Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7zKn77RsRX.exe

Overview

General Information

Sample name:7zKn77RsRX.exe
renamed because original name is a hash value
Original sample name:0e94ca98203135b33c4782070ea0a94396077255b6d66f9f36d0ceffe007d6a7.exe
Analysis ID:1634649
MD5:caac12a8255d2c3be867df086635e468
SHA1:40591e1f18ebccc6d1251e7f01639ea23e88075e
SHA256:0e94ca98203135b33c4782070ea0a94396077255b6d66f9f36d0ceffe007d6a7
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 7zKn77RsRX.exe (PID: 8596 cmdline: "C:\Users\user\Desktop\7zKn77RsRX.exe" MD5: CAAC12A8255D2C3BE867DF086635E468)
    • 7zKn77RsRX.exe (PID: 8640 cmdline: "C:\Users\user\Desktop\7zKn77RsRX.exe" MD5: CAAC12A8255D2C3BE867DF086635E468)
      • hPIFXCuRV9.exe (PID: 6312 cmdline: "C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\d4gJErDydzT.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
        • rekeywiz.exe (PID: 9180 cmdline: "C:\Windows\SysWOW64\rekeywiz.exe" MD5: 89AF1348B5D168DE820BD37C3A263D85)
          • hPIFXCuRV9.exe (PID: 6468 cmdline: "C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\gmtQG2zTZ.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
          • firefox.exe (PID: 2652 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3785605979.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.1729468117.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.3788440303.0000000004BA0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.3786668154.0000000000910000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000005.00000002.3786643946.00000000047F0000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.7zKn77RsRX.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              1.2.7zKn77RsRX.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-11T02:57:50.051031+010028554651A Network Trojan was detected192.168.2.554201104.21.44.13680TCP
                2025-03-11T02:58:13.601525+010028554651A Network Trojan was detected192.168.2.554206144.76.229.20380TCP
                2025-03-11T02:58:27.051373+010028554651A Network Trojan was detected192.168.2.554210194.58.112.17480TCP
                2025-03-11T02:58:41.297537+010028554651A Network Trojan was detected192.168.2.55421447.83.1.9080TCP
                2025-03-11T02:58:54.882972+010028554651A Network Trojan was detected192.168.2.554218188.114.96.380TCP
                2025-03-11T02:59:08.497424+010028554651A Network Trojan was detected192.168.2.554222188.114.96.380TCP
                2025-03-11T02:59:21.898019+010028554651A Network Trojan was detected192.168.2.55422681.88.63.4680TCP
                2025-03-11T02:59:35.364988+010028554651A Network Trojan was detected192.168.2.55423066.29.133.19980TCP
                2025-03-11T02:59:56.944848+010028554651A Network Trojan was detected192.168.2.55423413.248.169.4880TCP
                2025-03-11T03:00:10.367605+010028554651A Network Trojan was detected192.168.2.554238199.59.243.16080TCP
                2025-03-11T03:00:23.706465+010028554651A Network Trojan was detected192.168.2.554242199.115.118.780TCP
                2025-03-11T03:00:37.132339+010028554651A Network Trojan was detected192.168.2.554246104.21.64.180TCP
                2025-03-11T03:00:50.525281+010028554651A Network Trojan was detected192.168.2.554250217.160.0.2480TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-11T02:58:05.791431+010028554641A Network Trojan was detected192.168.2.554203144.76.229.20380TCP
                2025-03-11T02:58:08.352145+010028554641A Network Trojan was detected192.168.2.554204144.76.229.20380TCP
                2025-03-11T02:58:10.940870+010028554641A Network Trojan was detected192.168.2.554205144.76.229.20380TCP
                2025-03-11T02:58:19.408373+010028554641A Network Trojan was detected192.168.2.554207194.58.112.17480TCP
                2025-03-11T02:58:21.968590+010028554641A Network Trojan was detected192.168.2.554208194.58.112.17480TCP
                2025-03-11T02:58:24.499600+010028554641A Network Trojan was detected192.168.2.554209194.58.112.17480TCP
                2025-03-11T02:58:33.532786+010028554641A Network Trojan was detected192.168.2.55421147.83.1.9080TCP
                2025-03-11T02:58:36.177739+010028554641A Network Trojan was detected192.168.2.55421247.83.1.9080TCP
                2025-03-11T02:58:38.668395+010028554641A Network Trojan was detected192.168.2.55421347.83.1.9080TCP
                2025-03-11T02:58:46.965579+010028554641A Network Trojan was detected192.168.2.554215188.114.96.380TCP
                2025-03-11T02:58:49.563711+010028554641A Network Trojan was detected192.168.2.554216188.114.96.380TCP
                2025-03-11T02:58:52.303310+010028554641A Network Trojan was detected192.168.2.554217188.114.96.380TCP
                2025-03-11T02:59:00.952230+010028554641A Network Trojan was detected192.168.2.554219188.114.96.380TCP
                2025-03-11T02:59:03.573770+010028554641A Network Trojan was detected192.168.2.554220188.114.96.380TCP
                2025-03-11T02:59:05.858627+010028554641A Network Trojan was detected192.168.2.554221188.114.96.380TCP
                2025-03-11T02:59:14.205346+010028554641A Network Trojan was detected192.168.2.55422381.88.63.4680TCP
                2025-03-11T02:59:16.765462+010028554641A Network Trojan was detected192.168.2.55422481.88.63.4680TCP
                2025-03-11T02:59:19.321294+010028554641A Network Trojan was detected192.168.2.55422581.88.63.4680TCP
                2025-03-11T02:59:27.719794+010028554641A Network Trojan was detected192.168.2.55422766.29.133.19980TCP
                2025-03-11T02:59:30.272499+010028554641A Network Trojan was detected192.168.2.55422866.29.133.19980TCP
                2025-03-11T02:59:32.805552+010028554641A Network Trojan was detected192.168.2.55422966.29.133.19980TCP
                2025-03-11T02:59:48.950451+010028554641A Network Trojan was detected192.168.2.55423113.248.169.4880TCP
                2025-03-11T02:59:51.706047+010028554641A Network Trojan was detected192.168.2.55423213.248.169.4880TCP
                2025-03-11T02:59:54.341976+010028554641A Network Trojan was detected192.168.2.55423313.248.169.4880TCP
                2025-03-11T03:00:02.596892+010028554641A Network Trojan was detected192.168.2.554235199.59.243.16080TCP
                2025-03-11T03:00:05.205450+010028554641A Network Trojan was detected192.168.2.554236199.59.243.16080TCP
                2025-03-11T03:00:07.769543+010028554641A Network Trojan was detected192.168.2.554237199.59.243.16080TCP
                2025-03-11T03:00:16.066074+010028554641A Network Trojan was detected192.168.2.554239199.115.118.780TCP
                2025-03-11T03:00:18.613291+010028554641A Network Trojan was detected192.168.2.554240199.115.118.780TCP
                2025-03-11T03:00:21.182388+010028554641A Network Trojan was detected192.168.2.554241199.115.118.780TCP
                2025-03-11T03:00:29.400807+010028554641A Network Trojan was detected192.168.2.554243104.21.64.180TCP
                2025-03-11T03:00:31.969915+010028554641A Network Trojan was detected192.168.2.554244104.21.64.180TCP
                2025-03-11T03:00:34.505998+010028554641A Network Trojan was detected192.168.2.554245104.21.64.180TCP
                2025-03-11T03:00:42.830118+010028554641A Network Trojan was detected192.168.2.554247217.160.0.2480TCP
                2025-03-11T03:00:45.391773+010028554641A Network Trojan was detected192.168.2.554248217.160.0.2480TCP
                2025-03-11T03:00:47.936977+010028554641A Network Trojan was detected192.168.2.554249217.160.0.2480TCP
                2025-03-11T03:00:56.101757+010028554641A Network Trojan was detected192.168.2.55425184.32.84.3280TCP
                2025-03-11T03:00:58.641788+010028554641A Network Trojan was detected192.168.2.55425284.32.84.3280TCP
                2025-03-11T03:01:01.202604+010028554641A Network Trojan was detected192.168.2.55425384.32.84.3280TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: 7zKn77RsRX.exeAvira: detected
                Antivirus detection for URL or domain
                Source: http://www.031234990.xyz/ke4e/Avira URL Cloud: Label: malware
                Source: http://www.031234990.xyz/ke4e/?md=Dd6dmEnwJGfYT0rNhn1NB1b+I6SwAwN4NY0E8cNSqGHJ6me6c02fUEuS6yOsUhW9B84bafP+dgEyFYbDj8j1Jbm7E6HYjvmtz7jlcA+QHJYQjw5jiZY6KM87EVvxti1SOg==&Cr=J8qpF4JpuVoDAvira URL Cloud: Label: malware
                Source: http://www.maplez.online/d762/?md=hkRV+G/BOAk0D4BpTlV9Zaghp2TJbbj6KayKBaJB/kftfSF33fCtFyI7KdPoKzo9B/N+2BkDoP6YUI3kBM+o+4/m03MDjSkLHqT7pwo9IYLjuo2qfU6lrHP7DWIdM6tG0g==&Cr=J8qpF4JpuVoDAvira URL Cloud: Label: malware
                Source: http://www.manicure-nano.sbs/xe9a/Avira URL Cloud: Label: malware
                Source: http://www.trustai.chatAvira URL Cloud: Label: malware
                Source: http://www.manicure-nano.sbs/xe9a/?md=Js9MLFVrvPDnd5+ni8ZygkxzaO0VIjRaNA+bq5u28njuOQOlbcuyRwAKZGYdeAPN2eXOdFkY4BsziTYcIA5zHutyq7Zc3ZwfgxtgIxy+jeXHk02VGxcHqOP/uaoOFrqI9A==&Cr=J8qpF4JpuVoDAvira URL Cloud: Label: malware
                Source: http://www.trustai.chat/kv4n/Avira URL Cloud: Label: malware
                Source: http://www.serenityos.dev/dntg/?md=Xi77pNpzRwduTXf13DwoRl9ks24bE/OoZO8jI9GlbI12YargANeHXOwJPk3kluRPu8INtGeEgdhJoy+Tym0PkrzaUGcuo7JKicDbYlI+ZuO8OJQcFnH3arVLFbwMDqvOCg==&Cr=J8qpF4JpuVoDAvira URL Cloud: Label: malware
                Source: http://www.serenityos.dev/dntg/Avira URL Cloud: Label: malware
                Source: http://www.maplez.online/d762/Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: 7zKn77RsRX.exeVirustotal: Detection: 80%Perma Link
                Source: 7zKn77RsRX.exeReversingLabs: Detection: 73%
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.7zKn77RsRX.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.7zKn77RsRX.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.3785605979.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1729468117.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3788440303.0000000004BA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3786668154.0000000000910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3786643946.00000000047F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1730366209.0000000001590000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3786884212.0000000004370000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1732619227.0000000003850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Joe Sandbox ML detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: 7zKn77RsRX.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 7zKn77RsRX.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: UvSY.pdb source: rekeywiz.exe, 00000006.00000002.3786807100.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787482363.0000000004C3C000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.000000000276C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2038323521.00000000275DC000.00000004.80000000.00040000.00000000.sdmp, 7zKn77RsRX.exe
                Source: Binary string: rekeywiz.pdb source: 7zKn77RsRX.exe, 00000001.00000002.1729881677.0000000001347000.00000004.00000020.00020000.00000000.sdmp, hPIFXCuRV9.exe, 00000005.00000002.3786104434.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: 7zKn77RsRX.exe, 00000001.00000002.1730585582.0000000001600000.00000040.00001000.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787086291.00000000047AE000.00000040.00001000.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000003.1732328501.000000000445F000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000003.1729868273.00000000042A9000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787086291.0000000004610000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: 7zKn77RsRX.exe, 7zKn77RsRX.exe, 00000001.00000002.1730585582.0000000001600000.00000040.00001000.00020000.00000000.sdmp, rekeywiz.exe, rekeywiz.exe, 00000006.00000002.3787086291.00000000047AE000.00000040.00001000.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000003.1732328501.000000000445F000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000003.1729868273.00000000042A9000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787086291.0000000004610000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: rekeywiz.pdbGCTL source: 7zKn77RsRX.exe, 00000001.00000002.1729881677.0000000001347000.00000004.00000020.00020000.00000000.sdmp, hPIFXCuRV9.exe, 00000005.00000002.3786104434.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: UvSY.pdbSHA256 source: rekeywiz.exe, 00000006.00000002.3786807100.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787482363.0000000004C3C000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.000000000276C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2038323521.00000000275DC000.00000004.80000000.00040000.00000000.sdmp, 7zKn77RsRX.exe
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: hPIFXCuRV9.exe, 00000005.00000000.1648813193.000000000062F000.00000002.00000001.01000000.0000000A.sdmp, hPIFXCuRV9.exe, 00000007.00000000.1808015536.000000000062F000.00000002.00000001.01000000.0000000A.sdmp
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0041C780 FindFirstFileW,FindNextFileW,FindClose,6_2_0041C780
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 4x nop then xor eax, eax6_2_00409FF0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 4x nop then pop edi6_2_0040E313
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 4x nop then mov ebx, 00000004h6_2_044704E8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54249 -> 217.160.0.24:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54220 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54214 -> 47.83.1.90:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54243 -> 104.21.64.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54245 -> 104.21.64.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54228 -> 66.29.133.199:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54216 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54237 -> 199.59.243.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54231 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54201 -> 104.21.44.136:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54210 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54208 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54234 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54215 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54221 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54219 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54226 -> 81.88.63.46:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54217 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54223 -> 81.88.63.46:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54235 -> 199.59.243.160:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54246 -> 104.21.64.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54204 -> 144.76.229.203:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54205 -> 144.76.229.203:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54227 -> 66.29.133.199:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54224 -> 81.88.63.46:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54225 -> 81.88.63.46:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54253 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54207 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54236 -> 199.59.243.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54213 -> 47.83.1.90:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54209 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54247 -> 217.160.0.24:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54212 -> 47.83.1.90:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54203 -> 144.76.229.203:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54211 -> 47.83.1.90:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54252 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54230 -> 66.29.133.199:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54222 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54239 -> 199.115.118.7:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54218 -> 188.114.96.3:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54250 -> 217.160.0.24:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54229 -> 66.29.133.199:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54232 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54238 -> 199.59.243.160:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54251 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54242 -> 199.115.118.7:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:54206 -> 144.76.229.203:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54233 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54244 -> 104.21.64.1:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54248 -> 217.160.0.24:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54241 -> 199.115.118.7:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:54240 -> 199.115.118.7:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.031234990.xyz
                Source: DNS query: www.bitcoinescort.xyz
                Source: DNS query: www.chivor.xyz
                Source: global trafficTCP traffic: 192.168.2.5:54198 -> 1.1.1.1:53
                Source: Joe Sandbox ViewIP Address: 144.76.229.203 144.76.229.203
