbw', 'eIavG67RfF', 'nKXvKPlrjU', 'xbCvJlnTbB', 'GBcvYJ1E6R', 'UVhvHPHguU', 'zqIvknMh2u'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, PMTbJOFF9VqieMN8fTj.csHigh entropy of concatenated method names: 'cnqpejnc0L', 'OqYpz1lbpc', 'frs8DQNy7w', 'XcP8FjtbE7', 'mIs8R2Gp8S', 'fqd8mkAKji', 'hFS8CVblvF', 'ohy8fQr5P3', 'm3986EZem6', 'YNZ8EVjtZD'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, f3Yba4t0pyQkgVELPJ.csHigh entropy of concatenated method names: 'SBflqWb6x2', 'UaKlTCxnkN', 'khsl0c8WNX', 'vublBN1Iwu', 'qUplGZmway', 'yVYlKQAq79', 'Ja0lJ4wABI', 'QIqlY04F3d', 'hPIlH7diAw', 'jHHlknGbf8'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, RQ9jL2FRBETJWZI5AS1.csHigh entropy of concatenated method names: 'ToString', 'o1885IkJ99', 'gBh8WAkQrX', 'tqk8ZLbRmb', 'E4u8qDqJXn', 'Cbb8TPhAcK', 'eKO8001HN9', 'DI78BHitZU', 'Jh4yn9vRyFvZUYBSkZf', 'o18dyFvVSXrxdj45OVc'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, JXVxiOvXg1hXYrWXoH.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'IdwRtZ1U7d', 'BisReJFCRC', 'Fb5RzpH33m', 'EvkmDDYEON', 'NAfmFdZXl2', 'HPdmRirHwn', 'gAZmmJPteW', 'XHN9joVyitMNj2TPH1F'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, mQBPIdRBk5sp5Qnmjl.csHigh entropy of concatenated method names: 'd9FPORWyw', 'LUn3XqL3E', 's38oALFwE', 'NdRLsOew5', 'yGuW20nME', 'EPuZjFFJ2', 'SypIlmIjaEJCL3iOm5', 'yloYY2PUJVfqDZucyh', 'Rv4MLTkbg', 'BIfpdR9jW'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, B9a7h8uOFwBYf5ljVD.csHigh entropy of concatenated method names: 'tlRa5E34J9', 'lsDaWA26F9', 'SDIaq1VreI', 'K12aTfK6xb', 'WZPaB1opZd', 'duCaGSMIJs', 'axVaJ2ZODa', 'uZJaYZdwEb', 'baFakw5yir', 'zh8ab3TUpH'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, x0qSeseLrpypP14Uit.csHigh entropy of concatenated method names: 'n6UpvTWtbx', 'o1xpOMD3yl', 'Hrmp9435Qt', 'bgSpxofM0u', 'k6cplsRQ0h', 'r0OpNL2xGn', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, wrMdch5HB7Tc50IT9T.csHigh entropy of concatenated method names: 'q27EVBRDOr', 'U3PEyJcNav', 'ekNEsTOqUK', 'dKwE19HN8h', 'rZnE2ZlMth', 'AgkEjbVYyD', 'MMHEUybaoZ', 'N5tEd29RAW', 'UjVEt6e83t', 'pUGEeV4Vc2'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, eXkock1Zfnx66HvhOK.csHigh entropy of concatenated method names: 'Ns3I4WLSuG', 'TixIwBOviW', 'ToString', 'PgoI6fVgFi', 'TuyIELQf5i', 'TKjIvoLsjC', 'z2WIOOKRtK', 'P3QI9IPOTc', 'RTiIxCvTlW', 'XfmINMJKbg'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, wULDeENZLMS9NMTbHD.csHigh entropy of concatenated method names: 'JagmfFcOAR', 'nLmm6yhVr6', 'iHXmEulIUF', 'xQcmvmp6bC', 'PS9mOTD3Mg', 'coIm9cdgsu', 'BF1mxJEQT8', 'ijImNo3pkd', 'jOSmcux6C6', 'qOTm4tgBkj'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, hZ6MfcqC7KDyU1V4H4.csHigh entropy of concatenated method names: 'slc9fbU1bu', 'erY9E4kpYH', 'Gq49O1RDrt', 'X4a9xSl7y8', 'aWU9NcSFNq', 'CVhO2nLFkq', 'nRyOjFhECV', 'aN4OUTbHSn', 'rKNOdMSbMG', 'kFIOttrJT3'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, t9jUShFCp6D7l4ksAvS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ewSnlrygh0', 'MLXnpBJ23g', 'ikIn8DpLjl', 'HnwnnHIuwI', 'fr6n7D6M3O', 'f0KnXdMkNy', 'iCjnS89NEF'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, WKNiKyjCQRj50YGvwN.csHigh entropy of concatenated method names: 'oCJIdLJ3TT', 'E5uIeQLVlZ', 'VgeMD0O4GL', 'P2nMFOTaAg', 'X6mIbs5GAs', 'dFPIgmAhJI', 'bWlIugjSrr', 'gD3IV6TGB3', 'VriIyPWZZf', 'SAaIs0vnVk'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, y71QDYVZGNsag8ISdS.csHigh entropy of concatenated method names: 'praAko3EoC', 'niTAgqQdDT', 'hfWAVIGMbE', 'bOOAyW8Ljb', 'BQTATp61DJ', 'bH6A0IU0dW', 'ktGABLhlTA', 'VJYAGvlnEP', 'TLlAKyuob8', 'picAJk5uTc'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, ENcYTFWYpZ7S9btVqL.csHigh entropy of concatenated method names: 'o35v3AFZUU', 'elcvoJD2qU', 'maFv51Jh57', 'vgcvW1gbTX', 'j9YvAR1rHA', 'DUBvhXAjEO', 'YATvI878Wf', 'LaTvMWwT6R', 'gMfvls84Ff', 'NxIvpaPRNd'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, EwiekBUlsgqwwAigcd.csHigh entropy of concatenated method names: 'RI9lAQIMFB', 'UtSlI1o2mQ', 'dqTllNFSrm', 'JP4l8wA2vS', 'CLXl7Zxe3S', 'naKlSkGo6C', 'Dispose', 'V7tM6Xxbku', 'cQoMEacVPj', 'UK7MvtMxNZ'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, Qm7hkuCZ7uPJ5a6ql5.csHigh entropy of concatenated method names: 'aeXFxrMdch', 'MB7FNTc50I', 'bYpF4Z7S9b', 'YVqFwL5XNL', 'If6FAsCOZ6', 'qfcFhC7KDy', 'V9yZkvjYEh6sFuCK1R', 'R9NeKJqmLo4NPCWaal', 'H6WRFMw0KIAgyxA5tP', 'wuaFFNculu'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, roox3LFDaLvP5n78K80.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hhdpbLW7Ks', 'uxbpgBA8KJ', 'x1Gpu3w8eK', 'bMdpVExIcr', 'nBRpyEtFxZ', 'mb8pseA6X5', 'QGYp1wt6vg'
                Source: 1.2.ulQGCeP6wq.exe.6f80000.5.raw.unpack, Jd32sZHHSgVeVOWkia.csHigh entropy of concatenated method names: 'B3txrNAoiH', 'axGxiSY856', 'gJcxPxR5Q8', 'mV1x3TVRee', 'zb0xQVymxl', 'AvLxoYl6fQ', 'DvRxLVa3FM', 'jYDx59LAIn', 'sMVxWRuPKA', 'xnGxZkaU4E'
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: ulQGCeP6wq.exe PID: 7236, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\wiaacmgr.exeAPI/Special instruction interceptor: Address: 7FF9B762D324
                Source: C:\Windows\SysWOW64\wiaacmgr.exeAPI/Special instruction interceptor: Address: 7FF9B762D7E4
                Source: C:\Windows\SysWOW64\wiaacmgr.exeAPI/Special instruction interceptor: Address: 7FF9B762D944
                Source: C:\Windows\SysWOW64\wiaacmgr.exeAPI/Special instruction interceptor: Address: 7FF9B762D504
                Source: C:\Windows\SysWOW64\wiaacmgr.exeAPI/Special instruction interceptor: Address: 7FF9B762D544
                Source: C:\Windows\SysWOW64\wiaacmgr.exeAPI/Special instruction interceptor: Address: 7FF9B762D1E4
                Source: C:\Windows\SysWOW64\wiaacmgr.exeAPI/Special instruction interceptor: Address: 7FF9B7630154
                Source: C:\Windows\SysWOW64\wiaacmgr.exeAPI/Special instruction interceptor: Address: 7FF9B762DA44
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeMemory allocated: 26F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeMemory allocated: 28D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeMemory allocated: 2710000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeMemory allocated: 8CD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeMemory allocated: 7570000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeMemory allocated: 9CD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeMemory allocated: ACD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0114096E rdtsc 3_2_0114096E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeWindow / User API: threadDelayed 9809Jump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\wiaacmgr.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exe TID: 7240Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exe TID: 7308Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exe TID: 1436Thread sleep count: 163 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exe TID: 1436Thread sleep time: -326000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exe TID: 1436Thread sleep count: 9809 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exe TID: 1436Thread sleep time: -19618000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exe TID: 2616Thread sleep time: -80000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exe TID: 2616Thread sleep count: 40 > 30Jump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exe TID: 2616Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exe TID: 2616Thread sleep count: 40 > 30Jump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exe TID: 2616Thread sleep time: -40000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\wiaacmgr.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\wiaacmgr.exeCode function: 13_2_02A6CDD0 FindFirstFileW,FindNextFileW,FindClose,13_2_02A6CDD0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeThread delayed: delay time: 30000Jump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 5gR5588.13.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
                Source: 5gR5588.13.drBinary or memory string: discord.comVMware20,11696494690f
                Source: 5gR5588.13.drBinary or memory string: AMC password management pageVMware20,11696494690
                Source: 5gR5588.13.drBinary or memory string: outlook.office.comVMware20,11696494690s
                Source: 5gR5588.13.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                Source: 5gR5588.13.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                Source: 5gR5588.13.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                Source: 5gR5588.13.drBinary or memory string: interactivebrokers.comVMware20,11696494690
                Source: 5gR5588.13.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                Source: 5gR5588.13.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                Source: 5gR5588.13.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                Source: 5gR5588.13.drBinary or memory string: outlook.office365.comVMware20,11696494690t
                Source: 5gR5588.13.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                Source: L2mAf1MzZG7.exe, 0000000E.00000002.3451817117.0000000000809000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllh
                Source: 5gR5588.13.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                Source: 5gR5588.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                Source: 5gR5588.13.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                Source: 5gR5588.13.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                Source: firefox.exe, 0000000F.00000002.1682707855.000002013286C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 5gR5588.13.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                Source: 5gR5588.13.drBinary or memory string: tasks.office.comVMware20,11696494690o
                Source: 5gR5588.13.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                Source: 5gR5588.13.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                Source: 5gR5588.13.drBinary or memory string: dev.azure.comVMware20,11696494690j
                Source: 5gR5588.13.drBinary or memory string: global block list test formVMware20,11696494690
                Source: 5gR5588.13.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                Source: wiaacmgr.exe, 0000000D.00000002.3451033841.0000000002DFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.'@l
                Source: 5gR5588.13.drBinary or memory string: bankofamerica.comVMware20,11696494690x
                Source: 5gR5588.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                Source: 5gR5588.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                Source: 5gR5588.13.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                Source: 5gR5588.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                Source: 5gR5588.13.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                Source: 5gR5588.13.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0114096E rdtsc 3_2_0114096E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_00418133 LdrLoadDll,3_2_00418133
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AA118 mov ecx, dword ptr fs:[00000030h]3_2_011AA118
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AA118 mov eax, dword ptr fs:[00000030h]3_2_011AA118
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AA118 mov eax, dword ptr fs:[00000030h]3_2_011AA118
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AA118 mov eax, dword ptr fs:[00000030h]3_2_011AA118
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C0115 mov eax, dword ptr fs:[00000030h]3_2_011C0115
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE10E mov eax, dword ptr fs:[00000030h]3_2_011AE10E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE10E mov ecx, dword ptr fs:[00000030h]3_2_011AE10E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE10E mov eax, dword ptr fs:[00000030h]3_2_011AE10E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE10E mov eax, dword ptr fs:[00000030h]3_2_011AE10E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE10E mov ecx, dword ptr fs:[00000030h]3_2_011AE10E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE10E mov eax, dword ptr fs:[00000030h]3_2_011AE10E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE10E mov eax, dword ptr fs:[00000030h]3_2_011AE10E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE10E mov ecx, dword ptr fs:[00000030h]3_2_011AE10E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE10E mov eax, dword ptr fs:[00000030h]3_2_011AE10E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE10E mov ecx, dword ptr fs:[00000030h]3_2_011AE10E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01130124 mov eax, dword ptr fs:[00000030h]3_2_01130124
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01198158 mov eax, dword ptr fs:[00000030h]3_2_01198158
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01106154 mov eax, dword ptr fs:[00000030h]3_2_01106154
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01106154 mov eax, dword ptr fs:[00000030h]3_2_01106154
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FC156 mov eax, dword ptr fs:[00000030h]3_2_010FC156
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01194144 mov eax, dword ptr fs:[00000030h]3_2_01194144
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01194144 mov eax, dword ptr fs:[00000030h]3_2_01194144
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01194144 mov ecx, dword ptr fs:[00000030h]3_2_01194144
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01194144 mov eax, dword ptr fs:[00000030h]3_2_01194144
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01194144 mov eax, dword ptr fs:[00000030h]3_2_01194144
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118019F mov eax, dword ptr fs:[00000030h]3_2_0118019F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118019F mov eax, dword ptr fs:[00000030h]3_2_0118019F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118019F mov eax, dword ptr fs:[00000030h]3_2_0118019F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118019F mov eax, dword ptr fs:[00000030h]3_2_0118019F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01140185 mov eax, dword ptr fs:[00000030h]3_2_01140185
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011BC188 mov eax, dword ptr fs:[00000030h]3_2_011BC188
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011BC188 mov eax, dword ptr fs:[00000030h]3_2_011BC188
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FA197 mov eax, dword ptr fs:[00000030h]3_2_010FA197
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FA197 mov eax, dword ptr fs:[00000030h]3_2_010FA197
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FA197 mov eax, dword ptr fs:[00000030h]3_2_010FA197
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A4180 mov eax, dword ptr fs:[00000030h]3_2_011A4180
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A4180 mov eax, dword ptr fs:[00000030h]3_2_011A4180
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E1D0 mov eax, dword ptr fs:[00000030h]3_2_0117E1D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E1D0 mov eax, dword ptr fs:[00000030h]3_2_0117E1D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0117E1D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E1D0 mov eax, dword ptr fs:[00000030h]3_2_0117E1D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E1D0 mov eax, dword ptr fs:[00000030h]3_2_0117E1D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C61C3 mov eax, dword ptr fs:[00000030h]3_2_011C61C3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C61C3 mov eax, dword ptr fs:[00000030h]3_2_011C61C3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011301F8 mov eax, dword ptr fs:[00000030h]3_2_011301F8
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D61E5 mov eax, dword ptr fs:[00000030h]3_2_011D61E5
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111E016 mov eax, dword ptr fs:[00000030h]3_2_0111E016
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111E016 mov eax, dword ptr fs:[00000030h]3_2_0111E016
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111E016 mov eax, dword ptr fs:[00000030h]3_2_0111E016
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111E016 mov eax, dword ptr fs:[00000030h]3_2_0111E016
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01184000 mov ecx, dword ptr fs:[00000030h]3_2_01184000
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A2000 mov eax, dword ptr fs:[00000030h]3_2_011A2000
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A2000 mov eax, dword ptr fs:[00000030h]3_2_011A2000