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /0dsh/?md=+zxjW1iBImYrmxMKsluZzWs779EkbColwQIGqFJVLL47+971w1Z0xPL+QWMSocRfBt2JXyMCIRyNiq0Ag6okKHq8Rzv7A3X0ZUeceT+gixUVrTQWLgCC+YloXeRo/w8LEw==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.rtphajar4d.artUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /ke4e/?md=Dd6dmEnwJGfYT0rNhn1NB1b+I6SwAwN4NY0E8cNSqGHJ6me6c02fUEuS6yOsUhW9B84bafP+dgEyFYbDj8j1Jbm7E6HYjvmtz7jlcA+QHJYQjw5jiZY6KM87EVvxti1SOg==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.031234990.xyzUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /d762/?md=hkRV+G/BOAk0D4BpTlV9Zaghp2TJbbj6KayKBaJB/kftfSF33fCtFyI7KdPoKzo9B/N+2BkDoP6YUI3kBM+o+4/m03MDjSkLHqT7pwo9IYLjuo2qfU6lrHP7DWIdM6tG0g==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.maplez.onlineUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /m8lo/?md=m1vFK/mlzoHXB5iIT/4pV5eXQw+5dQVbig4BjA8M6e3iMb4NR2P77o5JKU5yngt7Hnt/Z6ee0Wr1g/mbOq1Kga0g/7UNvmqjpSKbr7lDVaeXcKIJwkCjrzKOeKsev/fYBg==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.fjlgyc.infoUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /j4nd/?Cr=J8qpF4JpuVoD&md=Zv7P5UkplQS3gZpNK0GTgXvj8S3R+56DsM8bbUuTW8va69qevRvmeS/O8w0HDMJd4EBrojoRdS1V6iw8mI/FE5fObApSSYxv/5JhhUvMhKui1rsdxrcFqbkkDYyu0swrDg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.timeinsardinia.infoUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /dntg/?md=Xi77pNpzRwduTXf13DwoRl9ks24bE/OoZO8jI9GlbI12YargANeHXOwJPk3kluRPu8INtGeEgdhJoy+Tym0PkrzaUGcuo7JKicDbYlI+ZuO8OJQcFnH3arVLFbwMDqvOCg==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.serenityos.devUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /dmu8/?Cr=J8qpF4JpuVoD&md=j2ab8T4EViWZohCnBwhVwaGdxUAjzgy+aycX/kw+zIuMf56ydLRZwbycde0IxBLkuZP/zJ1mZ9d6k65vaqZpKstArBeS+lAulWgvztORu/RxtDvC5f5nkyZDapKBHQN/Ew== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.gariano.infoUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /ugcm/?md=+Mro/JB6BhJFqTMd0ang/wVLV2E+oJ7wMUPZvLSLc3TvuKStlHp8QYSE7EwNC2ygaqr0GTj9OkHh8yq2sE0vQt1aZWdOHsrxyMmSQDcVRnWjueGNJcXHbCCnQZ8+c1KQjw==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.pekedge.topUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /v6v3/?md=Scilcz+fkn4y7RVxgufG4gfwjjEO6i/Ev/FM7PZX7jvWdgJLX7gHoh74KE28szua6I6e+38loqz+boqqPhoJfv+hnsJizcJxaW8c0oJqIw90tK+yHl9tToo1fKglQjKgFA==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.chivor.xyzUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /xe9a/?md=Js9MLFVrvPDnd5+ni8ZygkxzaO0VIjRaNA+bq5u28njuOQOlbcuyRwAKZGYdeAPN2eXOdFkY4BsziTYcIA5zHutyq7Zc3ZwfgxtgIxy+jeXHk02VGxcHqOP/uaoOFrqI9A==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.manicure-nano.sbsUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /1u2i/?md=gMEky3UZODoSOeRyyKKoFSUFc5Wd2NDSBoWk09z7v4nL8zRDvGRxfRUeJniwpg4MO/9QihDkhXdDJP//QI200js/+DBmLj3DJAUsU5M1WXFEYXGYjyRBOTsdnekFhjVTJQ==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.stellaritemvault.shopUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /3nis/?md=7Jez/f8BRsPhvFRcTYEfxOkzfWBvvrnmo+4qP8uldvbHjjygNPFvdo5E4tKnf+Ij1qWwstrtA/xMUYgdGo9DgJw2XQs/LF7B4YOp70rx2vwo1mDzGB0jVDSfNcH81MJNEg==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.newanthoperso.shopUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /4bhb/?md=ZuVXrFfVeBe+YJ0ZOq0/sASeBgLfDDGu3ejCsbmND5jzJttXNVhYEZop6BICr2L9WZe/G5Dxt1+IJXHWghlJXut74NdL9hfjQQRXm1ax/fiMKbzS+pFCavF48QWpiwlGHA==&Cr=J8qpF4JpuVoD HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.birbacher.onlineUser-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficDNS traffic detected: DNS query: www.rtphajar4d.art
                Source: global trafficDNS traffic detected: DNS query: www.031234990.xyz
                Source: global trafficDNS traffic detected: DNS query: www.maplez.online
                Source: global trafficDNS traffic detected: DNS query: www.fjlgyc.info
                Source: global trafficDNS traffic detected: DNS query: www.timeinsardinia.info
                Source: global trafficDNS traffic detected: DNS query: www.serenityos.dev
                Source: global trafficDNS traffic detected: DNS query: www.gariano.info
                Source: global trafficDNS traffic detected: DNS query: www.pekedge.top
                Source: global trafficDNS traffic detected: DNS query: www.bitcoinescort.xyz
                Source: global trafficDNS traffic detected: DNS query: www.chivor.xyz
                Source: global trafficDNS traffic detected: DNS query: www.manicure-nano.sbs
                Source: global trafficDNS traffic detected: DNS query: www.stellaritemvault.shop
                Source: global trafficDNS traffic detected: DNS query: www.newanthoperso.shop
                Source: global trafficDNS traffic detected: DNS query: www.birbacher.online
                Source: global trafficDNS traffic detected: DNS query: www.trustai.chat
                Source: unknownHTTP traffic detected: POST /ke4e/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Length: 203Content-Type: application/x-www-form-urlencodedConnection: closeCache-Control: max-age=0Host: www.031234990.xyzOrigin: http://www.031234990.xyzReferer: http://www.031234990.xyz/ke4e/User-Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; SAMSUNG-SM-G730A Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30Data Raw: 6d 64 3d 4f 66 53 39 6c 79 62 2b 4e 31 61 61 55 32 4f 75 72 6d 68 46 46 48 37 6c 52 6f 65 4e 48 48 68 73 56 6f 38 37 77 4d 34 65 73 78 4f 6f 73 31 4f 59 54 42 6e 6c 63 6c 71 55 2f 42 65 41 54 45 54 4d 63 63 41 34 63 63 4c 65 45 57 4e 4a 45 4c 79 34 74 63 37 59 66 5a 71 4d 54 73 66 39 76 75 4c 30 33 62 61 68 51 6a 48 6d 50 74 63 61 68 69 34 47 79 4a 41 55 46 66 30 2b 50 77 66 54 6c 43 67 35 66 56 56 4b 34 47 67 75 39 44 7a 71 4b 57 47 6d 54 72 2b 74 52 36 59 36 56 49 70 64 68 56 4e 71 71 45 78 50 74 65 31 57 5a 6b 67 79 63 5a 36 78 50 76 70 54 56 52 70 2b 70 49 32 68 57 45 6e 74 52 59 38 41 53 32 41 3d Data Ascii: md=OfS9lyb+N1aaU2OurmhFFH7lRoeNHHhsVo87wM4esxOos1OYTBnlclqU/BeATETMccA4ccLeEWNJELy4tc7YfZqMTsf9vuL03bahQjHmPtcahi4GyJAUFf0+PwfTlCg5fVVK4Ggu9DzqKWGmTr+tR6Y6VIpdhVNqqExPte1WZkgycZ6xPvpTVRp+pI2hWEntRY8AS2A=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:57:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeAccept-Ranges: bytesCache-Control: no-cache, no-store, must-revalidatePragma: no-cacheExpires: 0cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZPqHqvBZddQJON63GDl%2B6ZpjZZQBXxqRLD7p3NEU83HNLrI%2F4kJsjvyNcMAFtNoR90znLPzuy%2BaMUB%2BA90XnX8Sam2FTCMF4hxjSFEgg9TKMIZ68ZsyPsdDpuaObC2KDJ3A4m64%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e7717a496f42eb-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1832&min_rtt=1832&rtt_var=916&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=548&delivery_rate=0&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 61 33 39 0d 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f Data Ascii: 2a39<!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="0"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>404 No
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:58:05 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:58:08 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:58:10 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:58:13 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 01:58:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 8f db c6 15 7e f7 af 18 ab c0 4a b2 45 32 9b 14 81 ed 95 b4 4d e2 f4 29 97 02 eb b4 28 36 1b 61 44 8d 24 5a 14 c9 92 d4 ca b2 bd 40 62 27 4d 82 18 31 9a 06 28 10 34 e8 0d 45 9f 0a ac 2f db 6c 7c d9 fc 05 ea 1f f5 3b 67 48 8a d2 4a eb 4b 9c a2 02 76 45 cd e5 cc 99 73 f9 ce 39 33 ac 9f ee f8 76 3c 09 94 e8 c7 43 b7 59 a7 ff c2 76 65 14 35 4a 4e d4 92 1d 19 c4 ce ae 2a 09 57 7a bd 46 29 1c 95 30 46 c9 4e b3 3e 54 b1 14 76 5f 86 91 8a 1b a5 f7 2e fd d2 38 87 3e 6e f5 e4 50 35 4a 81 0c 07 8e d7 2b 09 db f7 62 e5 61 50 a8 7a e1 c8 08 41 73 7e e4 ae a3 c6 81 1f c6 85 a1 63 a7 13 f7 1b 1d b5 eb d8 ca e0 1f 35 c7 73 62 47 ba 46 64 4b 57 35 d6 41 22 76 62 57 35 c7 e3 b1 39 94 81 ab ae 9a be e7 3a 9e aa 5b ba a3 8e 1f 03 11 2a b7 51 8a e2 89 ab a2 be 52 58 63 a8 3a 8e 6c 94 a4 eb 96 44 3f 54 dd 9c 53 e6 cc 90 a3 d8 37 ed 28 02 fd d9 7c 07 7b c8 46 77 25 98 f2 3d 13 ff 36 d7 4b 82 84 07 59 0d 65 4f 59 57 0c 1e d8 ac 47 76 e8 04 71 d3 3a 53 3f bd fd c6 c5 d7 2e bd b6 7d c6 3a 35 76 bc 8e 3f 36 e3 50 da 83 2d 1e f0 96 2f 3b a2 21 ba 23 cf 8e 1d df ab 54 af ed 6d 9c b2 ce ec ec 34 cf 58 75 2b 25 92 12 13 d8 1c 86 37 4a cb c9 54 ca d6 50 7a 4e 57 45 b1 79 39 2a 57 4b 18 af c2 d0 0f 9f 72 42 4d ac 63 4e 14 da 8d 52 91 10 54 92 a9 78 14 77 59 c5 cf cc 17 d9 0b b4 46 12 89 9e 9a b7 c5 49 45 fe 16 fa 4e e2 d1 d2 c6 da f6 3b 93 cc ac db 46 00 5d 09 fd d5 22 f5 b5 52 53 e5 36 36 da d9 53 ab dd 6b b9 4e af 1f c3 1e 88 96 0a 8b 74 78 70 ab 95 76 10 c9 b9 16 4d 3d 35 f8 8e b3 bb 72 aa e1 f9 31 b1 14 ab 2b 58 28 f9 3a 39 4a 1e 25 07 c9 63 91 7c 97 ec 4f 3f c4 e3 bd e4 70 fa d1 f4 06 9e 0f f1 77 94 dc 4d f6 a9 fb ee 9a d7 8e 82 8d 3a 5c 51 3b 6d db 20 ab cd 6c b5 1f c7 41 74 c1 b2 e0 79 26 7c 57 3b 83 e7 77 7d d7 f5 c7 c2 f3 fd 40 c1 4a f0 00 3f 80 b5 a8 10 f6 2c c3 1e 79 74 ab 0d 97 1f 80 99 bf d2 ea e6 f4 c3 e9 cd ba 25 9b 75 0b fb 68 d6 17 36 d3 53 ad 56 ea e6 c6 38 94 41 00 a2 a9 80 17 db 5b ec 8b 2d f8 02 30 61 e5 20 56 4b df 8f 62 20 88 11 c5 32 76 6c 28 60 61 d5 39 59 1b e9 fa a4 a7 f5 99 34 16 34 62 30 34 94 96 81 46 7f bd 59 0f 56 4f ec 28 6d c2 f0 d3 67 57 54 bd 1d 36 93 43 ad ab e4 07 52 62 f2 03 2b f6 c1 31 55 ce c9 3b 58 b5 e7 f6 28 8e 7d 2f ca 84 8d 4d 17 2c 40 77 82 4b fd 00 0d b8 7e d8 62 15 2b cf 26 3b 4b 3b 22 e7 aa 6a 41 f9 43 e9 b2 26 52 81 e6 f3 73 e1 a5 e3 59 2b 40 e3 02 89 40 76 3a d0 51 cb 25 b3 59 34 3b 82 66 6d 7a d6 b8 ef 3b 91 b5 69 f7 95 3d 68 ac 75 38 44 1c 43 ee 35 39 0c 36 30 a1 15 f9 a3 d0 56 8d 6c 7d c2 e4 52 f3 37 44 82 6c 50 14 37 4b 2e 53 64 9e 41 bb e0 89 27 6f a6 e3 0f a5 93 43 7b e6 2e 05 be f5 00 cb 53 63 6b 73 14 0f 33 ce 8e b3 4e 9d 14 5a 46 c3 8c ed 35 6a b2 b1 25 e9 f4 bc 46 04 11 79 9d 16 08 9d bc cb e4 ef 30 89 ff 24 07 62 fa 49 72 34 fd 74 7a 53 24 f7 33 38 38 5d f0 c0 28 90 de 12 6b 0d 42 7f e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 01:58:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 8f db c6 15 7e f7 af 18 ab c0 4a b2 45 32 9b 14 81 ed 95 b4 4d e2 f4 29 97 02 eb b4 28 36 1b 61 44 8d 24 5a 14 c9 92 d4 ca b2 bd 40 62 27 4d 82 18 31 9a 06 28 10 34 e8 0d 45 9f 0a ac 2f db 6c 7c d9 fc 05 ea 1f f5 3b 67 48 8a d2 4a eb 4b 9c a2 02 76 45 cd e5 cc 99 73 f9 ce 39 33 ac 9f ee f8 76 3c 09 94 e8 c7 43 b7 59 a7 ff c2 76 65 14 35 4a 4e d4 92 1d 19 c4 ce ae 2a 09 57 7a bd 46 29 1c 95 30 46 c9 4e b3 3e 54 b1 14 76 5f 86 91 8a 1b a5 f7 2e fd d2 38 87 3e 6e f5 e4 50 35 4a 81 0c 07 8e d7 2b 09 db f7 62 e5 61 50 a8 7a e1 c8 08 41 73 7e e4 ae a3 c6 81 1f c6 85 a1 63 a7 13 f7 1b 1d b5 eb d8 ca e0 1f 35 c7 73 62 47 ba 46 64 4b 57 35 d6 41 22 76 62 57 35 c7 e3 b1 39 94 81 ab ae 9a be e7 3a 9e aa 5b ba a3 8e 1f 03 11 2a b7 51 8a e2 89 ab a2 be 52 58 63 a8 3a 8e 6c 94 a4 eb 96 44 3f 54 dd 9c 53 e6 cc 90 a3 d8 37 ed 28 02 fd d9 7c 07 7b c8 46 77 25 98 f2 3d 13 ff 36 d7 4b 82 84 07 59 0d 65 4f 59 57 0c 1e d8 ac 47 76 e8 04 71 d3 3a 53 3f bd fd c6 c5 d7 2e bd b6 7d c6 3a 35 76 bc 8e 3f 36 e3 50 da 83 2d 1e f0 96 2f 3b a2 21 ba 23 cf 8e 1d df ab 54 af ed 6d 9c b2 ce ec ec 34 cf 58 75 2b 25 92 12 13 d8 1c 86 37 4a cb c9 54 ca d6 50 7a 4e 57 45 b1 79 39 2a 57 4b 18 af c2 d0 0f 9f 72 42 4d ac 63 4e 14 da 8d 52 91 10 54 92 a9 78 14 77 59 c5 cf cc 17 d9 0b b4 46 12 89 9e 9a b7 c5 49 45 fe 16 fa 4e e2 d1 d2 c6 da f6 3b 93 cc ac db 46 00 5d 09 fd d5 22 f5 b5 52 53 e5 36 36 da d9 53 ab dd 6b b9 4e af 1f c3 1e 88 96 0a 8b 74 78 70 ab 95 76 10 c9 b9 16 4d 3d 35 f8 8e b3 bb 72 aa e1 f9 31 b1 14 ab 2b 58 28 f9 3a 39 4a 1e 25 07 c9 63 91 7c 97 ec 4f 3f c4 e3 bd e4 70 fa d1 f4 06 9e 0f f1 77 94 dc 4d f6 a9 fb ee 9a d7 8e 82 8d 3a 5c 51 3b 6d db 20 ab cd 6c b5 1f c7 41 74 c1 b2 e0 79 26 7c 57 3b 83 e7 77 7d d7 f5 c7 c2 f3 fd 40 c1 4a f0 00 3f 80 b5 a8 10 f6 2c c3 1e 79 74 ab 0d 97 1f 80 99 bf d2 ea e6 f4 c3 e9 cd ba 25 9b 75 0b fb 68 d6 17 36 d3 53 ad 56 ea e6 c6 38 94 41 00 a2 a9 80 17 db 5b ec 8b 2d f8 02 30 61 e5 20 56 4b df 8f 62 20 88 11 c5 32 76 6c 28 60 61 d5 39 59 1b e9 fa a4 a7 f5 99 34 16 34 62 30 34 94 96 81 46 7f bd 59 0f 56 4f ec 28 6d c2 f0 d3 67 57 54 bd 1d 36 93 43 ad ab e4 07 52 62 f2 03 2b f6 c1 31 55 ce c9 3b 58 b5 e7 f6 28 8e 7d 2f ca 84 8d 4d 17 2c 40 77 82 4b fd 00 0d b8 7e d8 62 15 2b cf 26 3b 4b 3b 22 e7 aa 6a 41 f9 43 e9 b2 26 52 81 e6 f3 73 e1 a5 e3 59 2b 40 e3 02 89 40 76 3a d0 51 cb 25 b3 59 34 3b 82 66 6d 7a d6 b8 ef 3b 91 b5 69 f7 95 3d 68 ac 75 38 44 1c 43 ee 35 39 0c 36 30 a1 15 f9 a3 d0 56 8d 6c 7d c2 e4 52 f3 37 44 82 6c 50 14 37 4b 2e 53 64 9e 41 bb e0 89 27 6f a6 e3 0f a5 93 43 7b e6 2e 05 be f5 00 cb 53 63 6b 73 14 0f 33 ce 8e b3 4e 9d 14 5a 46 c3 8c ed 35 6a b2 b1 25 e9 f4 bc 46 04 11 79 9d 16 08 9d bc cb e4 ef 30 89 ff 24 07 62 fa 49 72 34 fd 74 7a 53 24 f7 33 38 38 5d f0 c0 28 90 de 12 6b 0d 42 7f e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 01:58:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 8f db c6 15 7e f7 af 18 ab c0 4a b2 45 32 9b 14 81 ed 95 b4 4d e2 f4 29 97 02 eb b4 28 36 1b 61 44 8d 24 5a 14 c9 92 d4 ca b2 bd 40 62 27 4d 82 18 31 9a 06 28 10 34 e8 0d 45 9f 0a ac 2f db 6c 7c d9 fc 05 ea 1f f5 3b 67 48 8a d2 4a eb 4b 9c a2 02 76 45 cd e5 cc 99 73 f9 ce 39 33 ac 9f ee f8 76 3c 09 94 e8 c7 43 b7 59 a7 ff c2 76 65 14 35 4a 4e d4 92 1d 19 c4 ce ae 2a 09 57 7a bd 46 29 1c 95 30 46 c9 4e b3 3e 54 b1 14 76 5f 86 91 8a 1b a5 f7 2e fd d2 38 87 3e 6e f5 e4 50 35 4a 81 0c 07 8e d7 2b 09 db f7 62 e5 61 50 a8 7a e1 c8 08 41 73 7e e4 ae a3 c6 81 1f c6 85 a1 63 a7 13 f7 1b 1d b5 eb d8 ca e0 1f 35 c7 73 62 47 ba 46 64 4b 57 35 d6 41 22 76 62 57 35 c7 e3 b1 39 94 81 ab ae 9a be e7 3a 9e aa 5b ba a3 8e 1f 03 11 2a b7 51 8a e2 89 ab a2 be 52 58 63 a8 3a 8e 6c 94 a4 eb 96 44 3f 54 dd 9c 53 e6 cc 90 a3 d8 37 ed 28 02 fd d9 7c 07 7b c8 46 77 25 98 f2 3d 13 ff 36 d7 4b 82 84 07 59 0d 65 4f 59 57 0c 1e d8 ac 47 76 e8 04 71 d3 3a 53 3f bd fd c6 c5 d7 2e bd b6 7d c6 3a 35 76 bc 8e 3f 36 e3 50 da 83 2d 1e f0 96 2f 3b a2 21 ba 23 cf 8e 1d df ab 54 af ed 6d 9c b2 ce ec ec 34 cf 58 75 2b 25 92 12 13 d8 1c 86 37 4a cb c9 54 ca d6 50 7a 4e 57 45 b1 79 39 2a 57 4b 18 af c2 d0 0f 9f 72 42 4d ac 63 4e 14 da 8d 52 91 10 54 92 a9 78 14 77 59 c5 cf cc 17 d9 0b b4 46 12 89 9e 9a b7 c5 49 45 fe 16 fa 4e e2 d1 d2 c6 da f6 3b 93 cc ac db 46 00 5d 09 fd d5 22 f5 b5 52 53 e5 36 36 da d9 53 ab dd 6b b9 4e af 1f c3 1e 88 96 0a 8b 74 78 70 ab 95 76 10 c9 b9 16 4d 3d 35 f8 8e b3 bb 72 aa e1 f9 31 b1 14 ab 2b 58 28 f9 3a 39 4a 1e 25 07 c9 63 91 7c 97 ec 4f 3f c4 e3 bd e4 70 fa d1 f4 06 9e 0f f1 77 94 dc 4d f6 a9 fb ee 9a d7 8e 82 8d 3a 5c 51 3b 6d db 20 ab cd 6c b5 1f c7 41 74 c1 b2 e0 79 26 7c 57 3b 83 e7 77 7d d7 f5 c7 c2 f3 fd 40 c1 4a f0 00 3f 80 b5 a8 10 f6 2c c3 1e 79 74 ab 0d 97 1f 80 99 bf d2 ea e6 f4 c3 e9 cd ba 25 9b 75 0b fb 68 d6 17 36 d3 53 ad 56 ea e6 c6 38 94 41 00 a2 a9 80 17 db 5b ec 8b 2d f8 02 30 61 e5 20 56 4b df 8f 62 20 88 11 c5 32 76 6c 28 60 61 d5 39 59 1b e9 fa a4 a7 f5 99 34 16 34 62 30 34 94 96 81 46 7f bd 59 0f 56 4f ec 28 6d c2 f0 d3 67 57 54 bd 1d 36 93 43 ad ab e4 07 52 62 f2 03 2b f6 c1 31 55 ce c9 3b 58 b5 e7 f6 28 8e 7d 2f ca 84 8d 4d 17 2c 40 77 82 4b fd 00 0d b8 7e d8 62 15 2b cf 26 3b 4b 3b 22 e7 aa 6a 41 f9 43 e9 b2 26 52 81 e6 f3 73 e1 a5 e3 59 2b 40 e3 02 89 40 76 3a d0 51 cb 25 b3 59 34 3b 82 66 6d 7a d6 b8 ef 3b 91 b5 69 f7 95 3d 68 ac 75 38 44 1c 43 ee 35 39 0c 36 30 a1 15 f9 a3 d0 56 8d 6c 7d c2 e4 52 f3 37 44 82 6c 50 14 37 4b 2e 53 64 9e 41 bb e0 89 27 6f a6 e3 0f a5 93 43 7b e6 2e 05 be f5 00 cb 53 63 6b 73 14 0f 33 ce 8e b3 4e 9d 14 5a 46 c3 8c ed 35 6a b2 b1 25 e9 f4 bc 46 04 11 79 9d 16 08 9d bc cb e4 ef 30 89 ff 24 07 62 fa 49 72 34 fd 74 7a 53 24 f7 33 38 38 5d f0 c0 28 90 de 12 6b 0d 42 7f e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 01:58:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 36 37 66 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6d 61 70 6c 65 7a 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 8
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 11 Mar 2025 01:58:33 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 11 Mar 2025 01:58:38 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ez8onXpp10GDjjD0YvCmkwD2Nvs9mpRWrD9Ur%2FXhBaI5t8htDitT8gUXBjOpaa9thj7Ey%2BRjbnw1LMZsZd4RdrAULtRx4ZV2GhQrtbrkW%2Fzf4yyVVf4zSpzgomDglOiklvP1cIw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e773338e79f02b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2410&min_rtt=2410&rtt_var=1205&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=805&delivery_rate=0&cwnd=108&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 61 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 52 4d 73 d3 30 10 bd f3 2b 1e e1 5a c7 36 29 4c c7 56 72 29 74 38 30 d0 81 f4 c0 51 91 36 91 a6 8a e4 4a eb 10 93 e1 bf 77 5c 67 1a 7b 38 70 d2 ae 76 df db b7 1f e2 ed a7 ef b7 eb 5f f7 9f 61 78 ef 56 6f c4 f0 00 80 30 24 f5 60 be b8 6c d9 d1 ea ba b8 c6 b7 c0 b8 0b ad d7 22 1f 3e 2f 49 7b 62 09 c3 dc 64 f4 d4 da c3 72 76 1b 3c 93 e7 6c dd 35 34 83 1a bc e5 8c e9 c8 79 5f ab 86 32 32 26 e2 e5 c3 fa 2e bb 99 8d b8 12 77 63 ee 4d d0 1d 4e e8 91 99 74 76 e7 2b 28 f2 4c b1 46 23 b5 b6 7e 57 a1 2c 8a e6 88 0f 45 73 ac f1 f7 15 69 4a 9c b0 0d 9e b3 64 ff 50 f5 4f fc cc dc 67 54 78 df 33 7c 21 77 20 b6 4a 5e 41 46 2b dd 15 92 f4 29 4b 14 ed b6 86 0a 2e c4 0a ef 16 8b c5 98 46 46 b6 ca 11 4e d0 36 35 4e 76 15 36 2e a8 c7 7a a2 d9 d1 96 6b fc b6 9a 4d 85 8f 83 94 bd 8c 3b eb 2b 14 90 2d 87 09 27 4e af e5 8a e2 a6 d4 ea cc a6 49 85 28 d9 06 5f c1 07 4f 13 50 65 c2 81 e2 08 fa a2 f4 bf 38 91 8f 46 2e f2 cb fe 45 3f a1 b3 79 ee 72 b4 27 53 ae fa 8b d8 f6 17 31 17 b9 29 47 b1 66 b5 36 84 48 29 b4 51 f5 c6 53 4b 89 49 43 85 d6 69 f8 c0 d8 d0 00 45 f0 60 63 13 12 c5 03 c5 b9 c8 9b 09 d1 bd 23 99 08 ca 90 7a 04 1b c2 c3 8f af 73 fc 0c 31 76 90 9b d0 32 d8 48 be c0 44 3e 91 2a f2 a1 09 91 0f 27 fe Data Ascii: 1a4RMs0+Z6)LVr)t80Q6Jw\g{8pv_axVo0$`l">/I{bdrv<l54y_22&.wcMNtv+(LF#~W,EsiJdPOgTx3|!w J^AF+)K.FFN65Nv6.zkM;+-'NI(_OPe8F.E?yr'S1)Gf6H)QSKICiE`c#zs1v2HD>*'
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XygCCjcA7OaNAbOnlGIJ2z7Tzfel0Iq8rC8J4XuzcrM%2BEZEoXfi%2FA2EZp8fBAJQZZsniGGWHf7NsAGiIjBk%2BmLMumV45uqrV8EY58M9kAyo1bJ277Xm%2BAm5nrT%2FP76hRui6Qu30%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e773436f2a2361-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1975&min_rtt=1975&rtt_var=987&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=825&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 61 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 52 4d 73 d3 30 10 bd f3 2b 1e e1 5a c7 36 29 4c c7 56 72 29 74 38 30 d0 81 f4 c0 51 91 36 91 a6 8a e4 4a eb 10 93 e1 bf 77 5c 67 1a 7b 38 70 d2 ae 76 df db b7 1f e2 ed a7 ef b7 eb 5f f7 9f 61 78 ef 56 6f c4 f0 00 80 30 24 f5 60 be b8 6c d9 d1 ea ba b8 c6 b7 c0 b8 0b ad d7 22 1f 3e 2f 49 7b 62 09 c3 dc 64 f4 d4 da c3 72 76 1b 3c 93 e7 6c dd 35 34 83 1a bc e5 8c e9 c8 79 5f ab 86 32 32 26 e2 e5 c3 fa 2e bb 99 8d b8 12 77 63 ee 4d d0 1d 4e e8 91 99 74 76 e7 2b 28 f2 4c b1 46 23 b5 b6 7e 57 a1 2c 8a e6 88 0f 45 73 ac f1 f7 15 69 4a 9c b0 0d 9e b3 64 ff 50 f5 4f fc cc dc 67 54 78 df 33 7c 21 77 20 b6 4a 5e 41 46 2b dd 15 92 f4 29 4b 14 ed b6 86 0a 2e c4 0a ef 16 8b c5 98 46 46 b6 ca 11 4e d0 36 35 4e 76 15 36 2e a8 c7 7a a2 d9 d1 96 6b fc b6 9a 4d 85 8f 83 94 bd 8c 3b eb 2b 14 90 2d 87 09 27 4e af e5 8a e2 a6 d4 ea cc a6 49 85 28 d9 06 5f c1 07 4f 13 50 65 c2 81 e2 08 fa a2 f4 bf 38 91 8f 46 2e f2 cb fe 45 3f a1 b3 79 ee 72 b4 27 53 ae fa 8b d8 f6 17 31 17 b9 29 47 b1 66 b5 36 84 48 29 b4 51 f5 c6 53 4b 89 49 43 85 d6 69 f8 c0 d8 d0 00 45 f0 60 63 13 12 c5 03 c5 b9 c8 9b 09 d1 bd 23 99 08 ca 90 7a 04 1b c2 c3 8f af 73 fc 0c 31 76 90 9b d0 32 d8 48 be c0 44 3e 91 2a f2 a1 09 91 Data Ascii: 1a4RMs0+Z6)LVr)t80Q6Jw\g{8pv_axVo0$`l">/I{bdrv<l54y_22&.wcMNtv+(LF#~W,EsiJdPOgTx3|!w J^AF+)K.FFN65Nv6.zkM;+-'NI(_OPe8F.E?yr'S1)Gf6H)QSKICiE`c#zs1v2HD>*