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A2000 mov eax, dword ptr fs:[00000030h]3_2_011A2000
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A2000 mov eax, dword ptr fs:[00000030h]3_2_011A2000
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A2000 mov eax, dword ptr fs:[00000030h]3_2_011A2000
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A2000 mov eax, dword ptr fs:[00000030h]3_2_011A2000
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A2000 mov eax, dword ptr fs:[00000030h]3_2_011A2000
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A2000 mov eax, dword ptr fs:[00000030h]3_2_011A2000
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01196030 mov eax, dword ptr fs:[00000030h]3_2_01196030
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FA020 mov eax, dword ptr fs:[00000030h]3_2_010FA020
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FC020 mov eax, dword ptr fs:[00000030h]3_2_010FC020
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01102050 mov eax, dword ptr fs:[00000030h]3_2_01102050
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01186050 mov eax, dword ptr fs:[00000030h]3_2_01186050
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112C073 mov eax, dword ptr fs:[00000030h]3_2_0112C073
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110208A mov eax, dword ptr fs:[00000030h]3_2_0110208A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C60B8 mov eax, dword ptr fs:[00000030h]3_2_011C60B8
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C60B8 mov ecx, dword ptr fs:[00000030h]3_2_011C60B8
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011980A8 mov eax, dword ptr fs:[00000030h]3_2_011980A8
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011820DE mov eax, dword ptr fs:[00000030h]3_2_011820DE
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011420F0 mov ecx, dword ptr fs:[00000030h]3_2_011420F0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FA0E3 mov ecx, dword ptr fs:[00000030h]3_2_010FA0E3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011860E0 mov eax, dword ptr fs:[00000030h]3_2_011860E0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011080E9 mov eax, dword ptr fs:[00000030h]3_2_011080E9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FC0F0 mov eax, dword ptr fs:[00000030h]3_2_010FC0F0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01120310 mov ecx, dword ptr fs:[00000030h]3_2_01120310
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A30B mov eax, dword ptr fs:[00000030h]3_2_0113A30B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A30B mov eax, dword ptr fs:[00000030h]3_2_0113A30B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A30B mov eax, dword ptr fs:[00000030h]3_2_0113A30B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FC310 mov ecx, dword ptr fs:[00000030h]3_2_010FC310
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118035C mov eax, dword ptr fs:[00000030h]3_2_0118035C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118035C mov eax, dword ptr fs:[00000030h]3_2_0118035C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118035C mov eax, dword ptr fs:[00000030h]3_2_0118035C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118035C mov ecx, dword ptr fs:[00000030h]3_2_0118035C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118035C mov eax, dword ptr fs:[00000030h]3_2_0118035C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118035C mov eax, dword ptr fs:[00000030h]3_2_0118035C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A8350 mov ecx, dword ptr fs:[00000030h]3_2_011A8350
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CA352 mov eax, dword ptr fs:[00000030h]3_2_011CA352
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01182349 mov eax, dword ptr fs:[00000030h]3_2_01182349
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A437C mov eax, dword ptr fs:[00000030h]3_2_011A437C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FE388 mov eax, dword ptr fs:[00000030h]3_2_010FE388
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FE388 mov eax, dword ptr fs:[00000030h]3_2_010FE388
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FE388 mov eax, dword ptr fs:[00000030h]3_2_010FE388
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010F8397 mov eax, dword ptr fs:[00000030h]3_2_010F8397
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010F8397 mov eax, dword ptr fs:[00000030h]3_2_010F8397
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010F8397 mov eax, dword ptr fs:[00000030h]3_2_010F8397
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112438F mov eax, dword ptr fs:[00000030h]3_2_0112438F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112438F mov eax, dword ptr fs:[00000030h]3_2_0112438F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE3DB mov eax, dword ptr fs:[00000030h]3_2_011AE3DB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE3DB mov eax, dword ptr fs:[00000030h]3_2_011AE3DB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE3DB mov ecx, dword ptr fs:[00000030h]3_2_011AE3DB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AE3DB mov eax, dword ptr fs:[00000030h]3_2_011AE3DB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A43D4 mov eax, dword ptr fs:[00000030h]3_2_011A43D4
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A43D4 mov eax, dword ptr fs:[00000030h]3_2_011A43D4
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h]3_2_0110A3C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h]3_2_0110A3C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h]3_2_0110A3C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h]3_2_0110A3C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h]3_2_0110A3C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A3C0 mov eax, dword ptr fs:[00000030h]3_2_0110A3C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011083C0 mov eax, dword ptr fs:[00000030h]3_2_011083C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011083C0 mov eax, dword ptr fs:[00000030h]3_2_011083C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011083C0 mov eax, dword ptr fs:[00000030h]3_2_011083C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011083C0 mov eax, dword ptr fs:[00000030h]3_2_011083C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011BC3CD mov eax, dword ptr fs:[00000030h]3_2_011BC3CD
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011863C0 mov eax, dword ptr fs:[00000030h]3_2_011863C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111E3F0 mov eax, dword ptr fs:[00000030h]3_2_0111E3F0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111E3F0 mov eax, dword ptr fs:[00000030h]3_2_0111E3F0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111E3F0 mov eax, dword ptr fs:[00000030h]3_2_0111E3F0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011363FF mov eax, dword ptr fs:[00000030h]3_2_011363FF
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h]3_2_011103E9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h]3_2_011103E9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h]3_2_011103E9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h]3_2_011103E9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h]3_2_011103E9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h]3_2_011103E9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h]3_2_011103E9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011103E9 mov eax, dword ptr fs:[00000030h]3_2_011103E9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010F823B mov eax, dword ptr fs:[00000030h]3_2_010F823B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01106259 mov eax, dword ptr fs:[00000030h]3_2_01106259
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011BA250 mov eax, dword ptr fs:[00000030h]3_2_011BA250
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011BA250 mov eax, dword ptr fs:[00000030h]3_2_011BA250
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01188243 mov eax, dword ptr fs:[00000030h]3_2_01188243
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01188243 mov ecx, dword ptr fs:[00000030h]3_2_01188243
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FA250 mov eax, dword ptr fs:[00000030h]3_2_010FA250
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010F826B mov eax, dword ptr fs:[00000030h]3_2_010F826B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B0274 mov eax, dword ptr fs:[00000030h]3_2_011B0274