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FHxn%2BWRk6k%2B0xoBg0XK1ktXUiDKwGtkjxDejXR0LLYg6Bv6BPLZ7dBc291m%2Foh8T3o33x%2Bl8crwJKAG1fV7YyGUdMb%2B8y%2F7vegHar1bABnogvQnx1vkmo5ayOeqQTG4ZuF6LNbY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e773534eb98c73-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1632&min_rtt=1632&rtt_var=816&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=985&delivery_rate=0&cwnd=93&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 61 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 52 4d 73 d3 30 10 bd f3 2b 1e e1 5a c7 36 29 4c c7 56 72 29 74 38 30 d0 81 f4 c0 51 91 36 91 a6 8a e4 4a eb 10 93 e1 bf 77 5c 67 1a 7b 38 70 d2 ae 76 df db b7 1f e2 ed a7 ef b7 eb 5f f7 9f 61 78 ef 56 6f c4 f0 00 80 30 24 f5 60 be b8 6c d9 d1 ea ba b8 c6 b7 c0 b8 0b ad d7 22 1f 3e 2f 49 7b 62 09 c3 dc 64 f4 d4 da c3 72 76 1b 3c 93 e7 6c dd 35 34 83 1a bc e5 8c e9 c8 79 5f ab 86 32 32 26 e2 e5 c3 fa 2e bb 99 8d b8 12 77 63 ee 4d d0 1d 4e e8 91 99 74 76 e7 2b 28 f2 4c b1 46 23 b5 b6 7e 57 a1 2c 8a e6 88 0f 45 73 ac f1 f7 15 69 4a 9c b0 0d 9e b3 64 ff 50 f5 4f fc cc dc 67 54 78 df 33 7c 21 77 20 b6 4a 5e 41 46 2b dd 15 92 f4 29 4b 14 ed b6 86 0a 2e c4 0a ef 16 8b c5 98 46 46 b6 ca 11 4e d0 36 35 4e 76 15 36 2e a8 c7 7a a2 d9 d1 96 6b fc b6 9a 4d 85 8f 83 94 bd 8c 3b eb 2b 14 90 2d 87 09 27 4e af e5 8a e2 a6 d4 ea cc a6 49 85 28 d9 06 5f c1 07 4f 13 50 65 c2 81 e2 08 fa a2 f4 bf 38 91 8f 46 2e f2 cb fe 45 3f a1 b3 79 ee 72 b4 27 53 ae fa 8b d8 f6 17 31 17 b9 29 47 b1 66 b5 36 84 48 29 b4 51 f5 c6 53 4b 89 49 43 85 d6 69 f8 c0 d8 d0 00 45 f0 60 63 13 12 c5 03 c5 b9 c8 9b 09 d1 bd 23 99 08 ca 90 7a 04 1b c2 c3 8f af 73 fc 0c 31 76 90 9b d0 32 d8 48 be c0 44 3e 91 2a f2 a1 09 Data Ascii: 1a4RMs0+Z6)LVr)t80Q6Jw\g{8pv_axVo0$`l">/I{bdrv<l54y_22&.wcMNtv+(LF#~W,EsiJdPOgTx3|!w J^AF+)K.FFN65Nv6.zkM;+-'NI(_OPe8F.E?yr'S1)Gf6H)QSKICiE`c#zs1v2HD>*
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3BSVXPvhamJbZPkSP4wrZbD%2B68VpEDOJMuHyAnsUfZt%2Bb8iWBFpqW5%2B19t1ON9OMsYHe2J%2FyLWjdpp5KxM7OYLaJddaMCa87Tabi87VHMl4V%2FSptg7poZWNBTcURPQo0AJwW0DU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e773632b494379-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1578&min_rtt=1578&rtt_var=789&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=548&delivery_rate=0&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 66 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 20 35 30 70 78 3b 20 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 70 78 3b 20 7d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 20 66 6f 6e 74 3a 20 32 30 70 78 20 48 65 6c 76 65 74 69 63 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 20 7d 0a 20 20 20 20 20 20 20 20 61 72 74 69 63 6c 65 20 7b 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 20 77 69 64 74 68 3a 20 36 35 30 70 78 3b 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 20 7d 0a 20 20 20 20 20 20 20 20 61 20 7b 20 63 6f 6c 6f 72 3a 20 23 30 30 38 31 Data Ascii: 2fa<!DOCTYPE html><html> <head> <title>404 Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style> body { text-align: center; padding: 100px 50px; } h1 { font-size: 50px; } body { font: 20px Helvetica, arial, sans-serif; color: #333; } article { display: block; text-align: left; width: 650px; margin: 0 auto; } a { color: #0081
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:14 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 6d 75 38 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dmu8/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:16 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 6d 75 38 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dmu8/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:19 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 6d 75 38 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dmu8/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:21 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 6d 75 38 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dmu8/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:27 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:30 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:32 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 01:59:35 GMTServer: ApacheContent-Length: 13840Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36 30 25 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 02:00:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 16 Sep 2022 05:35:38 GMTETag: W/"49d-5e8c4bb618b87"Content-Encoding: gzipData Raw: 32 34 62 0d 0a 1f 8b 08 00 00 00 00 00 02 03 ad 53 4d 73 da 30 10 bd e7 57 6c 9d b3 11 86 7c 21 8c 67 52 4c a6 9d 49 52 a6 38 93 f6 28 ec 05 6b 2a cb ae b5 c1 d0 4c ff 7b e5 0f 02 99 b6 e9 a5 f2 c1 d2 ee db f7 9e 34 bb fe bb f0 d3 34 fa 3a 9f 41 4a 99 82 f9 c3 fb db 8f 53 70 5c c6 1e 87 53 c6 c2 28 84 2f 1f a2 bb 5b f0 7a 7d 58 50 29 63 62 6c 76 ef 80 93 12 15 9c b1 aa aa 7a d5 b0 97 97 6b 16 7d 66 db 9a c5 ab cb ba ad 6b 9a 9a 5e 42 89 13 9c f8 8d c8 36 53 da 4c fe 40 e0 8d 46 a3 b6 ce a9 41 5c 09 bd 9e 38 a8 1d 78 d9 05 7e 8a 22 09 4e c0 2e 9f 24 29 0c 1e 71 69 24 21 2c 9e 4c 81 3a c1 c4 67 6d a2 05 65 48 02 6a 2d 17 bf 3f c9 cd c4 99 e6 9a 50 93 1b ed 0a 74 20 6e 4f 13 87 70 4b ac d6 1e 43 9c 8a d2 20 4d 1e a2 1b f7 ca 61 c7 44 5a 64 38 71 12 34 71 29 0b 92 b9 3e 62 88 52 69 a0 ea dc a4 c2 c0 12 51 83 d9 db ea bd 30 19 da 29 04 b2 fa 9d 6c 6c 8c d3 e6 ea b5 cc 93 1d 3c af 2c ad 6b e4 0f e4 de 59 b1 b5 a6 72 95 97 fc f4 b2 59 63 68 d2 2b 91 49 b5 e3 a2 94 c2 da ae a9 5c a1 e4 5a f3 d8 1a c2 72 fc f3 85 33 f5 8e 19 af 8e 19 47 a3 eb cb eb 9b 31 64 a2 5c 4b cd e1 b2 5f 6c a1 5f 7f c7 f5 03 78 6e f1 70 1a ce 2e a6 e7 e1 6b 0b d0 79 38 68 c0 a0 5f 8b 34 81 0a e5 3a 25 6e 6f a6 92 31 28 24 6b ce 35 85 88 a5 5e 73 70 bd 1a b8 97 f7 ce 1b f9 81 fd 1d e9 17 f0 5c c9 84 52 3e 6c 69 7f bf 6b 47 e0 2a 5c 11 17 4f 94 8f bb 40 d9 68 37 91 3d 86 f2 82 c3 b0 be e7 41 21 91 9b ff a2 71 60 14 5c 49 fd ed f0 6e c3 b3 f3 e1 c5 f5 2b c0 46 d6 cd 92 bc 89 11 31 c9 0d be 09 49 f3 0d 96 7f 41 f8 ac 69 37 3b 7c ac 1d 1d bf ee af ae 13 53 2f 58 3c 2c e6 b3 fb 70 16 da bc b7 0f 0f 82 7f 35 b3 45 0f 3a b4 7d b9 43 f3 ce 15 0a 83 cd 50 58 e3 40 a9 6d 74 8c 53 2d 63 a1 6c 79 51 e4 25 41 82 85 28 29 b3 8f da eb 3c 36 1c 3e 6b ad f9 cd 1c 06 27 bf 00 dc 27 15 ee 9d 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 24bSMs0Wl|!gRLIR8(k*L{44:AJSp\S(/[z}XP)cblvzk}fk^B6SL@FA\8x~"N.$)qi$!,L:gmeHj-?Pt nOpKC MaDZd8q4q)>bRiQ0)ll<,kYrYch+I\Zr3G1d\K_l_xnp.ky8h_4:%no1($k5^sp\R>likG*\O@h7=A!q`\In+F1IAi7;|S/X<,p5E:}CPX@mtS-clyQ%A()<6>k''0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 02:00:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 16 Sep 2022 05:35:38 GMTETag: W/"49d-5e8c4bb618b87"Content-Encoding: gzipData Raw: 32 34 62 0d 0a 1f 8b 08 00 00 00 00 00 02 03 ad 53 4d 73 da 30 10 bd e7 57 6c 9d b3 11 86 7c 21 8c 67 52 4c a6 9d 49 52 a6 38 93 f6 28 ec 05 6b 2a cb ae b5 c1 d0 4c ff 7b e5 0f 02 99 b6 e9 a5 f2 c1 d2 ee db f7 9e 34 bb fe bb f0 d3 34 fa 3a 9f 41 4a 99 82 f9 c3 fb db 8f 53 70 5c c6 1e 87 53 c6 c2 28 84 2f 1f a2 bb 5b f0 7a 7d 58 50 29 63 62 6c 76 ef 80 93 12 15 9c b1 aa aa 7a d5 b0 97 97 6b 16 7d 66 db 9a c5 ab cb ba ad 6b 9a 9a 5e 42 89 13 9c f8 8d c8 36 53 da 4c fe 40 e0 8d 46 a3 b6 ce a9 41 5c 09 bd 9e 38 a8 1d 78 d9 05 7e 8a 22 09 4e c0 2e 9f 24 29 0c 1e 71 69 24 21 2c 9e 4c 81 3a c1 c4 67 6d a2 05 65 48 02 6a 2d 17 bf 3f c9 cd c4 99 e6 9a 50 93 1b ed 0a 74 20 6e 4f 13 87 70 4b ac d6 1e 43 9c 8a d2 20 4d 1e a2 1b f7 ca 61 c7 44 5a 64 38 71 12 34 71 29 0b 92 b9 3e 62 88 52 69 a0 ea dc a4 c2 c0 12 51 83 d9 db ea bd 30 19 da 29 04 b2 fa 9d 6c 6c 8c d3 e6 ea b5 cc 93 1d 3c af 2c ad 6b e4 0f e4 de 59 b1 b5 a6 72 95 97 fc f4 b2 59 63 68 d2 2b 91 49 b5 e3 a2 94 c2 da ae a9 5c a1 e4 5a f3 d8 1a c2 72 fc f3 85 33 f5 8e 19 af 8e 19 47 a3 eb cb eb 9b 31 64 a2 5c 4b cd e1 b2 5f 6c a1 5f 7f c7 f5 03 78 6e f1 70 1a ce 2e a6 e7 e1 6b 0b d0 79 38 68 c0 a0 5f 8b 34 81 0a e5 3a 25 6e 6f a6 92 31 28 24 6b ce 35 85 88 a5 5e 73 70 bd 1a b8 97 f7 ce 1b f9 81 fd 1d e9 17 f0 5c c9 84 52 3e 6c 69 7f bf 6b 47 e0 2a 5c 11 17 4f 94 8f bb 40 d9 68 37 91 3d 86 f2 82 c3 b0 be e7 41 21 91 9b ff a2 71 60 14 5c 49 fd ed f0 6e c3 b3 f3 e1 c5 f5 2b c0 46 d6 cd 92 bc 89 11 31 c9 0d be 09 49 f3 0d 96 7f 41 f8 ac 69 37 3b 7c ac 1d 1d bf ee af ae 13 53 2f 58 3c 2c e6 b3 fb 70 16 da bc b7 0f 0f 82 7f 35 b3 45 0f 3a b4 7d b9 43 f3 ce 15 0a 83 cd 50 58 e3 40 a9 6d 74 8c 53 2d 63 a1 6c 79 51 e4 25 41 82 85 28 29 b3 8f da eb 3c 36 1c 3e 6b ad f9 cd 1c 06 27 bf 00 dc 27 15 ee 9d 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 24bSMs0Wl|!gRLIR8(k*L{44:AJSp\S(/[z}XP)cblvzk}fk^B6SL@FA\8x~"N.$)qi$!,L:gmeHj-?Pt nOpKC MaDZd8q4q)>bRiQ0)ll<,kYrYch+I\Zr3G1d\K_l_xnp.ky8h_4:%no1($k5^sp\R>likG*\O@h7=A!q`\In+F1IAi7;|S/X<,p5E:}CPX@mtS-clyQ%A()<6>k''0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 02:00:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 16 Sep 2022 05:35:38 GMTETag: W/"49d-5e8c4bb618b87"Content-Encoding: gzipData Raw: 32 34 62 0d 0a 1f 8b 08 00 00 00 00 00 02 03 ad 53 4d 73 da 30 10 bd e7 57 6c 9d b3 11 86 7c 21 8c 67 52 4c a6 9d 49 52 a6 38 93 f6 28 ec 05 6b 2a cb ae b5 c1 d0 4c ff 7b e5 0f 02 99 b6 e9 a5 f2 c1 d2 ee db f7 9e 34 bb fe bb f0 d3 34 fa 3a 9f 41 4a 99 82 f9 c3 fb db 8f 53 70 5c c6 1e 87 53 c6 c2 28 84 2f 1f a2 bb 5b f0 7a 7d 58 50 29 63 62 6c 76 ef 80 93 12 15 9c b1 aa aa 7a d5 b0 97 97 6b 16 7d 66 db 9a c5 ab cb ba ad 6b 9a 9a 5e 42 89 13 9c f8 8d c8 36 53 da 4c fe 40 e0 8d 46 a3 b6 ce a9 41 5c 09 bd 9e 38 a8 1d 78 d9 05 7e 8a 22 09 4e c0 2e 9f 24 29 0c 1e 71 69 24 21 2c 9e 4c 81 3a c1 c4 67 6d a2 05 65 48 02 6a 2d 17 bf 3f c9 cd c4 99 e6 9a 50 93 1b ed 0a 74 20 6e 4f 13 87 70 4b ac d6 1e 43 9c 8a d2 20 4d 1e a2 1b f7 ca 61 c7 44 5a 64 38 71 12 34 71 29 0b 92 b9 3e 62 88 52 69 a0 ea dc a4 c2 c0 12 51 83 d9 db ea bd 30 19 da 29 04 b2 fa 9d 6c 6c 8c d3 e6 ea b5 cc 93 1d 3c af 2c ad 6b e4 0f e4 de 59 b1 b5 a6 72 95 97 fc f4 b2 59 63 68 d2 2b 91 49 b5 e3 a2 94 c2 da ae a9 5c a1 e4 5a f3 d8 1a c2 72 fc f3 85 33 f5 8e 19 af 8e 19 47 a3 eb cb eb 9b 31 64 a2 5c 4b cd e1 b2 5f 6c a1 5f 7f c7 f5 03 78 6e f1 70 1a ce 2e a6 e7 e1 6b 0b d0 79 38 68 c0 a0 5f 8b 34 81 0a e5 3a 25 6e 6f a6 92 31 28 24 6b ce 35 85 88 a5 5e 73 70 bd 1a b8 97 f7 ce 1b f9 81 fd 1d e9 17 f0 5c c9 84 52 3e 6c 69 7f bf 6b 47 e0 2a 5c 11 17 4f 94 8f bb 40 d9 68 37 91 3d 86 f2 82 c3 b0 be e7 41 21 91 9b ff a2 71 60 14 5c 49 fd ed f0 6e c3 b3 f3 e1 c5 f5 2b c0 46 d6 cd 92 bc 89 11 31 c9 0d be 09 49 f3 0d 96 7f 41 f8 ac 69 37 3b 7c ac 1d 1d bf ee af ae 13 53 2f 58 3c 2c e6 b3 fb 70 16 da bc b7 0f 0f 82 7f 35 b3 45 0f 3a b4 7d b9 43 f3 ce 15 0a 83 cd 50 58 e3 40 a9 6d 74 8c 53 2d 63 a1 6c 79 51 e4 25 41 82 85 28 29 b3 8f da eb 3c 36 1c 3e 6b ad f9 cd 1c 06 27 bf 00 dc 27 15 ee 9d 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 24bSMs0Wl|!gRLIR8(k*L{44:AJSp\S(/[z}XP)cblvzk}fk^B6SL@FA\8x~"N.$)qi$!,L:gmeHj-?Pt nOpKC MaDZd8q4q)>bRiQ0)ll<,kYrYch+I\Zr3G1d\K_l_xnp.ky8h_4:%no1($k5^sp\R>likG*\O@h7=A!q`\In+F1IAi7;|S/X<,p5E:}CPX@mtS-clyQ%A()<6>k''0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Mar 2025 02:00:23 GMTContent-Type: text/html; charset=UTF-8Content-Length: 1181Connection: closeVary: Accept-EncodingLast-Modified: Fri, 16 Sep 2022 05:35:38 GMTETag: "49d-5e8c4bb618b87"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 53 75 73 70 65 6e 64 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 77 65 62 73 69 74 65 20 68 61 73 20 62 65 65 6e 20 73 75 73 70 65 6e 64 65 64 2e 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 37 37 37 37 37 37 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 38 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 39 39 41 37 41 46 3b 20 6d 61 72 67 69 6e 3a 20 37 30 70 78 20 30 20 30 20 30 3b 7d 0a 20 20 20 20 20 20 20 20 68 32 20 7b 63 6f 6c 6f 72 3a 20 23 44 45 36 43 35 44 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6d 61 72 67 69 6e 3a 20 31 35 70 78 20 30 20 32 35 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 70 20 7b 77 69 64 74 68 3a 33 32 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 20 7d 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 77 69 64 74 68 3a 33 32 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 63 6f 6c 6f 72 3a 20 23 33 34 35 33 36 41 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 76 69 73 69 74 65 64 20 7b 63
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 02:00:29 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aMWPVc4LJX6nmBVLYqmOjS1hSGsQ8raVFf8ouGdY5AiFVpiC0xFbDOGhz%2BCa372vpl7eUYhdWF41YtNgv40kdjQ4J1shTcafgapC2NTqEVz1k4NUq1jTMMK4j44azFgIkhXEVGLtIp2w"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e7755e7cdcde95-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1641&min_rtt=1641&rtt_var=820&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=817&delivery_rate=0&cwnd=119&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b 03 31 14 84 ef f9 15 cf de dd b7 95 1e 3c 3c 02 da dd 62 61 ad 8b a6 07 8f d1 bc 92 42 9b c4 e4 d5 e0 bf 97 dd 22 78 9d f9 66 98 a1 9b ee 65 6d de c7 1e 9e cc f3 00 e3 fe 71 d8 ae 61 71 8b b8 ed cd 06 b1 33 dd d5 b9 6b 5a c4 7e b7 d0 8a bc 9c 4f 9a 3c 5b a7 15 c9 51 4e ac 57 ed 0a 76 51 60 13 2f c1 11 5e 45 45 38 43 f4 11 dd cf 94 5b ea 7f 8c 5f 6a 45 49 1b cf 90 f9 eb c2 45 d8 c1 fe 75 80 6a 0b 84 28 70 98 38 88 01 c4 1f 0b 14 ce df 9c 1b c2 34 35 65 ad c8 3a 97 b9 14 fd 90 ec a7 67 78 9b 01 b0 02 b5 d6 26 70 b5 41 7c 4c 9c 4b 6c 8a 8f 09 c6 98 05 ee 5b c2 bf a0 22 9c 97 11 ce 8f 7e 01 00 00 ff ff e3 02 00 fa 01 eb 10 0c 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e3LAK1<<baB"xfemqaq3kZ~O<[QNWvQ`/^EE8C[_jEIEuj(p845e:gx&pA|LKl["~0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 02:00:31 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vxE4rZALf0bDhXgihYLYomIj4VvfhlBMdY16%2BNLyqAOF97kJKejxgT1IE2cZihUa00XSXj2HJMDZbo9VQPjL3yJO1WDXidB8LLtayd2CWWkUeJM6P0wG%2Bty2%2F%2FoAgJ8XxqMQ%2BEUxFiho"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e7756e6bd8b637-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2073&min_rtt=2073&rtt_var=1036&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=837&delivery_rate=0&cwnd=73&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b 03 31 14 84 ef f9 15 cf de dd b7 95 1e 3c 3c 02 da dd 62 61 ad 8b a6 07 8f d1 bc 92 42 9b c4 e4 d5 e0 bf 97 dd 22 78 9d f9 66 98 a1 9b ee 65 6d de c7 1e 9e cc f3 00 e3 fe 71 d8 ae 61 71 8b b8 ed cd 06 b1 33 dd d5 b9 6b 5a c4 7e b7 d0 8a bc 9c 4f 9a 3c 5b a7 15 c9 51 4e ac 57 ed 0a 76 51 60 13 2f c1 11 5e 45 45 38 43 f4 11 dd cf 94 5b ea 7f 8c 5f 6a 45 49 1b cf 90 f9 eb c2 45 d8 c1 fe 75 80 6a 0b 84 28 70 98 38 88 01 c4 1f 0b 14 ce df 9c 1b c2 34 35 65 ad c8 3a 97 b9 14 fd 90 ec a7 67 78 9b 01 b0 02 b5 d6 26 70 b5 41 7c 4c 9c 4b 6c 8a 8f 09 c6 98 05 ee 5b c2 bf a0 22 9c 97 11 ce 8f 7e 01 00 00 ff ff e3 02 00 fa 01 eb 10 0c 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e3LAK1<<baB"xfemqaq3kZ~O<[QNWvQ`/^EE8C[_jEIEuj(p845e:gx&pA|LKl["~0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 02:00:34 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nCo%2BvD2%2FWxBZDAqSCFAiOLB%2BzQ8ssIhXoiv%2FscRdTysTNUl6YiVw0KzGha82tzMtQzcCu3cqOvNjFv0%2B15Em7Rpv4jX4Rj%2Fy4GGg%2Bl3YTFcwgr%2FJTIfDJMcXSschiADgolhMMZMD8e12"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e7757e7efbde95-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1600&min_rtt=1600&rtt_var=800&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=997&delivery_rate=0&cwnd=119&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b 03 31 14 84 ef f9 15 cf de dd b7 95 1e 3c 3c 02 da dd 62 61 ad 8b a6 07 8f d1 bc 92 42 9b c4 e4 d5 e0 bf 97 dd 22 78 9d f9 66 98 a1 9b ee 65 6d de c7 1e 9e cc f3 00 e3 fe 71 d8 ae 61 71 8b b8 ed cd 06 b1 33 dd d5 b9 6b 5a c4 7e b7 d0 8a bc 9c 4f 9a 3c 5b a7 15 c9 51 4e ac 57 ed 0a 76 51 60 13 2f c1 11 5e 45 45 38 43 f4 11 dd cf 94 5b ea 7f 8c 5f 6a 45 49 1b cf 90 f9 eb c2 45 d8 c1 fe 75 80 6a 0b 84 28 70 98 38 88 01 c4 1f 0b 14 ce df 9c 1b c2 34 35 65 ad c8 3a 97 b9 14 fd 90 ec a7 67 78 9b 01 b0 02 b5 d6 26 70 b5 41 7c 4c 9c 4b 6c 8a 8f 09 c6 98 05 ee 5b c2 bf a0 22 9c 97 11 ce 8f 7e 01 00 00 ff ff e3 02 00 fa 01 eb 10 0c 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e3LAK1<<baB"xfemqaq3kZ~O<[QNWvQ`/^EE8C[_jEIEuj(p845e:gx&pA|LKl["~0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Mar 2025 02:00:37 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ChrjISPXSimK4eVsZdfv%2FMX367BYPNu7B1kUx3nNdUpbsnF78VGRTAkA%2BLT7MRdo%2BrMDIQn%2Fj%2FTwvXNDlAMSFyiSBGkMTPVGIlZ8zViIkFbUScT2ifDGRPywDD%2Fpn16rV7w61EbtoRhB"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91e7758ecfba8ca1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1887&min_rtt=1887&rtt_var=943&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=552&delivery_rate=0&cwnd=181&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 30 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 65 77 61 6e 74 68 6f 70 65 72 73 6f 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10c<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.newanthoperso.shop Port 80</address></body></html>0
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005024000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002B54000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2038323521.00000000279C4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=404refer
                Source: rekeywiz.exe, 00000006.00000002.3786807100.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787482363.0000000004C3C000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.000000000276C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2038323521.00000000275DC000.00000004.80000000.00040000.00000000.sdmp, 7zKn77RsRX.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
                Source: hPIFXCuRV9.exe, 00000007.00000002.3788440303.0000000004C12000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.trustai.chat
                Source: hPIFXCuRV9.exe, 00000007.00000002.3788440303.0000000004C12000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.trustai.chat/kv4n/
                Source: rekeywiz.exe, 00000006.00000002.3789945056.00000000078FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
                Source: rekeywiz.exe, 00000006.00000002.3789945056.00000000078FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: rekeywiz.exe, 00000006.00000002.3789945056.00000000078FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: rekeywiz.exe, 00000006.00000002.3789945056.00000000078FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005348000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002E78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://companies.rbc.ru/
                Source: rekeywiz.exe, 00000006.00000002.3789945056.00000000078FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: rekeywiz.exe, 00000006.00000002.3789945056.00000000078FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: rekeywiz.exe, 00000006.00000002.3789945056.00000000078FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv209h
                Source: rekeywiz.exe, 00000006.00000002.3789945056.00000000078FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005348000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002E78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
                Source: rekeywiz.exe, 00000006.00000002.3785808190.00000000005D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.li
                Source: rekeywiz.exe, 00000006.00000002.3785808190.00000000005D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: rekeywiz.exe, 00000006.00000002.3785808190.00000000005D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: rekeywiz.exe, 00000006.00000002.3785808190.00000000005D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: rekeywiz.exe, 00000006.00000002.3785808190.00000000005D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: rekeywiz.exe, 00000006.00000002.3785808190.00000000005D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: rekeywiz.exe, 00000006.00000002.3785808190.00000000005D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: rekeywiz.exe, 00000006.00000003.1921655966.00000000078D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005348000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002E78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.maplez.online&rand=
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005348000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002E78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
                Source: rekeywiz.exe, 00000006.00000002.3789945056.00000000078FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005FD8000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000003B08000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: rekeywiz.exe, 00000006.00000002.3789945056.00000000078FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldpX
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005348000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002E78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.rbc.ru/technology_and_media/
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005348000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002E78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.maplez.online&utm_medium=parking&utm_campaign=s_land_se
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005348000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002E78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.maplez.online&utm_medium=parking&utm_campaign=s_land_n
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005348000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002E78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.maplez.online&utm_medium=parking&utm_campaign=s_land_host
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005348000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002E78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/sozdanie-saita/
                Source: rekeywiz.exe, 00000006.00000002.3787482363.0000000005348000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000002E78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.maplez.online&amp;reg_source=parking_auto
                Source: hPIFXCuRV9.exe, 00000007.00000002.3786670791.0000000003FBE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.strato.de

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.7zKn77RsRX.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.7zKn77RsRX.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.3785605979.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1729468117.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3788440303.0000000004BA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3786668154.0000000000910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3786643946.00000000047F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1730366209.0000000001590000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3786884212.0000000004370000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1732619227.0000000003850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0042CB43 NtClose,1_2_0042CB43
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016735C0 NtCreateMutant,LdrInitializeThunk,1_2_016735C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672B60 NtClose,LdrInitializeThunk,1_2_01672B60
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_01672DF0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672C70 NtFreeVirtualMemory,LdrInitializeThunk,1_2_01672C70
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01673010 NtOpenDirectoryObject,1_2_01673010
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01673090 NtSetValueKey,1_2_01673090
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01674340 NtSetContextThread,1_2_01674340
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01674650 NtSuspendThread,1_2_01674650
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016739B0 NtGetContextThread,1_2_016739B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672BE0 NtQueryValueKey,1_2_01672BE0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672BF0 NtAllocateVirtualMemory,1_2_01672BF0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672BA0 NtEnumerateValueKey,1_2_01672BA0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672B80 NtQueryInformationFile,1_2_01672B80
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672AF0 NtWriteFile,1_2_01672AF0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672AD0 NtReadFile,1_2_01672AD0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672AB0 NtWaitForSingleObject,1_2_01672AB0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01673D70 NtOpenThread,1_2_01673D70
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672D30 NtUnmapViewOfSection,1_2_01672D30
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672D00 NtSetInformationFile,1_2_01672D00
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672D10 NtMapViewOfSection,1_2_01672D10
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01673D10 NtOpenProcessToken,1_2_01673D10
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672DD0 NtDelayExecution,1_2_01672DD0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672DB0 NtEnumerateKey,1_2_01672DB0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672C60 NtCreateKey,1_2_01672C60
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672C00 NtQueryInformationProcess,1_2_01672C00
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672CF0 NtOpenProcess,1_2_01672CF0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672CC0 NtQueryVirtualMemory,1_2_01672CC0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672CA0 NtQueryInformationToken,1_2_01672CA0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672F60 NtCreateProcessEx,1_2_01672F60
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672F30 NtCreateSection,1_2_01672F30
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672FE0 NtCreateFile,1_2_01672FE0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672FA0 NtQuerySection,1_2_01672FA0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672FB0 NtResumeThread,1_2_01672FB0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672F90 NtProtectVirtualMemory,1_2_01672F90
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672E30 NtWriteVirtualMemory,1_2_01672E30
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672EE0 NtQueueApcThread,1_2_01672EE0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672EA0 NtAdjustPrivilegesToken,1_2_01672EA0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01672E80 NtReadVirtualMemory,1_2_01672E80
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04684650 NtSuspendThread,LdrInitializeThunk,6_2_04684650
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04684340 NtSetContextThread,LdrInitializeThunk,6_2_04684340
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682C60 NtCreateKey,LdrInitializeThunk,6_2_04682C60
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_04682C70
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_04682CA0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_04682D30
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682D10 NtMapViewOfSection,LdrInitializeThunk,6_2_04682D10
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_04682DF0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682DD0 NtDelayExecution,LdrInitializeThunk,6_2_04682DD0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682EE0 NtQueueApcThread,LdrInitializeThunk,6_2_04682EE0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_04682E80
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682F30 NtCreateSection,LdrInitializeThunk,6_2_04682F30
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682FE0 NtCreateFile,LdrInitializeThunk,6_2_04682FE0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682FB0 NtResumeThread,LdrInitializeThunk,6_2_04682FB0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682AF0 NtWriteFile,LdrInitializeThunk,6_2_04682AF0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682AD0 NtReadFile,LdrInitializeThunk,6_2_04682AD0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682B60 NtClose,LdrInitializeThunk,6_2_04682B60
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682BE0 NtQueryValueKey,LdrInitializeThunk,6_2_04682BE0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_04682BF0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_04682BA0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046835C0 NtCreateMutant,LdrInitializeThunk,6_2_046835C0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046839B0 NtGetContextThread,LdrInitializeThunk,6_2_046839B0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682C00 NtQueryInformationProcess,6_2_04682C00
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682CF0 NtOpenProcess,6_2_04682CF0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682CC0 NtQueryVirtualMemory,6_2_04682CC0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682D00 NtSetInformationFile,6_2_04682D00
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682DB0 NtEnumerateKey,6_2_04682DB0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682E30 NtWriteVirtualMemory,6_2_04682E30
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682EA0 NtAdjustPrivilegesToken,6_2_04682EA0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682F60 NtCreateProcessEx,6_2_04682F60
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682FA0 NtQuerySection,6_2_04682FA0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682F90 NtProtectVirtualMemory,6_2_04682F90
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682AB0 NtWaitForSingleObject,6_2_04682AB0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04682B80 NtQueryInformationFile,6_2_04682B80
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04683010 NtOpenDirectoryObject,6_2_04683010
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04683090 NtSetValueKey,6_2_04683090
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04683D70 NtOpenThread,6_2_04683D70
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04683D10 NtOpenProcessToken,6_2_04683D10
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_00429370 NtCreateFile,6_2_00429370
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_004294E0 NtReadFile,6_2_004294E0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_004295D0 NtDeleteFile,6_2_004295D0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_00429670 NtClose,6_2_00429670
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_004297C0 NtAllocateVirtualMemory,6_2_004297C0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0447FACD NtSetContextThread,6_2_0447FACD
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0447FA81 NtSetContextThread,6_2_0447FA81
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_00B13E400_2_00B13E40
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_00B16F920_2_00B16F92
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_00B1DE6C0_2_00B1DE6C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_04B100400_2_04B10040
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_0703BF2D0_2_0703BF2D
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_087D5FC80_2_087D5FC8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_087DAA200_2_087DAA20
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_087D8F100_2_087D8F10
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_087D5FB80_2_087D5FB8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_087DB2F80_2_087DB2F8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_087D93480_2_087D9348
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_087DA5E80_2_087DA5E8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004019B31_2_004019B3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_00418A131_2_00418A13
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0040484B1_2_0040484B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0042F1531_2_0042F153
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004101B31_2_004101B3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004032301_2_00403230
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004103D31_2_004103D3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004023DF1_2_004023DF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0040E3B31_2_0040E3B3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_00416C231_2_00416C23
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0040E4F71_2_0040E4F7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0040457E1_2_0040457E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0040E5031_2_0040E503
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004026FB1_2_004026FB
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004027001_2_00402700
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0167516C1_2_0167516C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F1721_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0170B16B1_2_0170B16B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C81581_2_016C8158
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016301001_2_01630100
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DA1181_2_016DA118
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F81CC1_2_016F81CC
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164B1B01_2_0164B1B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017001AA1_2_017001AA
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F70E91_2_016F70E9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FF0E01_2_016FF0E0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EF0CC1_2_016EF0CC
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C01_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162D34C1_2_0162D34C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FA3521_2_016FA352
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F132D1_2_016F132D
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164E3F01_2_0164E3F0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017003E61_2_017003E6
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0168739A1_2_0168739A
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E02741_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165B2C01_2_0165B2C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C02C01_2_016C02C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016452A01_2_016452A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F75711_2_016F7571
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016405351_2_01640535
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DD5B01_2_016DD5B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017005911_2_01700591
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016314601_2_01631460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F24461_2_016F2446
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FF43F1_2_016FF43F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EE4F61_2_016EE4F6
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016407701_2_01640770
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016647501_2_01664750
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163C7C01_2_0163C7C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FF7B01_2_016FF7B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165C6E01_2_0165C6E0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F16CC1_2_016F16CC
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016569621_2_01656962
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016499501_2_01649950
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165B9501_2_0165B950
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016429A01_2_016429A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0170A9A61_2_0170A9A6
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016428401_2_01642840
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164A8401_2_0164A840
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AD8001_2_016AD800
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016438E01_2_016438E0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E8F01_2_0166E8F0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016268B81_2_016268B8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FFB761_2_016FFB76
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FAB401_2_016FAB40
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B5BF01_2_016B5BF0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0167DBF91_2_0167DBF9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F6BD71_2_016F6BD7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165FB801_2_0165FB80
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B3A6C1_2_016B3A6C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FFA491_2_016FFA49
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F7A461_2_016F7A46
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EDAC61_2_016EDAC6
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DDAAC1_2_016DDAAC
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01685AA01_2_01685AA0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163EA801_2_0163EA80
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F7D731_2_016F7D73
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01643D401_2_01643D40
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F1D5A1_2_016F1D5A
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164AD001_2_0164AD00
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163ADE01_2_0163ADE0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165FDC01_2_0165FDC0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01658DBF1_2_01658DBF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B9C321_2_016B9C32
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01640C001_2_01640C00
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01630CF21_2_01630CF2
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FFCF21_2_016FFCF2
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0CB51_2_016E0CB5
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B4F401_2_016B4F40
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01682F281_2_01682F28
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01660F301_2_01660F30
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FFF091_2_016FFF09
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164CFE01_2_0164CFE0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01632FC81_2_01632FC8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016BEFA01_2_016BEFA0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FFFB11_2_016FFFB1