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01104260 mov eax, dword ptr fs:[00000030h]3_2_01104260
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01104260 mov eax, dword ptr fs:[00000030h]3_2_01104260
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01104260 mov eax, dword ptr fs:[00000030h]3_2_01104260
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E284 mov eax, dword ptr fs:[00000030h]3_2_0113E284
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E284 mov eax, dword ptr fs:[00000030h]3_2_0113E284
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01180283 mov eax, dword ptr fs:[00000030h]3_2_01180283
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01180283 mov eax, dword ptr fs:[00000030h]3_2_01180283
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01180283 mov eax, dword ptr fs:[00000030h]3_2_01180283
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011102A0 mov eax, dword ptr fs:[00000030h]3_2_011102A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011102A0 mov eax, dword ptr fs:[00000030h]3_2_011102A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011962A0 mov eax, dword ptr fs:[00000030h]3_2_011962A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011962A0 mov ecx, dword ptr fs:[00000030h]3_2_011962A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011962A0 mov eax, dword ptr fs:[00000030h]3_2_011962A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011962A0 mov eax, dword ptr fs:[00000030h]3_2_011962A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011962A0 mov eax, dword ptr fs:[00000030h]3_2_011962A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011962A0 mov eax, dword ptr fs:[00000030h]3_2_011962A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A2C3 mov eax, dword ptr fs:[00000030h]3_2_0110A2C3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A2C3 mov eax, dword ptr fs:[00000030h]3_2_0110A2C3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A2C3 mov eax, dword ptr fs:[00000030h]3_2_0110A2C3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A2C3 mov eax, dword ptr fs:[00000030h]3_2_0110A2C3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A2C3 mov eax, dword ptr fs:[00000030h]3_2_0110A2C3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011102E1 mov eax, dword ptr fs:[00000030h]3_2_011102E1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011102E1 mov eax, dword ptr fs:[00000030h]3_2_011102E1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011102E1 mov eax, dword ptr fs:[00000030h]3_2_011102E1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01196500 mov eax, dword ptr fs:[00000030h]3_2_01196500
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h]3_2_011D4500
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h]3_2_011D4500
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h]3_2_011D4500
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h]3_2_011D4500
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h]3_2_011D4500
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h]3_2_011D4500
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D4500 mov eax, dword ptr fs:[00000030h]3_2_011D4500
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110535 mov eax, dword ptr fs:[00000030h]3_2_01110535
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110535 mov eax, dword ptr fs:[00000030h]3_2_01110535
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110535 mov eax, dword ptr fs:[00000030h]3_2_01110535
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110535 mov eax, dword ptr fs:[00000030h]3_2_01110535
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110535 mov eax, dword ptr fs:[00000030h]3_2_01110535
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110535 mov eax, dword ptr fs:[00000030h]3_2_01110535
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E53E mov eax, dword ptr fs:[00000030h]3_2_0112E53E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E53E mov eax, dword ptr fs:[00000030h]3_2_0112E53E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E53E mov eax, dword ptr fs:[00000030h]3_2_0112E53E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E53E mov eax, dword ptr fs:[00000030h]3_2_0112E53E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E53E mov eax, dword ptr fs:[00000030h]3_2_0112E53E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01108550 mov eax, dword ptr fs:[00000030h]3_2_01108550
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01108550 mov eax, dword ptr fs:[00000030h]3_2_01108550
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113656A mov eax, dword ptr fs:[00000030h]3_2_0113656A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113656A mov eax, dword ptr fs:[00000030h]3_2_0113656A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113656A mov eax, dword ptr fs:[00000030h]3_2_0113656A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E59C mov eax, dword ptr fs:[00000030h]3_2_0113E59C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01102582 mov eax, dword ptr fs:[00000030h]3_2_01102582
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01102582 mov ecx, dword ptr fs:[00000030h]3_2_01102582
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01134588 mov eax, dword ptr fs:[00000030h]3_2_01134588
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011245B1 mov eax, dword ptr fs:[00000030h]3_2_011245B1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011245B1 mov eax, dword ptr fs:[00000030h]3_2_011245B1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011805A7 mov eax, dword ptr fs:[00000030h]3_2_011805A7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011805A7 mov eax, dword ptr fs:[00000030h]3_2_011805A7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011805A7 mov eax, dword ptr fs:[00000030h]3_2_011805A7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011065D0 mov eax, dword ptr fs:[00000030h]3_2_011065D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A5D0 mov eax, dword ptr fs:[00000030h]3_2_0113A5D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A5D0 mov eax, dword ptr fs:[00000030h]3_2_0113A5D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E5CF mov eax, dword ptr fs:[00000030h]3_2_0113E5CF
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E5CF mov eax, dword ptr fs:[00000030h]3_2_0113E5CF
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011025E0 mov eax, dword ptr fs:[00000030h]3_2_011025E0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h]3_2_0112E5E7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h]3_2_0112E5E7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h]3_2_0112E5E7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h]3_2_0112E5E7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h]3_2_0112E5E7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h]3_2_0112E5E7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h]3_2_0112E5E7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E5E7 mov eax, dword ptr fs:[00000030h]3_2_0112E5E7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113C5ED mov eax, dword ptr fs:[00000030h]3_2_0113C5ED
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113C5ED mov eax, dword ptr fs:[00000030h]3_2_0113C5ED
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01138402 mov eax, dword ptr fs:[00000030h]3_2_01138402
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01138402 mov eax, dword ptr fs:[00000030h]3_2_01138402
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01138402 mov eax, dword ptr fs:[00000030h]3_2_01138402
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A430 mov eax, dword ptr fs:[00000030h]3_2_0113A430
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FC427 mov eax, dword ptr fs:[00000030h]3_2_010FC427
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FE420 mov eax, dword ptr fs:[00000030h]3_2_010FE420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FE420 mov eax, dword ptr fs:[00000030h]3_2_010FE420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FE420 mov eax, dword ptr fs:[00000030h]3_2_010FE420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01186420 mov eax, dword ptr fs:[00000030h]3_2_01186420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01186420 mov eax, dword ptr fs:[00000030h]3_2_01186420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01186420 mov eax, dword ptr fs:[00000030h]3_2_01186420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01186420 mov eax, dword ptr fs:[00000030h]3_2_01186420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01186420 mov eax, dword ptr fs:[00000030h]3_2_01186420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01186420 mov eax, dword ptr fs:[00000030h]3_2_01186420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01186420 mov eax, dword ptr fs:[00000030h]3_2_01186420