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641F921_2_01641F92
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01640E591_2_01640E59
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FEE261_2_016FEE26
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FEEDB1_2_016FEEDB
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01649EB01_2_01649EB0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01652E901_2_01652E90
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FCE931_2_016FCE93
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_047024466_2_04702446
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046F44206_2_046F4420
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046FE4F66_2_046FE4F6
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046505356_2_04650535
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_047105916_2_04710591
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0466C6E06_2_0466C6E0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046507706_2_04650770
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046747506_2_04674750
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0464C7C06_2_0464C7C0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046E20006_2_046E2000
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046D81586_2_046D8158
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046401006_2_04640100
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046EA1186_2_046EA118
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_047081CC6_2_047081CC
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_047041A26_2_047041A2
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_047101AA6_2_047101AA
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046F02746_2_046F0274
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046D02C06_2_046D02C0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470A3526_2_0470A352
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0465E3F06_2_0465E3F0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_047103E66_2_047103E6
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04650C006_2_04650C00
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04640CF26_2_04640CF2
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0465AD006_2_0465AD00
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046ECD1F6_2_046ECD1F
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0464ADE06_2_0464ADE0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04668DBF6_2_04668DBF
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04650E596_2_04650E59
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470EE266_2_0470EE26
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470EEDB6_2_0470EEDB
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470CE936_2_0470CE93
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04662E906_2_04662E90
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046C4F406_2_046C4F40
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04692F286_2_04692F28
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04670F306_2_04670F30
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046F2F306_2_046F2F30
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0465CFE06_2_0465CFE0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04642FC86_2_04642FC8
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046CEFA06_2_046CEFA0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046528406_2_04652840
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0465A8406_2_0465A840
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0467E8F06_2_0467E8F0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046368B86_2_046368B8
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046669626_2_04666962
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046529A06_2_046529A0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0471A9A66_2_0471A9A6
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0464EA806_2_0464EA80
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470AB406_2_0470AB40
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04706BD76_2_04706BD7
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046414606_2_04641460
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470F43F6_2_0470F43F
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_047075716_2_04707571
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_047195C36_2_047195C3
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046ED5B06_2_046ED5B0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046956306_2_04695630
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_047016CC6_2_047016CC
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470F7B06_2_0470F7B0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470F0E06_2_0470F0E0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_047070E96_2_047070E9
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046FF0CC6_2_046FF0CC
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046570C06_2_046570C0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0468516C6_2_0468516C
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0463F1726_2_0463F172
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0471B16B6_2_0471B16B
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0465B1B06_2_0465B1B0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046F12ED6_2_046F12ED
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0466B2C06_2_0466B2C0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046552A06_2_046552A0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0463D34C6_2_0463D34C
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470132D6_2_0470132D
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0469739A6_2_0469739A
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046C9C326_2_046C9C32
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470FCF26_2_0470FCF2
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04707D736_2_04707D73
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04653D406_2_04653D40
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04701D5A6_2_04701D5A
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0466FDC06_2_0466FDC0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04659EB06_2_04659EB0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04657F0D6_2_04657F0D
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470FF096_2_0470FF09
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470FFB16_2_0470FFB1
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04651F926_2_04651F92
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046BD8006_2_046BD800
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046538E06_2_046538E0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046599506_2_04659950
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0466B9506_2_0466B950
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046E59106_2_046E5910
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046C3A6C6_2_046C3A6C
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04707A466_2_04707A46
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470FA496_2_0470FA49
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046FDAC66_2_046FDAC6
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046EDAAC6_2_046EDAAC
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_04695AA06_2_04695AA0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046F1AA36_2_046F1AA3
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0470FB766_2_0470FB76
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0468DBF96_2_0468DBF9
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046C5BF06_2_046C5BF0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0466FB806_2_0466FB80
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_00411E906_2_00411E90
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0040CCE06_2_0040CCE0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0040AEE06_2_0040AEE0
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0040CF006_2_0040CF00
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0040B0246_2_0040B024
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0040B0306_2_0040B030
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_004010AB6_2_004010AB
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_004013786_2_00401378
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_004155406_2_00415540
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_004137506_2_00413750
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0042BC806_2_0042BC80
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0447E4236_2_0447E423
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0447E7BC6_2_0447E7BC
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0447E3046_2_0447E304
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0447D8886_2_0447D888
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0447CB236_2_0447CB23
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: String function: 0162B970 appears 268 times
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: String function: 016AEA12 appears 86 times
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: String function: 01687E54 appears 96 times
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: String function: 016BF290 appears 105 times
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: String function: 01675130 appears 36 times
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: String function: 04697E54 appears 111 times
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: String function: 046BEA12 appears 86 times
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: String function: 0463B970 appears 263 times
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: String function: 046CF290 appears 105 times
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: String function: 04685130 appears 58 times
                Source: 7zKn77RsRX.exe, 00000000.00000002.1341903389.0000000007010000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs 7zKn77RsRX.exe
                Source: 7zKn77RsRX.exe, 00000000.00000000.1309837655.00000000001C8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUvSY.exeB vs 7zKn77RsRX.exe
                Source: 7zKn77RsRX.exe, 00000000.00000002.1338859892.0000000003469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs 7zKn77RsRX.exe
                Source: 7zKn77RsRX.exe, 00000000.00000002.1323435261.0000000002461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs 7zKn77RsRX.exe
                Source: 7zKn77RsRX.exe, 00000000.00000002.1341969731.0000000007040000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs 7zKn77RsRX.exe
                Source: 7zKn77RsRX.exe, 00000000.00000002.1322047671.000000000078E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 7zKn77RsRX.exe
                Source: 7zKn77RsRX.exe, 00000000.00000002.1323435261.00000000024AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs 7zKn77RsRX.exe
                Source: 7zKn77RsRX.exe, 00000001.00000002.1729881677.0000000001347000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamerekeywiz.exej% vs 7zKn77RsRX.exe
                Source: 7zKn77RsRX.exe, 00000001.00000002.1730585582.000000000172D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 7zKn77RsRX.exe
                Source: 7zKn77RsRX.exeBinary or memory string: OriginalFilenameUvSY.exeB vs 7zKn77RsRX.exe
                Source: 7zKn77RsRX.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 7zKn77RsRX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, kv35lVaQ8osf8gjMVG.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, kv35lVaQ8osf8gjMVG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, kv35lVaQ8osf8gjMVG.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, kv35lVaQ8osf8gjMVG.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, kv35lVaQ8osf8gjMVG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, kv35lVaQ8osf8gjMVG.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, Jmd1Ef4iXu8yFiPo2g.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, Jmd1Ef4iXu8yFiPo2g.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, Jmd1Ef4iXu8yFiPo2g.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, Jmd1Ef4iXu8yFiPo2g.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@15/13
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\7zKn77RsRX.exe.logJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\rekeywiz.exeFile created: C:\Users\user\AppData\Local\Temp\4Fr641e5Jump to behavior
                Source: 7zKn77RsRX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 7zKn77RsRX.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: rekeywiz.exe, 00000006.00000003.1926797102.000000000060E000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000003.1926797102.000000000062F000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3785808190.000000000065B000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3785808190.000000000062F000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3785808190.0000000000638000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: 7zKn77RsRX.exeVirustotal: Detection: 80%
                Source: 7zKn77RsRX.exeReversingLabs: Detection: 73%
                Source: unknownProcess created: C:\Users\user\Desktop\7zKn77RsRX.exe "C:\Users\user\Desktop\7zKn77RsRX.exe"
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess created: C:\Users\user\Desktop\7zKn77RsRX.exe "C:\Users\user\Desktop\7zKn77RsRX.exe"
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeProcess created: C:\Windows\SysWOW64\rekeywiz.exe "C:\Windows\SysWOW64\rekeywiz.exe"
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess created: C:\Users\user\Desktop\7zKn77RsRX.exe "C:\Users\user\Desktop\7zKn77RsRX.exe"Jump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeProcess created: C:\Windows\SysWOW64\rekeywiz.exe "C:\Windows\SysWOW64\rekeywiz.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: efsadu.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: dsrole.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: efsutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: cryptui.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: mfc42u.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: credui.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: feclient.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: 7zKn77RsRX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: 7zKn77RsRX.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: 7zKn77RsRX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: UvSY.pdb source: rekeywiz.exe, 00000006.00000002.3786807100.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787482363.0000000004C3C000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.000000000276C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2038323521.00000000275DC000.00000004.80000000.00040000.00000000.sdmp, 7zKn77RsRX.exe
                Source: Binary string: rekeywiz.pdb source: 7zKn77RsRX.exe, 00000001.00000002.1729881677.0000000001347000.00000004.00000020.00020000.00000000.sdmp, hPIFXCuRV9.exe, 00000005.00000002.3786104434.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: 7zKn77RsRX.exe, 00000001.00000002.1730585582.0000000001600000.00000040.00001000.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787086291.00000000047AE000.00000040.00001000.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000003.1732328501.000000000445F000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000003.1729868273.00000000042A9000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787086291.0000000004610000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: 7zKn77RsRX.exe, 7zKn77RsRX.exe, 00000001.00000002.1730585582.0000000001600000.00000040.00001000.00020000.00000000.sdmp, rekeywiz.exe, rekeywiz.exe, 00000006.00000002.3787086291.00000000047AE000.00000040.00001000.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000003.1732328501.000000000445F000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000003.1729868273.00000000042A9000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787086291.0000000004610000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: rekeywiz.pdbGCTL source: 7zKn77RsRX.exe, 00000001.00000002.1729881677.0000000001347000.00000004.00000020.00020000.00000000.sdmp, hPIFXCuRV9.exe, 00000005.00000002.3786104434.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: UvSY.pdbSHA256 source: rekeywiz.exe, 00000006.00000002.3786807100.00000000042AF000.00000004.00000020.00020000.00000000.sdmp, rekeywiz.exe, 00000006.00000002.3787482363.0000000004C3C000.00000004.10000000.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000002.3786670791.000000000276C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2038323521.00000000275DC000.00000004.80000000.00040000.00000000.sdmp, 7zKn77RsRX.exe
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: hPIFXCuRV9.exe, 00000005.00000000.1648813193.000000000062F000.00000002.00000001.01000000.0000000A.sdmp, hPIFXCuRV9.exe, 00000007.00000000.1808015536.000000000062F000.00000002.00000001.01000000.0000000A.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 7zKn77RsRX.exe, Form3.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 0.2.7zKn77RsRX.exe.24da118.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, kv35lVaQ8osf8gjMVG.cs.Net Code: fpcSZjAup2 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.7zKn77RsRX.exe.7010000.4.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, kv35lVaQ8osf8gjMVG.cs.Net Code: fpcSZjAup2 System.Reflection.Assembly.Load(byte[])
                Source: 6.2.rekeywiz.exe.4c3cd14.2.raw.unpack, Form3.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 7.0.hPIFXCuRV9.exe.276cd14.1.raw.unpack, Form3.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 7.2.hPIFXCuRV9.exe.276cd14.1.raw.unpack, Form3.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 10.2.firefox.exe.275dcd14.0.raw.unpack, Form3.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 7zKn77RsRX.exeStatic PE information: 0xCFF6327B [Wed Jul 24 03:48:11 2080 UTC]
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_0703E4AB pushad ; retf 0_2_0703E4B1
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_0703F3F8 push 5DFFFFEDh; ret 0_2_0703F409
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 0_2_087DCBB2 push esi; ret 0_2_087DCBB7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_00401270 push ebp; iretd 1_2_00401372
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0040DB31 push eax; ret 1_2_0040DB32
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0041ABF3 push edi; retf 1_2_0041ABFC
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_00414BF3 push ecx; iretd 1_2_00414C4B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004014CD push ebp; iretd 1_2_004014D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004034D0 push eax; ret 1_2_004034D2
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004074FB push ecx; iretd 1_2_004074FE
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_00414D4F push ebx; iretd 1_2_00414E35
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_00414DDB push ebx; iretd 1_2_00414E35
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_00414E3E push ebx; retf 1_2_00414E47
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004086CC push es; iretd 1_2_004086CF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_004016AE push ebp; iretd 1_2_004016B1
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0041772D push esi; iretd 1_2_00417730
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016309AD push ecx; mov dword ptr [esp], ecx1_2_016309B6
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046127FA pushad ; ret 6_2_046127F9
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0461225F pushad ; ret 6_2_046127F9
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0461283D push eax; iretd 6_2_04612858
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_046409AD push ecx; mov dword ptr [esp], ecx6_2_046409B6
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_00404028 push ecx; iretd 6_2_0040402B
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0041425A push esi; iretd 6_2_0041425D
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0040E388 push ebx; retf 6_2_0040E394
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_00410690 push es; ret 6_2_004106C1
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_004051F9 push es; iretd 6_2_004051FC
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_00411720 push ecx; iretd 6_2_00411778
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_00417720 push edi; retf 6_2_00417729
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0041187C push ebx; iretd 6_2_00411962
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0041196B push ebx; retf 6_2_00411974
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_00411908 push ebx; iretd 6_2_00411962
                Source: 7zKn77RsRX.exeStatic PE information: section name: .text entropy: 7.80109651786998
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, JV77y65jcjBlZMgHcJ.csHigh entropy of concatenated method names: 'yB2bAIMrim', 'JbvbCcQ9DY', 'MS0bZOtdZG', 'bm0bnwW2Nj', 'o5SbK1yH6S', 'XN2b9Ro1Sp', 'vP4bRW8XWE', 'wIRb4RkgmR', 'a6Eb65bbmT', 'jV3bL8pGkQ'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, DZTQp2Ikgc4xMj5txG.csHigh entropy of concatenated method names: 'mLyvyn7wus', 'ieevV90MPk', 'TEIvvwwkhF', 'rMRviOQfMg', 'm2NvPIsBVD', 'Nfevo5ONQv', 'Dispose', 'fqh2k6hKtd', 'Sh32WIR1VQ', 'vJi2Qv8yyZ'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, qjkdvltn1u9u1p606o.csHigh entropy of concatenated method names: 'GLk0QhuHFC', 'rqo0xyeF5x', 'KY20qG7FaM', 'WAu0b3guqn', 'DiL0vy8QTD', 'TdH0aK2nrA', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, fXFDfomnCCxeIDPud8.csHigh entropy of concatenated method names: 'oFbkZjhpNR5aQSGPAbD', 'etug44hHMv9RtVcjWEk', 'rtJq2XCvaG', 'baCqvZIyQx', 'kuZq0DMklS', 'HBI1Jeh3nhoJPXOVLd0', 'yw1UQuhb8lfNUd89VUV'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, fuSjXpJu8uP2AyRJBN.csHigh entropy of concatenated method names: 'YvYZwPCyL', 'xO3nXfXmJ', 'OGG9bRvod', 'ehdRxo0i7', 'BXd61vYF0', 'T2jLtcSH0', 'lEnQ0qDOyEo15FJVO4', 's2C8bGINe0hMKrQX3P', 'Eih2HPSTt', 'oy00shl2C'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, yFmVKSWCO0ZOiZGncG.csHigh entropy of concatenated method names: 'Dispose', 'R4x3HMj5tx', 'KcAJmZ2wkS', 'cpYy4LyEl5', 'Std3tHJoio', 'rdb3z8uGIe', 'ProcessDialogKey', 'e2TJYDjL97', 'bDMJ3B0nFH', 'QLkJJVjkdv'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, cBRTic3SykWWUxidX23.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tNTgvb7epq', 'n2Gg0kgrRS', 'y23gi7Kunk', 'V2Ygg6Ttne', 'mx9gPd4KGV', 'ODNgfWdWon', 'hlogo7Byip'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, B1KqdUhWWC9sOeCglV.csHigh entropy of concatenated method names: 'dfeqlU3lZ8', 'tehqWyyHJb', 'Sbqqxl6xDw', 'EKMqbQkAXy', 'VCPqac17cE', 'bOqxNiq4y0', 'wfZxTFhjQ4', 'FQixIm9fPi', 'yoGxryxWsZ', 'X0ZxHfdlVK'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, ARC4983YLy5TIDpaFDw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'dCm08w5cX3', 'qB10BARZrG', 'd830F12u8i', 'NKl0c3sH60', 'Eti0E3wofp', 'uB70GA0jfi', 'qsQ0OAf2md'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, fPRO9BLaKbW2nWGYYs.csHigh entropy of concatenated method names: 'VRZxKpZGuA', 'NJjxRoKgE2', 'JV9QuKBKBb', 'UILQXRGAjZ', 'cxBQ1BGokF', 'mvVQj0WbAg', 'qvYQDdA5fC', 'PUnQ7mOoIE', 'C8HQ579U5q', 'l0EQpuPrEs'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, Jmd1Ef4iXu8yFiPo2g.csHigh entropy of concatenated method names: 'KMFWcZDs9b', 'bAhWENojDH', 'OcFWGV8hkX', 'LY2WO9LZhT', 'gVyWNRpMD0', 'o3DWTbRxOC', 'IUYWIYxOX9', 'APtWrpgP2n', 'mOcWH6EZjA', 'z3jWtMkg5y'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, kIS0PlSIL8bUbRHl3E.csHigh entropy of concatenated method names: 'Hq13bmd1Ef', 'tXu3a8yFiP', 'lBl3eCOLHV', 'Q1l3wmWPRO', 'gGY3yYsK1K', 'jdU3sWWC9s', 'Y5xgpZ0wAxcTsp2HJN', 'VH7oQc69HQKH5vCWkh', 'QcP33wdpcC', 'hag3dAONXY'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, cox3SOF1q5VyHbowyN.csHigh entropy of concatenated method names: 'aCgU4v2J7P', 'w3EU6cVDNu', 'SbLUhmHj7Z', 'JCRUmAo7tO', 'nvHUXqTwLZ', 'pnUU1iGrBQ', 'N4aUDj3pCf', 'rsZU7n61sM', 'PxHUpGoZEp', 'uJBU8giZ5f'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, yxjetBzqyZH0NttQpm.csHigh entropy of concatenated method names: 'YrS09NivO9', 'w3604r6jkW', 'nhp06pG3vd', 'v8c0h0IVRg', 'KkY0mMmUCS', 'fy10Xw5hme', 'lkO01f9BqD', 'WEr0o0hu8W', 'SPG0Am7KMU', 'cue0C4OeFS'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, jdL6VQcLfyZwkgnnZr.csHigh entropy of concatenated method names: 'BtTypmVNcI', 'QK7yBETWgs', 'q8lycLKI9l', 'GYJyE7dqEj', 'bXBymRnpX0', 'l8Oyu7XedF', 'XXLyX2r5Zv', 'mpby1JKYps', 'oYFyj75bgP', 'CutyDnh8I9'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, VDjL97HJDMB0nFHFLk.csHigh entropy of concatenated method names: 'CwyvhSqLcA', 'RH5vmMMORh', 'ITZvuG22np', 'L6lvXdWhXo', 'lkev1MoupX', 'sVsvjLSHNl', 'LRCvDMth8x', 'oTtv7mRBH7', 'iG5v51f6wk', 'OSMvpXZmIJ'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, jGrk9wDD1vZhkJ99W8.csHigh entropy of concatenated method names: 'KPVbk1wFDY', 'hywbQhXwgl', 'LQ3bqaSOF5', 'dWUqtUIgff', 'RwbqzxuxHr', 'EQ5bYse9UZ', 'dTrb3kXvjA', 'FDRbJstfe2', 'Vgebdvd8hG', 'vrMbS4LjNH'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, uKhpE633QhUZ0SVkcrE.csHigh entropy of concatenated method names: 'T9H0tbwW9M', 'oLx0zTXXPv', 'iFciYe3mk1', 'FO3i3xSqAa', 'NQaiJsO4tj', 'DJvidGkwMD', 'DZDiSS9IKd', 'PuPiliejDA', 'KSaik6qaZc', 'cn3iW8R5m6'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, Y1xv1M6BlCOLHVc1lm.csHigh entropy of concatenated method names: 'wQtQnfhmLt', 'HkLQ9ZH4iM', 'RhgQ41VDBq', 'aCvQ6k7p0h', 'aWLQyIQpMf', 'K1JQsYdsFK', 'wJSQVWB1WZ', 'wISQ2G6yNd', 'cq8QvwOmQX', 'QpNQ0NAEay'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, dxVDQATJmVprCyYF8m.csHigh entropy of concatenated method names: 'Ex4VrXkZ4v', 'C2mVtNB1yN', 'iIt2YW9XeD', 'yFe23fnhLZ', 'qeQV8BvbHV', 'rU4VBsBvR9', 'E5eVFdrk7H', 'TQMVcl8LqL', 'nTLVEpP1N4', 'Jb2VGpq2Fe'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, QuLmCOXYRwKZYUNHog.csHigh entropy of concatenated method names: 'CYaqoxA5uw', 'dXtqAbFHoK', 'g4LqZG86lU', 'zCaqnQDRqP', 'W2Iq9ti5Aj', 'vJ0qRnZrQa', 'teDq6lXFvB', 'sVSqLU82eG', 's22rnFhmdX2WDQsoHoV', 'C4G1crhi1hVgufLKkIQ'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, kv35lVaQ8osf8gjMVG.csHigh entropy of concatenated method names: 'PeadlwIQPL', 'lO4dkv6pTy', 'gTTdWbwKxG', 'sXWdQgG3oU', 'yRHdxD9oCT', 'YIUdqZohEV', 'Bpsdb1qOId', 'ON4daouTaP', 'KgOdMh5JZX', 'Kjadev8VRf'
                Source: 0.2.7zKn77RsRX.exe.7040000.5.raw.unpack, m9FP6XO6yOJeK7D4St.csHigh entropy of concatenated method names: 'MmvVe4K6yO', 'HrxVw9DwJI', 'ToString', 'O4NVkueSn8', 'M3GVWBrZ6V', 'zRsVQl58UL', 'MkOVxYhUF5', 'zbyVq8xnOe', 'MvBVb1tKa6', 'x5rVapsHAc'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, JV77y65jcjBlZMgHcJ.csHigh entropy of concatenated method names: 'yB2bAIMrim', 'JbvbCcQ9DY', 'MS0bZOtdZG', 'bm0bnwW2Nj', 'o5SbK1yH6S', 'XN2b9Ro1Sp', 'vP4bRW8XWE', 'wIRb4RkgmR', 'a6Eb65bbmT', 'jV3bL8pGkQ'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, DZTQp2Ikgc4xMj5txG.csHigh entropy of concatenated method names: 'mLyvyn7wus', 'ieevV90MPk', 'TEIvvwwkhF', 'rMRviOQfMg', 'm2NvPIsBVD', 'Nfevo5ONQv', 'Dispose', 'fqh2k6hKtd', 'Sh32WIR1VQ', 'vJi2Qv8yyZ'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, qjkdvltn1u9u1p606o.csHigh entropy of concatenated method names: 'GLk0QhuHFC', 'rqo0xyeF5x', 'KY20qG7FaM', 'WAu0b3guqn', 'DiL0vy8QTD', 'TdH0aK2nrA', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, fXFDfomnCCxeIDPud8.csHigh entropy of concatenated method names: 'oFbkZjhpNR5aQSGPAbD', 'etug44hHMv9RtVcjWEk', 'rtJq2XCvaG', 'baCqvZIyQx', 'kuZq0DMklS', 'HBI1Jeh3nhoJPXOVLd0', 'yw1UQuhb8lfNUd89VUV'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, fuSjXpJu8uP2AyRJBN.csHigh entropy of concatenated method names: 'YvYZwPCyL', 'xO3nXfXmJ', 'OGG9bRvod', 'ehdRxo0i7', 'BXd61vYF0', 'T2jLtcSH0', 'lEnQ0qDOyEo15FJVO4', 's2C8bGINe0hMKrQX3P', 'Eih2HPSTt', 'oy00shl2C'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, yFmVKSWCO0ZOiZGncG.csHigh entropy of concatenated method names: 'Dispose', 'R4x3HMj5tx', 'KcAJmZ2wkS', 'cpYy4LyEl5', 'Std3tHJoio', 'rdb3z8uGIe', 'ProcessDialogKey', 'e2TJYDjL97', 'bDMJ3B0nFH', 'QLkJJVjkdv'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, cBRTic3SykWWUxidX23.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tNTgvb7epq', 'n2Gg0kgrRS', 'y23gi7Kunk', 'V2Ygg6Ttne', 'mx9gPd4KGV', 'ODNgfWdWon', 'hlogo7Byip'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, B1KqdUhWWC9sOeCglV.csHigh entropy of concatenated method names: 'dfeqlU3lZ8', 'tehqWyyHJb', 'Sbqqxl6xDw', 'EKMqbQkAXy', 'VCPqac17cE', 'bOqxNiq4y0', 'wfZxTFhjQ4', 'FQixIm9fPi', 'yoGxryxWsZ', 'X0ZxHfdlVK'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, ARC4983YLy5TIDpaFDw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'dCm08w5cX3', 'qB10BARZrG', 'd830F12u8i', 'NKl0c3sH60', 'Eti0E3wofp', 'uB70GA0jfi', 'qsQ0OAf2md'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, fPRO9BLaKbW2nWGYYs.csHigh entropy of concatenated method names: 'VRZxKpZGuA', 'NJjxRoKgE2', 'JV9QuKBKBb', 'UILQXRGAjZ', 'cxBQ1BGokF', 'mvVQj0WbAg', 'qvYQDdA5fC', 'PUnQ7mOoIE', 'C8HQ579U5q', 'l0EQpuPrEs'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, Jmd1Ef4iXu8yFiPo2g.csHigh entropy of concatenated method names: 'KMFWcZDs9b', 'bAhWENojDH', 'OcFWGV8hkX', 'LY2WO9LZhT', 'gVyWNRpMD0', 'o3DWTbRxOC', 'IUYWIYxOX9', 'APtWrpgP2n', 'mOcWH6EZjA', 'z3jWtMkg5y'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, kIS0PlSIL8bUbRHl3E.csHigh entropy of concatenated method names: 'Hq13bmd1Ef', 'tXu3a8yFiP', 'lBl3eCOLHV', 'Q1l3wmWPRO', 'gGY3yYsK1K', 'jdU3sWWC9s', 'Y5xgpZ0wAxcTsp2HJN', 'VH7oQc69HQKH5vCWkh', 'QcP33wdpcC', 'hag3dAONXY'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, cox3SOF1q5VyHbowyN.csHigh entropy of concatenated method names: 'aCgU4v2J7P', 'w3EU6cVDNu', 'SbLUhmHj7Z', 'JCRUmAo7tO', 'nvHUXqTwLZ', 'pnUU1iGrBQ', 'N4aUDj3pCf', 'rsZU7n61sM', 'PxHUpGoZEp', 'uJBU8giZ5f'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, yxjetBzqyZH0NttQpm.csHigh entropy of concatenated method names: 'YrS09NivO9', 'w3604r6jkW', 'nhp06pG3vd', 'v8c0h0IVRg', 'KkY0mMmUCS', 'fy10Xw5hme', 'lkO01f9BqD', 'WEr0o0hu8W', 'SPG0Am7KMU', 'cue0C4OeFS'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, jdL6VQcLfyZwkgnnZr.csHigh entropy of concatenated method names: 'BtTypmVNcI', 'QK7yBETWgs', 'q8lycLKI9l', 'GYJyE7dqEj', 'bXBymRnpX0', 'l8Oyu7XedF', 'XXLyX2r5Zv', 'mpby1JKYps', 'oYFyj75bgP', 'CutyDnh8I9'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, VDjL97HJDMB0nFHFLk.csHigh entropy of concatenated method names: 'CwyvhSqLcA', 'RH5vmMMORh', 'ITZvuG22np', 'L6lvXdWhXo', 'lkev1MoupX', 'sVsvjLSHNl', 'LRCvDMth8x', 'oTtv7mRBH7', 'iG5v51f6wk', 'OSMvpXZmIJ'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, jGrk9wDD1vZhkJ99W8.csHigh entropy of concatenated method names: 'KPVbk1wFDY', 'hywbQhXwgl', 'LQ3bqaSOF5', 'dWUqtUIgff', 'RwbqzxuxHr', 'EQ5bYse9UZ', 'dTrb3kXvjA', 'FDRbJstfe2', 'Vgebdvd8hG', 'vrMbS4LjNH'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, uKhpE633QhUZ0SVkcrE.csHigh entropy of concatenated method names: 'T9H0tbwW9M', 'oLx0zTXXPv', 'iFciYe3mk1', 'FO3i3xSqAa', 'NQaiJsO4tj', 'DJvidGkwMD', 'DZDiSS9IKd', 'PuPiliejDA', 'KSaik6qaZc', 'cn3iW8R5m6'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, Y1xv1M6BlCOLHVc1lm.csHigh entropy of concatenated method names: 'wQtQnfhmLt', 'HkLQ9ZH4iM', 'RhgQ41VDBq', 'aCvQ6k7p0h', 'aWLQyIQpMf', 'K1JQsYdsFK', 'wJSQVWB1WZ', 'wISQ2G6yNd', 'cq8QvwOmQX', 'QpNQ0NAEay'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, dxVDQATJmVprCyYF8m.csHigh entropy of concatenated method names: 'Ex4VrXkZ4v', 'C2mVtNB1yN', 'iIt2YW9XeD', 'yFe23fnhLZ', 'qeQV8BvbHV', 'rU4VBsBvR9', 'E5eVFdrk7H', 'TQMVcl8LqL', 'nTLVEpP1N4', 'Jb2VGpq2Fe'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, QuLmCOXYRwKZYUNHog.csHigh entropy of concatenated method names: 'CYaqoxA5uw', 'dXtqAbFHoK', 'g4LqZG86lU', 'zCaqnQDRqP', 'W2Iq9ti5Aj', 'vJ0qRnZrQa', 'teDq6lXFvB', 'sVSqLU82eG', 's22rnFhmdX2WDQsoHoV', 'C4G1crhi1hVgufLKkIQ'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, kv35lVaQ8osf8gjMVG.csHigh entropy of concatenated method names: 'PeadlwIQPL', 'lO4dkv6pTy', 'gTTdWbwKxG', 'sXWdQgG3oU', 'yRHdxD9oCT', 'YIUdqZohEV', 'Bpsdb1qOId', 'ON4daouTaP', 'KgOdMh5JZX', 'Kjadev8VRf'
                Source: 0.2.7zKn77RsRX.exe.36dfdf8.3.raw.unpack, m9FP6XO6yOJeK7D4St.csHigh entropy of concatenated method names: 'MmvVe4K6yO', 'HrxVw9DwJI', 'ToString', 'O4NVkueSn8', 'M3GVWBrZ6V', 'zRsVQl58UL', 'MkOVxYhUF5', 'zbyVq8xnOe', 'MvBVb1tKa6', 'x5rVapsHAc'
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: 7zKn77RsRX.exe PID: 8596, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\rekeywiz.exeAPI/Special instruction interceptor: Address: 7FF84F7AD324
                Source: C:\Windows\SysWOW64\rekeywiz.exeAPI/Special instruction interceptor: Address: 7FF84F7AD7E4
                Source: C:\Windows\SysWOW64\rekeywiz.exeAPI/Special instruction interceptor: Address: 7FF84F7AD944
                Source: C:\Windows\SysWOW64\rekeywiz.exeAPI/Special instruction interceptor: Address: 7FF84F7AD504
                Source: C:\Windows\SysWOW64\rekeywiz.exeAPI/Special instruction interceptor: Address: 7FF84F7AD544
                Source: C:\Windows\SysWOW64\rekeywiz.exeAPI/Special instruction interceptor: Address: 7FF84F7AD1E4
                Source: C:\Windows\SysWOW64\rekeywiz.exeAPI/Special instruction interceptor: Address: 7FF84F7B0154
                Source: C:\Windows\SysWOW64\rekeywiz.exeAPI/Special instruction interceptor: Address: 7FF84F7ADA44
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeMemory allocated: B10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeMemory allocated: 2460000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeMemory allocated: 4460000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeMemory allocated: 8810000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeMemory allocated: 7210000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeMemory allocated: 9810000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeMemory allocated: A810000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AD1C0 rdtsc 1_2_016AD1C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeWindow / User API: threadDelayed 5074Jump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeWindow / User API: threadDelayed 4900Jump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeAPI coverage: 0.9 %
                Source: C:\Windows\SysWOW64\rekeywiz.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\7zKn77RsRX.exe TID: 8616Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exe TID: 8272Thread sleep count: 5074 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exe TID: 8272Thread sleep time: -10148000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exe TID: 8272Thread sleep count: 4900 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exe TID: 8272Thread sleep time: -9800000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exe TID: 8244Thread sleep time: -80000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exe TID: 8244Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exe TID: 8244Thread sleep time: -54000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exe TID: 8244Thread sleep count: 40 > 30Jump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exe TID: 8244Thread sleep time: -40000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\rekeywiz.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\rekeywiz.exeCode function: 6_2_0041C780 FindFirstFileW,FindNextFileW,FindClose,6_2_0041C780
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 4Fr641e5.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: 4Fr641e5.6.drBinary or memory string: discord.comVMware20,11696428655f
                Source: 4Fr641e5.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: 4Fr641e5.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 4Fr641e5.6.drBinary or memory string: global block list test formVMware20,11696428655
                Source: 4Fr641e5.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: 4Fr641e5.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 4Fr641e5.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: 4Fr641e5.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: 4Fr641e5.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: 4Fr641e5.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: 4Fr641e5.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: 4Fr641e5.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 4Fr641e5.6.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 4Fr641e5.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: rekeywiz.exe, 00000006.00000002.3785808190.00000000005C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2039978257.000002C4E74BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 4Fr641e5.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 4Fr641e5.6.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: 4Fr641e5.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: 4Fr641e5.6.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: 4Fr641e5.6.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: 4Fr641e5.6.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: 4Fr641e5.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: 4Fr641e5.6.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: 4Fr641e5.6.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: 4Fr641e5.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: 4Fr641e5.6.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: 4Fr641e5.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: 4Fr641e5.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: hPIFXCuRV9.exe, 00000007.00000002.3786288270.0000000000819000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllL