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112245A mov eax, dword ptr fs:[00000030h]3_2_0112245A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011BA456 mov eax, dword ptr fs:[00000030h]3_2_011BA456
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h]3_2_0113E443
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h]3_2_0113E443
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h]3_2_0113E443
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h]3_2_0113E443
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h]3_2_0113E443
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h]3_2_0113E443
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h]3_2_0113E443
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113E443 mov eax, dword ptr fs:[00000030h]3_2_0113E443
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010F645D mov eax, dword ptr fs:[00000030h]3_2_010F645D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112A470 mov eax, dword ptr fs:[00000030h]3_2_0112A470
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112A470 mov eax, dword ptr fs:[00000030h]3_2_0112A470
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112A470 mov eax, dword ptr fs:[00000030h]3_2_0112A470
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118C460 mov ecx, dword ptr fs:[00000030h]3_2_0118C460
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011BA49A mov eax, dword ptr fs:[00000030h]3_2_011BA49A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011344B0 mov ecx, dword ptr fs:[00000030h]3_2_011344B0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118A4B0 mov eax, dword ptr fs:[00000030h]3_2_0118A4B0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011064AB mov eax, dword ptr fs:[00000030h]3_2_011064AB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011004E5 mov ecx, dword ptr fs:[00000030h]3_2_011004E5
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01100710 mov eax, dword ptr fs:[00000030h]3_2_01100710
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01130710 mov eax, dword ptr fs:[00000030h]3_2_01130710
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113C700 mov eax, dword ptr fs:[00000030h]3_2_0113C700
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117C730 mov eax, dword ptr fs:[00000030h]3_2_0117C730
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113273C mov eax, dword ptr fs:[00000030h]3_2_0113273C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113273C mov ecx, dword ptr fs:[00000030h]3_2_0113273C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113273C mov eax, dword ptr fs:[00000030h]3_2_0113273C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113C720 mov eax, dword ptr fs:[00000030h]3_2_0113C720
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113C720 mov eax, dword ptr fs:[00000030h]3_2_0113C720
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01100750 mov eax, dword ptr fs:[00000030h]3_2_01100750
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142750 mov eax, dword ptr fs:[00000030h]3_2_01142750
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142750 mov eax, dword ptr fs:[00000030h]3_2_01142750
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118E75D mov eax, dword ptr fs:[00000030h]3_2_0118E75D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01184755 mov eax, dword ptr fs:[00000030h]3_2_01184755
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113674D mov esi, dword ptr fs:[00000030h]3_2_0113674D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113674D mov eax, dword ptr fs:[00000030h]3_2_0113674D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113674D mov eax, dword ptr fs:[00000030h]3_2_0113674D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01108770 mov eax, dword ptr fs:[00000030h]3_2_01108770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110770 mov eax, dword ptr fs:[00000030h]3_2_01110770
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A678E mov eax, dword ptr fs:[00000030h]3_2_011A678E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B47A0 mov eax, dword ptr fs:[00000030h]3_2_011B47A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011007AF mov eax, dword ptr fs:[00000030h]3_2_011007AF
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110C7C0 mov eax, dword ptr fs:[00000030h]3_2_0110C7C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011807C3 mov eax, dword ptr fs:[00000030h]3_2_011807C3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011047FB mov eax, dword ptr fs:[00000030h]3_2_011047FB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011047FB mov eax, dword ptr fs:[00000030h]3_2_011047FB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118E7E1 mov eax, dword ptr fs:[00000030h]3_2_0118E7E1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011227ED mov eax, dword ptr fs:[00000030h]3_2_011227ED
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011227ED mov eax, dword ptr fs:[00000030h]3_2_011227ED
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011227ED mov eax, dword ptr fs:[00000030h]3_2_011227ED
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01142619 mov eax, dword ptr fs:[00000030h]3_2_01142619
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111260B mov eax, dword ptr fs:[00000030h]3_2_0111260B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111260B mov eax, dword ptr fs:[00000030h]3_2_0111260B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111260B mov eax, dword ptr fs:[00000030h]3_2_0111260B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111260B mov eax, dword ptr fs:[00000030h]3_2_0111260B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111260B mov eax, dword ptr fs:[00000030h]3_2_0111260B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111260B mov eax, dword ptr fs:[00000030h]3_2_0111260B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111260B mov eax, dword ptr fs:[00000030h]3_2_0111260B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E609 mov eax, dword ptr fs:[00000030h]3_2_0117E609
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01136620 mov eax, dword ptr fs:[00000030h]3_2_01136620
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01138620 mov eax, dword ptr fs:[00000030h]3_2_01138620
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111E627 mov eax, dword ptr fs:[00000030h]3_2_0111E627
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110262C mov eax, dword ptr fs:[00000030h]3_2_0110262C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111C640 mov eax, dword ptr fs:[00000030h]3_2_0111C640
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01132674 mov eax, dword ptr fs:[00000030h]3_2_01132674
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C866E mov eax, dword ptr fs:[00000030h]3_2_011C866E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C866E mov eax, dword ptr fs:[00000030h]3_2_011C866E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A660 mov eax, dword ptr fs:[00000030h]3_2_0113A660
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A660 mov eax, dword ptr fs:[00000030h]3_2_0113A660
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01104690 mov eax, dword ptr fs:[00000030h]3_2_01104690
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01104690 mov eax, dword ptr fs:[00000030h]3_2_01104690
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011366B0 mov eax, dword ptr fs:[00000030h]3_2_011366B0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113C6A6 mov eax, dword ptr fs:[00000030h]3_2_0113C6A6
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0113A6C7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A6C7 mov eax, dword ptr fs:[00000030h]3_2_0113A6C7
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E6F2 mov eax, dword ptr fs:[00000030h]3_2_0117E6F2
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E6F2 mov eax, dword ptr fs:[00000030h]3_2_0117E6F2
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E6F2 mov eax, dword ptr fs:[00000030h]3_2_0117E6F2
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E6F2 mov eax, dword ptr fs:[00000030h]3_2_0117E6F2
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011806F1 mov eax, dword ptr fs:[00000030h]3_2_011806F1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011806F1 mov eax, dword ptr fs:[00000030h]3_2_011806F1
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118C912 mov eax, dword ptr fs:[00000030h]3_2_0118C912
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010F8918 mov eax, dword ptr fs:[00000030h]3_2_010F8918
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010F8918 mov eax, dword ptr fs:[00000030h]3_2_010F8918
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E908 mov eax, dword ptr fs:[00000030h]3_2_0117E908
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117E908 mov eax, dword ptr fs:[00000030h]3_2_0117E908
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118892A mov eax, dword ptr fs:[00000030h]3_2_0118892A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0119892B mov eax, dword ptr fs:[00000030h]3_2_0119892B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01180946 mov eax, dword ptr fs:[00000030h]3_2_01180946
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A4978 mov eax, dword ptr fs:[00000030h]3_2_011A4978
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A4978 mov eax, dword ptr fs:[00000030h]3_2_011A4978
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118C97C mov eax, dword ptr fs:[00000030h]3_2_0118C97C
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01126962 mov eax, dword ptr fs:[00000030h]3_2_01126962
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01126962 mov eax, dword ptr fs:[00000030h]3_2_01126962
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01126962 mov eax, dword ptr fs:[00000030h]3_2_01126962
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0114096E mov eax, dword ptr fs:[00000030h]3_2_0114096E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0114096E mov edx, dword ptr fs:[00000030h]3_2_0114096E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0114096E mov eax, dword ptr fs:[00000030h]3_2_0114096E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011889B3 mov esi, dword ptr fs:[00000030h]3_2_011889B3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011889B3 mov eax, dword ptr fs:[00000030h]3_2_011889B3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011889B3 mov eax, dword ptr fs:[00000030h]3_2_011889B3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011129A0 mov eax, dword ptr fs:[00000030h]3_2_011129A0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011009AD mov eax, dword ptr fs:[00000030h]3_2_011009AD
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011009AD mov eax, dword ptr fs:[00000030h]3_2_011009AD
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A9D0 mov eax, dword ptr fs:[00000030h]3_2_0110A9D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A9D0 mov eax, dword ptr fs:[00000030h]3_2_0110A9D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A9D0 mov eax, dword ptr fs:[00000030h]3_2_0110A9D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A9D0 mov eax, dword ptr fs:[00000030h]3_2_0110A9D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A9D0 mov eax, dword ptr fs:[00000030h]3_2_0110A9D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110A9D0 mov eax, dword ptr fs:[00000030h]3_2_0110A9D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011349D0 mov eax, dword ptr fs:[00000030h]3_2_011349D0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CA9D3 mov eax, dword ptr fs:[00000030h]3_2_011CA9D3
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011969C0 mov eax, dword ptr fs:[00000030h]3_2_011969C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011329F9 mov eax, dword ptr fs:[00000030h]3_2_011329F9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011329F9 mov eax, dword ptr fs:[00000030h]3_2_011329F9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118E9E0 mov eax, dword ptr fs:[00000030h]3_2_0118E9E0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118C810 mov eax, dword ptr fs:[00000030h]3_2_0118C810
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A483A mov eax, dword ptr fs:[00000030h]3_2_011A483A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A483A mov eax, dword ptr fs:[00000030h]3_2_011A483A
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113A830 mov eax, dword ptr fs:[00000030h]3_2_0113A830
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01122835 mov eax, dword ptr fs:[00000030h]3_2_01122835
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01122835 mov eax, dword ptr fs:[00000030h]3_2_01122835
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01122835 mov eax, dword ptr fs:[00000030h]3_2_01122835
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01122835 mov ecx, dword ptr fs:[00000030h]3_2_01122835
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01122835 mov eax, dword ptr fs:[00000030h]3_2_01122835
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01122835 mov eax, dword ptr fs:[00000030h]3_2_01122835
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01130854 mov eax, dword ptr fs:[00000030h]3_2_01130854
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01104859 mov eax, dword ptr fs:[00000030h]3_2_01104859
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01104859 mov eax, dword ptr fs:[00000030h]3_2_01104859
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01112840 mov ecx, dword ptr fs:[00000030h]3_2_01112840
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01196870 mov eax, dword ptr fs:[00000030h]3_2_01196870
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01196870 mov eax, dword ptr fs:[00000030h]3_2_01196870
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118E872 mov eax, dword ptr fs:[00000030h]3_2_0118E872
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118E872 mov eax, dword ptr fs:[00000030h]3_2_0118E872
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118C89D mov eax, dword ptr fs:[00000030h]3_2_0118C89D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01100887 mov eax, dword ptr fs:[00000030h]3_2_01100887
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112E8C0 mov eax, dword ptr fs:[00000030h]3_2_0112E8C0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113C8F9 mov eax, dword ptr fs:[00000030h]3_2_0113C8F9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113C8F9 mov eax, dword ptr fs:[00000030h]3_2_0113C8F9
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CA8E4 mov eax, dword ptr fs:[00000030h]3_2_011CA8E4
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117EB1D mov eax, dword ptr fs:[00000030h]3_2_0117EB1D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117EB1D mov eax, dword ptr fs:[00000030h]3_2_0117EB1D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117EB1D mov eax, dword ptr fs:[00000030h]3_2_0117EB1D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117EB1D mov eax, dword ptr fs:[00000030h]3_2_0117EB1D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117EB1D mov eax, dword ptr fs:[00000030h]3_2_0117EB1D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117EB1D mov eax, dword ptr fs:[00000030h]3_2_0117EB1D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117EB1D mov eax, dword ptr fs:[00000030h]3_2_0117EB1D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117EB1D mov eax, dword ptr fs:[00000030h]3_2_0117EB1D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117EB1D mov eax, dword ptr fs:[00000030h]3_2_0117EB1D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112EB20 mov eax, dword ptr fs:[00000030h]3_2_0112EB20
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112EB20 mov eax, dword ptr fs:[00000030h]3_2_0112EB20
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C8B28 mov eax, dword ptr fs:[00000030h]3_2_011C8B28
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011C8B28 mov eax, dword ptr fs:[00000030h]3_2_011C8B28
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AEB50 mov eax, dword ptr fs:[00000030h]3_2_011AEB50
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B4B4B mov eax, dword ptr fs:[00000030h]3_2_011B4B4B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B4B4B mov eax, dword ptr fs:[00000030h]3_2_011B4B4B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011A8B42 mov eax, dword ptr fs:[00000030h]3_2_011A8B42