                Source: 4Fr641e5.6.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 4Fr641e5.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: 4Fr641e5.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AD1C0 rdtsc 1_2_016AD1C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_00417BB3 LdrLoadDll,1_2_00417BB3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162F172 mov eax, dword ptr fs:[00000030h]1_2_0162F172
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C9179 mov eax, dword ptr fs:[00000030h]1_2_016C9179
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01705152 mov eax, dword ptr fs:[00000030h]1_2_01705152
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C4144 mov eax, dword ptr fs:[00000030h]1_2_016C4144
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C4144 mov eax, dword ptr fs:[00000030h]1_2_016C4144
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C4144 mov ecx, dword ptr fs:[00000030h]1_2_016C4144
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C4144 mov eax, dword ptr fs:[00000030h]1_2_016C4144
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C4144 mov eax, dword ptr fs:[00000030h]1_2_016C4144
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01629148 mov eax, dword ptr fs:[00000030h]1_2_01629148
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01629148 mov eax, dword ptr fs:[00000030h]1_2_01629148
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01629148 mov eax, dword ptr fs:[00000030h]1_2_01629148
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01629148 mov eax, dword ptr fs:[00000030h]1_2_01629148
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C3140 mov eax, dword ptr fs:[00000030h]1_2_016C3140
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C3140 mov eax, dword ptr fs:[00000030h]1_2_016C3140
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C3140 mov eax, dword ptr fs:[00000030h]1_2_016C3140
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01637152 mov eax, dword ptr fs:[00000030h]1_2_01637152
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162C156 mov eax, dword ptr fs:[00000030h]1_2_0162C156
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C8158 mov eax, dword ptr fs:[00000030h]1_2_016C8158
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01636154 mov eax, dword ptr fs:[00000030h]1_2_01636154
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01636154 mov eax, dword ptr fs:[00000030h]1_2_01636154
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01660124 mov eax, dword ptr fs:[00000030h]1_2_01660124
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01631131 mov eax, dword ptr fs:[00000030h]1_2_01631131
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01631131 mov eax, dword ptr fs:[00000030h]1_2_01631131
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162B136 mov eax, dword ptr fs:[00000030h]1_2_0162B136
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162B136 mov eax, dword ptr fs:[00000030h]1_2_0162B136
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162B136 mov eax, dword ptr fs:[00000030h]1_2_0162B136
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162B136 mov eax, dword ptr fs:[00000030h]1_2_0162B136
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DA118 mov ecx, dword ptr fs:[00000030h]1_2_016DA118
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DA118 mov eax, dword ptr fs:[00000030h]1_2_016DA118
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DA118 mov eax, dword ptr fs:[00000030h]1_2_016DA118
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DA118 mov eax, dword ptr fs:[00000030h]1_2_016DA118
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F0115 mov eax, dword ptr fs:[00000030h]1_2_016F0115
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016551EF mov eax, dword ptr fs:[00000030h]1_2_016551EF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016351ED mov eax, dword ptr fs:[00000030h]1_2_016351ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016D71F9 mov esi, dword ptr fs:[00000030h]1_2_016D71F9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017061E5 mov eax, dword ptr fs:[00000030h]1_2_017061E5
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016601F8 mov eax, dword ptr fs:[00000030h]1_2_016601F8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F61C3 mov eax, dword ptr fs:[00000030h]1_2_016F61C3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F61C3 mov eax, dword ptr fs:[00000030h]1_2_016F61C3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166D1D0 mov eax, dword ptr fs:[00000030h]1_2_0166D1D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166D1D0 mov ecx, dword ptr fs:[00000030h]1_2_0166D1D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AE1D0 mov eax, dword ptr fs:[00000030h]1_2_016AE1D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AE1D0 mov eax, dword ptr fs:[00000030h]1_2_016AE1D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AE1D0 mov ecx, dword ptr fs:[00000030h]1_2_016AE1D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AE1D0 mov eax, dword ptr fs:[00000030h]1_2_016AE1D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AE1D0 mov eax, dword ptr fs:[00000030h]1_2_016AE1D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017051CB mov eax, dword ptr fs:[00000030h]1_2_017051CB
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E11A4 mov eax, dword ptr fs:[00000030h]1_2_016E11A4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E11A4 mov eax, dword ptr fs:[00000030h]1_2_016E11A4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E11A4 mov eax, dword ptr fs:[00000030h]1_2_016E11A4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E11A4 mov eax, dword ptr fs:[00000030h]1_2_016E11A4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164B1B0 mov eax, dword ptr fs:[00000030h]1_2_0164B1B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01670185 mov eax, dword ptr fs:[00000030h]1_2_01670185
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EC188 mov eax, dword ptr fs:[00000030h]1_2_016EC188
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EC188 mov eax, dword ptr fs:[00000030h]1_2_016EC188
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B019F mov eax, dword ptr fs:[00000030h]1_2_016B019F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B019F mov eax, dword ptr fs:[00000030h]1_2_016B019F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B019F mov eax, dword ptr fs:[00000030h]1_2_016B019F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B019F mov eax, dword ptr fs:[00000030h]1_2_016B019F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162A197 mov eax, dword ptr fs:[00000030h]1_2_0162A197
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162A197 mov eax, dword ptr fs:[00000030h]1_2_0162A197
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162A197 mov eax, dword ptr fs:[00000030h]1_2_0162A197
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01687190 mov eax, dword ptr fs:[00000030h]1_2_01687190
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B106E mov eax, dword ptr fs:[00000030h]1_2_016B106E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01705060 mov eax, dword ptr fs:[00000030h]1_2_01705060
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov ecx, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01641070 mov eax, dword ptr fs:[00000030h]1_2_01641070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165C073 mov eax, dword ptr fs:[00000030h]1_2_0165C073
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AD070 mov ecx, dword ptr fs:[00000030h]1_2_016AD070
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01632050 mov eax, dword ptr fs:[00000030h]1_2_01632050
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016D705E mov ebx, dword ptr fs:[00000030h]1_2_016D705E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016D705E mov eax, dword ptr fs:[00000030h]1_2_016D705E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165B052 mov eax, dword ptr fs:[00000030h]1_2_0165B052
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B6050 mov eax, dword ptr fs:[00000030h]1_2_016B6050
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162A020 mov eax, dword ptr fs:[00000030h]1_2_0162A020
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162C020 mov eax, dword ptr fs:[00000030h]1_2_0162C020
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F903E mov eax, dword ptr fs:[00000030h]1_2_016F903E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F903E mov eax, dword ptr fs:[00000030h]1_2_016F903E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F903E mov eax, dword ptr fs:[00000030h]1_2_016F903E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F903E mov eax, dword ptr fs:[00000030h]1_2_016F903E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C6030 mov eax, dword ptr fs:[00000030h]1_2_016C6030
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B4000 mov ecx, dword ptr fs:[00000030h]1_2_016B4000
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164E016 mov eax, dword ptr fs:[00000030h]1_2_0164E016
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164E016 mov eax, dword ptr fs:[00000030h]1_2_0164E016
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164E016 mov eax, dword ptr fs:[00000030h]1_2_0164E016
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164E016 mov eax, dword ptr fs:[00000030h]1_2_0164E016
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016550E4 mov eax, dword ptr fs:[00000030h]1_2_016550E4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016550E4 mov ecx, dword ptr fs:[00000030h]1_2_016550E4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162A0E3 mov ecx, dword ptr fs:[00000030h]1_2_0162A0E3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016380E9 mov eax, dword ptr fs:[00000030h]1_2_016380E9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B60E0 mov eax, dword ptr fs:[00000030h]1_2_016B60E0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162C0F0 mov eax, dword ptr fs:[00000030h]1_2_0162C0F0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016720F0 mov ecx, dword ptr fs:[00000030h]1_2_016720F0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov ecx, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov ecx, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov ecx, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov ecx, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016470C0 mov eax, dword ptr fs:[00000030h]1_2_016470C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017050D9 mov eax, dword ptr fs:[00000030h]1_2_017050D9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AD0C0 mov eax, dword ptr fs:[00000030h]1_2_016AD0C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AD0C0 mov eax, dword ptr fs:[00000030h]1_2_016AD0C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B20DE mov eax, dword ptr fs:[00000030h]1_2_016B20DE
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016590DB mov eax, dword ptr fs:[00000030h]1_2_016590DB
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C80A8 mov eax, dword ptr fs:[00000030h]1_2_016C80A8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F60B8 mov eax, dword ptr fs:[00000030h]1_2_016F60B8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F60B8 mov ecx, dword ptr fs:[00000030h]1_2_016F60B8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163208A mov eax, dword ptr fs:[00000030h]1_2_0163208A
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016BD080 mov eax, dword ptr fs:[00000030h]1_2_016BD080
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016BD080 mov eax, dword ptr fs:[00000030h]1_2_016BD080
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162D08D mov eax, dword ptr fs:[00000030h]1_2_0162D08D
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01635096 mov eax, dword ptr fs:[00000030h]1_2_01635096
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165D090 mov eax, dword ptr fs:[00000030h]1_2_0165D090
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165D090 mov eax, dword ptr fs:[00000030h]1_2_0165D090
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166909C mov eax, dword ptr fs:[00000030h]1_2_0166909C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EF367 mov eax, dword ptr fs:[00000030h]1_2_016EF367
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016D437C mov eax, dword ptr fs:[00000030h]1_2_016D437C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01637370 mov eax, dword ptr fs:[00000030h]1_2_01637370
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01637370 mov eax, dword ptr fs:[00000030h]1_2_01637370
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01637370 mov eax, dword ptr fs:[00000030h]1_2_01637370
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B2349 mov eax, dword ptr fs:[00000030h]1_2_016B2349
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162D34C mov eax, dword ptr fs:[00000030h]1_2_0162D34C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162D34C mov eax, dword ptr fs:[00000030h]1_2_0162D34C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01705341 mov eax, dword ptr fs:[00000030h]1_2_01705341
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01629353 mov eax, dword ptr fs:[00000030h]1_2_01629353
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01629353 mov eax, dword ptr fs:[00000030h]1_2_01629353
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B035C mov eax, dword ptr fs:[00000030h]1_2_016B035C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B035C mov eax, dword ptr fs:[00000030h]1_2_016B035C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B035C mov eax, dword ptr fs:[00000030h]1_2_016B035C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B035C mov ecx, dword ptr fs:[00000030h]1_2_016B035C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B035C mov eax, dword ptr fs:[00000030h]1_2_016B035C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B035C mov eax, dword ptr fs:[00000030h]1_2_016B035C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FA352 mov eax, dword ptr fs:[00000030h]1_2_016FA352
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F132D mov eax, dword ptr fs:[00000030h]1_2_016F132D
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F132D mov eax, dword ptr fs:[00000030h]1_2_016F132D
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F32A mov eax, dword ptr fs:[00000030h]1_2_0165F32A
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01627330 mov eax, dword ptr fs:[00000030h]1_2_01627330
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B930B mov eax, dword ptr fs:[00000030h]1_2_016B930B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B930B mov eax, dword ptr fs:[00000030h]1_2_016B930B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B930B mov eax, dword ptr fs:[00000030h]1_2_016B930B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166A30B mov eax, dword ptr fs:[00000030h]1_2_0166A30B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166A30B mov eax, dword ptr fs:[00000030h]1_2_0166A30B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166A30B mov eax, dword ptr fs:[00000030h]1_2_0166A30B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162C310 mov ecx, dword ptr fs:[00000030h]1_2_0162C310
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01650310 mov ecx, dword ptr fs:[00000030h]1_2_01650310
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EF3E6 mov eax, dword ptr fs:[00000030h]1_2_016EF3E6
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017053FC mov eax, dword ptr fs:[00000030h]1_2_017053FC
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016403E9 mov eax, dword ptr fs:[00000030h]1_2_016403E9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016403E9 mov eax, dword ptr fs:[00000030h]1_2_016403E9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016403E9 mov eax, dword ptr fs:[00000030h]1_2_016403E9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016403E9 mov eax, dword ptr fs:[00000030h]1_2_016403E9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016403E9 mov eax, dword ptr fs:[00000030h]1_2_016403E9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016403E9 mov eax, dword ptr fs:[00000030h]1_2_016403E9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016403E9 mov eax, dword ptr fs:[00000030h]1_2_016403E9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016403E9 mov eax, dword ptr fs:[00000030h]1_2_016403E9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164E3F0 mov eax, dword ptr fs:[00000030h]1_2_0164E3F0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164E3F0 mov eax, dword ptr fs:[00000030h]1_2_0164E3F0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164E3F0 mov eax, dword ptr fs:[00000030h]1_2_0164E3F0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016663FF mov eax, dword ptr fs:[00000030h]1_2_016663FF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EC3CD mov eax, dword ptr fs:[00000030h]1_2_016EC3CD
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A3C0 mov eax, dword ptr fs:[00000030h]1_2_0163A3C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A3C0 mov eax, dword ptr fs:[00000030h]1_2_0163A3C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A3C0 mov eax, dword ptr fs:[00000030h]1_2_0163A3C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A3C0 mov eax, dword ptr fs:[00000030h]1_2_0163A3C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A3C0 mov eax, dword ptr fs:[00000030h]1_2_0163A3C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A3C0 mov eax, dword ptr fs:[00000030h]1_2_0163A3C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016383C0 mov eax, dword ptr fs:[00000030h]1_2_016383C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016383C0 mov eax, dword ptr fs:[00000030h]1_2_016383C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016383C0 mov eax, dword ptr fs:[00000030h]1_2_016383C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016383C0 mov eax, dword ptr fs:[00000030h]1_2_016383C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B63C0 mov eax, dword ptr fs:[00000030h]1_2_016B63C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EB3D0 mov ecx, dword ptr fs:[00000030h]1_2_016EB3D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016533A5 mov eax, dword ptr fs:[00000030h]1_2_016533A5
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016633A0 mov eax, dword ptr fs:[00000030h]1_2_016633A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016633A0 mov eax, dword ptr fs:[00000030h]1_2_016633A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162E388 mov eax, dword ptr fs:[00000030h]1_2_0162E388
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162E388 mov eax, dword ptr fs:[00000030h]1_2_0162E388
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162E388 mov eax, dword ptr fs:[00000030h]1_2_0162E388
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165438F mov eax, dword ptr fs:[00000030h]1_2_0165438F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165438F mov eax, dword ptr fs:[00000030h]1_2_0165438F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0170539D mov eax, dword ptr fs:[00000030h]1_2_0170539D