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01196B40 mov eax, dword ptr fs:[00000030h]3_2_01196B40
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01196B40 mov eax, dword ptr fs:[00000030h]3_2_01196B40
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011CAB40 mov eax, dword ptr fs:[00000030h]3_2_011CAB40
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010FCB7E mov eax, dword ptr fs:[00000030h]3_2_010FCB7E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B4BB0 mov eax, dword ptr fs:[00000030h]3_2_011B4BB0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B4BB0 mov eax, dword ptr fs:[00000030h]3_2_011B4BB0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110BBE mov eax, dword ptr fs:[00000030h]3_2_01110BBE
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110BBE mov eax, dword ptr fs:[00000030h]3_2_01110BBE
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AEBD0 mov eax, dword ptr fs:[00000030h]3_2_011AEBD0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01120BCB mov eax, dword ptr fs:[00000030h]3_2_01120BCB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01120BCB mov eax, dword ptr fs:[00000030h]3_2_01120BCB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01120BCB mov eax, dword ptr fs:[00000030h]3_2_01120BCB
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01100BCD mov eax, dword ptr fs:[00000030h]3_2_01100BCD
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01100BCD mov eax, dword ptr fs:[00000030h]3_2_01100BCD
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01100BCD mov eax, dword ptr fs:[00000030h]3_2_01100BCD
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01108BF0 mov eax, dword ptr fs:[00000030h]3_2_01108BF0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01108BF0 mov eax, dword ptr fs:[00000030h]3_2_01108BF0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01108BF0 mov eax, dword ptr fs:[00000030h]3_2_01108BF0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118CBF0 mov eax, dword ptr fs:[00000030h]3_2_0118CBF0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112EBFC mov eax, dword ptr fs:[00000030h]3_2_0112EBFC
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0118CA11 mov eax, dword ptr fs:[00000030h]3_2_0118CA11
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01124A35 mov eax, dword ptr fs:[00000030h]3_2_01124A35
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01124A35 mov eax, dword ptr fs:[00000030h]3_2_01124A35
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113CA38 mov eax, dword ptr fs:[00000030h]3_2_0113CA38
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113CA24 mov eax, dword ptr fs:[00000030h]3_2_0113CA24
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0112EA2E mov eax, dword ptr fs:[00000030h]3_2_0112EA2E
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01106A50 mov eax, dword ptr fs:[00000030h]3_2_01106A50
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01106A50 mov eax, dword ptr fs:[00000030h]3_2_01106A50
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01106A50 mov eax, dword ptr fs:[00000030h]3_2_01106A50
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01106A50 mov eax, dword ptr fs:[00000030h]3_2_01106A50
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01106A50 mov eax, dword ptr fs:[00000030h]3_2_01106A50
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01106A50 mov eax, dword ptr fs:[00000030h]3_2_01106A50
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01106A50 mov eax, dword ptr fs:[00000030h]3_2_01106A50
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110A5B mov eax, dword ptr fs:[00000030h]3_2_01110A5B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01110A5B mov eax, dword ptr fs:[00000030h]3_2_01110A5B
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117CA72 mov eax, dword ptr fs:[00000030h]3_2_0117CA72
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0117CA72 mov eax, dword ptr fs:[00000030h]3_2_0117CA72
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011AEA60 mov eax, dword ptr fs:[00000030h]3_2_011AEA60
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113CA6F mov eax, dword ptr fs:[00000030h]3_2_0113CA6F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113CA6F mov eax, dword ptr fs:[00000030h]3_2_0113CA6F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113CA6F mov eax, dword ptr fs:[00000030h]3_2_0113CA6F
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01138A90 mov edx, dword ptr fs:[00000030h]3_2_01138A90
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110EA80 mov eax, dword ptr fs:[00000030h]3_2_0110EA80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110EA80 mov eax, dword ptr fs:[00000030h]3_2_0110EA80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110EA80 mov eax, dword ptr fs:[00000030h]3_2_0110EA80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110EA80 mov eax, dword ptr fs:[00000030h]3_2_0110EA80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110EA80 mov eax, dword ptr fs:[00000030h]3_2_0110EA80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110EA80 mov eax, dword ptr fs:[00000030h]3_2_0110EA80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110EA80 mov eax, dword ptr fs:[00000030h]3_2_0110EA80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110EA80 mov eax, dword ptr fs:[00000030h]3_2_0110EA80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0110EA80 mov eax, dword ptr fs:[00000030h]3_2_0110EA80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011D4A80 mov eax, dword ptr fs:[00000030h]3_2_011D4A80
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01108AA0 mov eax, dword ptr fs:[00000030h]3_2_01108AA0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01108AA0 mov eax, dword ptr fs:[00000030h]3_2_01108AA0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01156AA4 mov eax, dword ptr fs:[00000030h]3_2_01156AA4
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01100AD0 mov eax, dword ptr fs:[00000030h]3_2_01100AD0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01134AD0 mov eax, dword ptr fs:[00000030h]3_2_01134AD0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01134AD0 mov eax, dword ptr fs:[00000030h]3_2_01134AD0
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01156ACC mov eax, dword ptr fs:[00000030h]3_2_01156ACC
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01156ACC mov eax, dword ptr fs:[00000030h]3_2_01156ACC
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01156ACC mov eax, dword ptr fs:[00000030h]3_2_01156ACC
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113AAEE mov eax, dword ptr fs:[00000030h]3_2_0113AAEE
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0113AAEE mov eax, dword ptr fs:[00000030h]3_2_0113AAEE
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B8D10 mov eax, dword ptr fs:[00000030h]3_2_011B8D10
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_011B8D10 mov eax, dword ptr fs:[00000030h]3_2_011B8D10
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_01134D1D mov eax, dword ptr fs:[00000030h]3_2_01134D1D
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111AD00 mov eax, dword ptr fs:[00000030h]3_2_0111AD00
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111AD00 mov eax, dword ptr fs:[00000030h]3_2_0111AD00
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_0111AD00 mov eax, dword ptr fs:[00000030h]3_2_0111AD00
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeCode function: 3_2_010F6D10 mov eax, dword ptr fs:[00000030h]3_2_010F6D10
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtSetInformationThread: Direct from: 0x77D62B4CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtReadVirtualMemory: Direct from: 0x77D62E8CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtCreateKey: Direct from: 0x77D62C6CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtQueryAttributesFile: Direct from: 0x77D62E6CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtQuerySystemInformation: Direct from: 0x77D648CCJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtQueryVolumeInformationFile: Direct from: 0x77D62F2CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtAllocateVirtualMemory: Direct from: 0x77D648ECJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtOpenSection: Direct from: 0x77D62E0CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtDeviceIoControlFile: Direct from: 0x77D62AECJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtQuerySystemInformation: Direct from: 0x77D62DFCJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtReadFile: Direct from: 0x77D62ADCJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtDelayExecution: Direct from: 0x77D62DDCJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtQueryInformationProcess: Direct from: 0x77D62C26Jump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtResumeThread: Direct from: 0x77D62FBCJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtWriteVirtualMemory: Direct from: 0x77D6490CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtCreateUserProcess: Direct from: 0x77D6371CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtClose: Direct from: 0x77D62B6C
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtAllocateVirtualMemory: Direct from: 0x77D63C9CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtSetInformationProcess: Direct from: 0x77D62C5CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtProtectVirtualMemory: Direct from: 0x77D62F9CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtNotifyChangeKey: Direct from: 0x77D63C2CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtWriteVirtualMemory: Direct from: 0x77D62E3CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtSetInformationThread: Direct from: 0x77D563F9Jump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtUnmapViewOfSection: Direct from: 0x77D62D3CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtCreateMutant: Direct from: 0x77D635CCJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtResumeThread: Direct from: 0x77D636ACJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtMapViewOfSection: Direct from: 0x77D62D1CJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtProtectVirtualMemory: Direct from: 0x77D57B2EJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtAllocateVirtualMemory: Direct from: 0x77D62BFCJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtAllocateVirtualMemory: Direct from: 0x77D62BECJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtQueryInformationToken: Direct from: 0x77D62CACJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtCreateFile: Direct from: 0x77D62FECJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtOpenFile: Direct from: 0x77D62DCCJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtTerminateThread: Direct from: 0x77D62FCCJump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeNtOpenKeyEx: Direct from: 0x77D62B9CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeMemory written: C:\Users\user\Desktop\ulQGCeP6wq.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: NULL target: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeSection loaded: NULL target: C:\Windows\SysWOW64\wiaacmgr.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: NULL target: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: NULL target: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\wiaacmgr.exeThread register set: target process: 2904Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\wiaacmgr.exeThread APC queued: target process: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess created: C:\Users\user\Desktop\ulQGCeP6wq.exe "C:\Users\user\Desktop\ulQGCeP6wq.exe"Jump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeProcess created: C:\Users\user\Desktop\ulQGCeP6wq.exe "C:\Users\user\Desktop\ulQGCeP6wq.exe"Jump to behavior
                Source: C:\Program Files (x86)\xUCUmtELtCrpHMnqBbqXrfFXbKMIsIeaQuDWUHAtfEoOGPuDHTcAzmYfhzEvg\L2mAf1MzZG7.exeProcess created: C:\Windows\SysWOW64\wiaacmgr.exe "C:\Windows\SysWOW64\wiaacmgr.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: L2mAf1MzZG7.exe, 0000000C.00000000.1292628308.0000000001400000.00000002.00000001.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000C.00000002.3451650654.0000000001401000.00000002.00000001.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000000.1446331424.0000000000D71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: L2mAf1MzZG7.exe, 0000000C.00000000.1292628308.0000000001400000.00000002.00000001.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000C.00000002.3451650654.0000000001401000.00000002.00000001.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000000.1446331424.0000000000D71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: L2mAf1MzZG7.exe, 0000000C.00000000.1292628308.0000000001400000.00000002.00000001.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000C.00000002.3451650654.0000000001401000.00000002.00000001.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000000.1446331424.0000000000D71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: L2mAf1MzZG7.exe, 0000000C.00000000.1292628308.0000000001400000.00000002.00000001.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000C.00000002.3451650654.0000000001401000.00000002.00000001.00040000.00000000.sdmp, L2mAf1MzZG7.exe, 0000000E.00000000.1446331424.0000000000D71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeQueries volume information: C:\Users\user\Desktop\ulQGCeP6wq.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ulQGCeP6wq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.ulQGCeP6wq.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.ulQGCeP6wq.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1368864211.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3454308235.0000000004B60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3452631025.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3450449095.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1369494752.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3452552887.00000000048A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3452182714.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1372021275.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\wiaacmgr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\wiaacmgr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\wiaacmgr.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.ulQGCeP6wq.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.ulQGCeP6wq.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1368864211.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3454308235.0000000004B60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3452631025.00000000048F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3450449095.0000000002A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1369494752.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.3452552887.00000000048A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3452182714.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1372021275.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1633597 Sample: ulQGCeP6wq.exe Startdate: 10/03/2025 Architecture: WINDOWS Score: 100 33 www.suheylamoda.xyz 2->33 35 www.specialblockchain.xyz 2->35 37 16 other IPs or domains 2->37 45 Suricata IDS alerts for network traffic 2->45 47 Antivirus detection for URL or domain 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 53 5 other signatures 2->53 10 ulQGCeP6wq.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 35->51 process4 file5 31 C:\Users\user\AppData\...\ulQGCeP6wq.exe.log, ASCII 10->31 dropped 67 Injects a PE file into a foreign processes 10->67 14 ulQGCeP6wq.exe 10->14         started        17 ulQGCeP6wq.exe 10->17         started        signatures6 process7 signatures8 69 Maps a DLL or memory area into another process 14->69 19 L2mAf1MzZG7.exe 14->19 injected process9 signatures10 55 Found direct / indirect Syscall (likely to bypass EDR) 19->55 22 wiaacmgr.exe 13 19->22         started        process11 signatures12 57 Tries to steal Mail credentials (via file / registry access) 22->57 59 Tries to harvest and steal browser information (history, passwords, etc) 22->59 61 Modifies the context of a thread in another process (thread injection) 22->61 63 3 other signatures 22->63 25 L2mAf1MzZG7.exe 22->25 injected 29 firefox.exe 22->29         started        process13 dnsIp14 39 www.nextpeak.site 203.161.42.73, 49722, 49723, 49724 VNPT-AS-VNVNPTCorpVN Malaysia 25->39 41 www.boldproductspot.shop 199.115.115.2, 49718, 49719, 49720 LEASEWEB-USA-WDCUS United States 25->41 43 7 other IPs or domains 25->43 65 Found direct / indirect Syscall (likely to bypass EDR) 25->65 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.