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0168739A mov eax, dword ptr fs:[00000030h]1_2_0168739A
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0168739A mov eax, dword ptr fs:[00000030h]1_2_0168739A
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01628397 mov eax, dword ptr fs:[00000030h]1_2_01628397
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01628397 mov eax, dword ptr fs:[00000030h]1_2_01628397
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01628397 mov eax, dword ptr fs:[00000030h]1_2_01628397
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01634260 mov eax, dword ptr fs:[00000030h]1_2_01634260
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01634260 mov eax, dword ptr fs:[00000030h]1_2_01634260
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01634260 mov eax, dword ptr fs:[00000030h]1_2_01634260
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FD26B mov eax, dword ptr fs:[00000030h]1_2_016FD26B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016FD26B mov eax, dword ptr fs:[00000030h]1_2_016FD26B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162826B mov eax, dword ptr fs:[00000030h]1_2_0162826B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01659274 mov eax, dword ptr fs:[00000030h]1_2_01659274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01671270 mov eax, dword ptr fs:[00000030h]1_2_01671270
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01671270 mov eax, dword ptr fs:[00000030h]1_2_01671270
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E0274 mov eax, dword ptr fs:[00000030h]1_2_016E0274
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01629240 mov eax, dword ptr fs:[00000030h]1_2_01629240
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01629240 mov eax, dword ptr fs:[00000030h]1_2_01629240
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B8243 mov eax, dword ptr fs:[00000030h]1_2_016B8243
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B8243 mov ecx, dword ptr fs:[00000030h]1_2_016B8243
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166724D mov eax, dword ptr fs:[00000030h]1_2_0166724D
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162A250 mov eax, dword ptr fs:[00000030h]1_2_0162A250
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EB256 mov eax, dword ptr fs:[00000030h]1_2_016EB256
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EB256 mov eax, dword ptr fs:[00000030h]1_2_016EB256
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01636259 mov eax, dword ptr fs:[00000030h]1_2_01636259
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016BD250 mov ecx, dword ptr fs:[00000030h]1_2_016BD250
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01705227 mov eax, dword ptr fs:[00000030h]1_2_01705227
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162823B mov eax, dword ptr fs:[00000030h]1_2_0162823B
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01667208 mov eax, dword ptr fs:[00000030h]1_2_01667208
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01667208 mov eax, dword ptr fs:[00000030h]1_2_01667208
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016E12ED mov eax, dword ptr fs:[00000030h]1_2_016E12ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016402E1 mov eax, dword ptr fs:[00000030h]1_2_016402E1
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016402E1 mov eax, dword ptr fs:[00000030h]1_2_016402E1
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016402E1 mov eax, dword ptr fs:[00000030h]1_2_016402E1
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017052E2 mov eax, dword ptr fs:[00000030h]1_2_017052E2
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EF2F8 mov eax, dword ptr fs:[00000030h]1_2_016EF2F8
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016292FF mov eax, dword ptr fs:[00000030h]1_2_016292FF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A2C3 mov eax, dword ptr fs:[00000030h]1_2_0163A2C3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A2C3 mov eax, dword ptr fs:[00000030h]1_2_0163A2C3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A2C3 mov eax, dword ptr fs:[00000030h]1_2_0163A2C3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A2C3 mov eax, dword ptr fs:[00000030h]1_2_0163A2C3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163A2C3 mov eax, dword ptr fs:[00000030h]1_2_0163A2C3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165B2C0 mov eax, dword ptr fs:[00000030h]1_2_0165B2C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165B2C0 mov eax, dword ptr fs:[00000030h]1_2_0165B2C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165B2C0 mov eax, dword ptr fs:[00000030h]1_2_0165B2C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165B2C0 mov eax, dword ptr fs:[00000030h]1_2_0165B2C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165B2C0 mov eax, dword ptr fs:[00000030h]1_2_0165B2C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165B2C0 mov eax, dword ptr fs:[00000030h]1_2_0165B2C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165B2C0 mov eax, dword ptr fs:[00000030h]1_2_0165B2C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016392C5 mov eax, dword ptr fs:[00000030h]1_2_016392C5
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016392C5 mov eax, dword ptr fs:[00000030h]1_2_016392C5
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162B2D3 mov eax, dword ptr fs:[00000030h]1_2_0162B2D3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162B2D3 mov eax, dword ptr fs:[00000030h]1_2_0162B2D3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162B2D3 mov eax, dword ptr fs:[00000030h]1_2_0162B2D3
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F2D0 mov eax, dword ptr fs:[00000030h]1_2_0165F2D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F2D0 mov eax, dword ptr fs:[00000030h]1_2_0165F2D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016402A0 mov eax, dword ptr fs:[00000030h]1_2_016402A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016402A0 mov eax, dword ptr fs:[00000030h]1_2_016402A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016452A0 mov eax, dword ptr fs:[00000030h]1_2_016452A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016452A0 mov eax, dword ptr fs:[00000030h]1_2_016452A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016452A0 mov eax, dword ptr fs:[00000030h]1_2_016452A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016452A0 mov eax, dword ptr fs:[00000030h]1_2_016452A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F92A6 mov eax, dword ptr fs:[00000030h]1_2_016F92A6
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F92A6 mov eax, dword ptr fs:[00000030h]1_2_016F92A6
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F92A6 mov eax, dword ptr fs:[00000030h]1_2_016F92A6
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016F92A6 mov eax, dword ptr fs:[00000030h]1_2_016F92A6
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C62A0 mov eax, dword ptr fs:[00000030h]1_2_016C62A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C62A0 mov ecx, dword ptr fs:[00000030h]1_2_016C62A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C62A0 mov eax, dword ptr fs:[00000030h]1_2_016C62A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C62A0 mov eax, dword ptr fs:[00000030h]1_2_016C62A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C62A0 mov eax, dword ptr fs:[00000030h]1_2_016C62A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C62A0 mov eax, dword ptr fs:[00000030h]1_2_016C62A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C72A0 mov eax, dword ptr fs:[00000030h]1_2_016C72A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C72A0 mov eax, dword ptr fs:[00000030h]1_2_016C72A0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B92BC mov eax, dword ptr fs:[00000030h]1_2_016B92BC
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B92BC mov eax, dword ptr fs:[00000030h]1_2_016B92BC
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B92BC mov ecx, dword ptr fs:[00000030h]1_2_016B92BC
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B92BC mov ecx, dword ptr fs:[00000030h]1_2_016B92BC
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E284 mov eax, dword ptr fs:[00000030h]1_2_0166E284
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E284 mov eax, dword ptr fs:[00000030h]1_2_0166E284
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B0283 mov eax, dword ptr fs:[00000030h]1_2_016B0283
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B0283 mov eax, dword ptr fs:[00000030h]1_2_016B0283
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B0283 mov eax, dword ptr fs:[00000030h]1_2_016B0283
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01705283 mov eax, dword ptr fs:[00000030h]1_2_01705283
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166329E mov eax, dword ptr fs:[00000030h]1_2_0166329E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166329E mov eax, dword ptr fs:[00000030h]1_2_0166329E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162B562 mov eax, dword ptr fs:[00000030h]1_2_0162B562
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166656A mov eax, dword ptr fs:[00000030h]1_2_0166656A
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166656A mov eax, dword ptr fs:[00000030h]1_2_0166656A
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166656A mov eax, dword ptr fs:[00000030h]1_2_0166656A
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166B570 mov eax, dword ptr fs:[00000030h]1_2_0166B570
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166B570 mov eax, dword ptr fs:[00000030h]1_2_0166B570
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01638550 mov eax, dword ptr fs:[00000030h]1_2_01638550
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01638550 mov eax, dword ptr fs:[00000030h]1_2_01638550
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EB52F mov eax, dword ptr fs:[00000030h]1_2_016EB52F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01705537 mov eax, dword ptr fs:[00000030h]1_2_01705537
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DF525 mov eax, dword ptr fs:[00000030h]1_2_016DF525
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DF525 mov eax, dword ptr fs:[00000030h]1_2_016DF525
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DF525 mov eax, dword ptr fs:[00000030h]1_2_016DF525
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DF525 mov eax, dword ptr fs:[00000030h]1_2_016DF525
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DF525 mov eax, dword ptr fs:[00000030h]1_2_016DF525
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DF525 mov eax, dword ptr fs:[00000030h]1_2_016DF525
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016DF525 mov eax, dword ptr fs:[00000030h]1_2_016DF525
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01640535 mov eax, dword ptr fs:[00000030h]1_2_01640535
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01640535 mov eax, dword ptr fs:[00000030h]1_2_01640535
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01640535 mov eax, dword ptr fs:[00000030h]1_2_01640535
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01640535 mov eax, dword ptr fs:[00000030h]1_2_01640535
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01640535 mov eax, dword ptr fs:[00000030h]1_2_01640535
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01640535 mov eax, dword ptr fs:[00000030h]1_2_01640535
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166D530 mov eax, dword ptr fs:[00000030h]1_2_0166D530
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166D530 mov eax, dword ptr fs:[00000030h]1_2_0166D530
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163D534 mov eax, dword ptr fs:[00000030h]1_2_0163D534
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163D534 mov eax, dword ptr fs:[00000030h]1_2_0163D534
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163D534 mov eax, dword ptr fs:[00000030h]1_2_0163D534
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163D534 mov eax, dword ptr fs:[00000030h]1_2_0163D534
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163D534 mov eax, dword ptr fs:[00000030h]1_2_0163D534
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163D534 mov eax, dword ptr fs:[00000030h]1_2_0163D534
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E53E mov eax, dword ptr fs:[00000030h]1_2_0165E53E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E53E mov eax, dword ptr fs:[00000030h]1_2_0165E53E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E53E mov eax, dword ptr fs:[00000030h]1_2_0165E53E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E53E mov eax, dword ptr fs:[00000030h]1_2_0165E53E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E53E mov eax, dword ptr fs:[00000030h]1_2_0165E53E
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01667505 mov eax, dword ptr fs:[00000030h]1_2_01667505
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01667505 mov ecx, dword ptr fs:[00000030h]1_2_01667505
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C6500 mov eax, dword ptr fs:[00000030h]1_2_016C6500
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01704500 mov eax, dword ptr fs:[00000030h]1_2_01704500
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01704500 mov eax, dword ptr fs:[00000030h]1_2_01704500
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01704500 mov eax, dword ptr fs:[00000030h]1_2_01704500
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01704500 mov eax, dword ptr fs:[00000030h]1_2_01704500
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01704500 mov eax, dword ptr fs:[00000030h]1_2_01704500
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01704500 mov eax, dword ptr fs:[00000030h]1_2_01704500
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01704500 mov eax, dword ptr fs:[00000030h]1_2_01704500
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E5E7 mov eax, dword ptr fs:[00000030h]1_2_0165E5E7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E5E7 mov eax, dword ptr fs:[00000030h]1_2_0165E5E7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E5E7 mov eax, dword ptr fs:[00000030h]1_2_0165E5E7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E5E7 mov eax, dword ptr fs:[00000030h]1_2_0165E5E7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E5E7 mov eax, dword ptr fs:[00000030h]1_2_0165E5E7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E5E7 mov eax, dword ptr fs:[00000030h]1_2_0165E5E7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E5E7 mov eax, dword ptr fs:[00000030h]1_2_0165E5E7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165E5E7 mov eax, dword ptr fs:[00000030h]1_2_0165E5E7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016325E0 mov eax, dword ptr fs:[00000030h]1_2_016325E0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166C5ED mov eax, dword ptr fs:[00000030h]1_2_0166C5ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166C5ED mov eax, dword ptr fs:[00000030h]1_2_0166C5ED
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515F4 mov eax, dword ptr fs:[00000030h]1_2_016515F4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515F4 mov eax, dword ptr fs:[00000030h]1_2_016515F4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515F4 mov eax, dword ptr fs:[00000030h]1_2_016515F4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515F4 mov eax, dword ptr fs:[00000030h]1_2_016515F4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515F4 mov eax, dword ptr fs:[00000030h]1_2_016515F4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515F4 mov eax, dword ptr fs:[00000030h]1_2_016515F4
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016655C0 mov eax, dword ptr fs:[00000030h]1_2_016655C0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017035D7 mov eax, dword ptr fs:[00000030h]1_2_017035D7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017035D7 mov eax, dword ptr fs:[00000030h]1_2_017035D7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017035D7 mov eax, dword ptr fs:[00000030h]1_2_017035D7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E5CF mov eax, dword ptr fs:[00000030h]1_2_0166E5CF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E5CF mov eax, dword ptr fs:[00000030h]1_2_0166E5CF
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016365D0 mov eax, dword ptr fs:[00000030h]1_2_016365D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166A5D0 mov eax, dword ptr fs:[00000030h]1_2_0166A5D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166A5D0 mov eax, dword ptr fs:[00000030h]1_2_0166A5D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_017055C9 mov eax, dword ptr fs:[00000030h]1_2_017055C9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AD5D0 mov eax, dword ptr fs:[00000030h]1_2_016AD5D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016AD5D0 mov ecx, dword ptr fs:[00000030h]1_2_016AD5D0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016595DA mov eax, dword ptr fs:[00000030h]1_2_016595DA
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B05A7 mov eax, dword ptr fs:[00000030h]1_2_016B05A7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B05A7 mov eax, dword ptr fs:[00000030h]1_2_016B05A7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016B05A7 mov eax, dword ptr fs:[00000030h]1_2_016B05A7
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515A9 mov eax, dword ptr fs:[00000030h]1_2_016515A9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515A9 mov eax, dword ptr fs:[00000030h]1_2_016515A9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515A9 mov eax, dword ptr fs:[00000030h]1_2_016515A9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515A9 mov eax, dword ptr fs:[00000030h]1_2_016515A9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016515A9 mov eax, dword ptr fs:[00000030h]1_2_016515A9
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EF5BE mov eax, dword ptr fs:[00000030h]1_2_016EF5BE
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016545B1 mov eax, dword ptr fs:[00000030h]1_2_016545B1
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016545B1 mov eax, dword ptr fs:[00000030h]1_2_016545B1
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F5B0 mov eax, dword ptr fs:[00000030h]1_2_0165F5B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F5B0 mov eax, dword ptr fs:[00000030h]1_2_0165F5B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F5B0 mov eax, dword ptr fs:[00000030h]1_2_0165F5B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F5B0 mov eax, dword ptr fs:[00000030h]1_2_0165F5B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F5B0 mov eax, dword ptr fs:[00000030h]1_2_0165F5B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F5B0 mov eax, dword ptr fs:[00000030h]1_2_0165F5B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F5B0 mov eax, dword ptr fs:[00000030h]1_2_0165F5B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F5B0 mov eax, dword ptr fs:[00000030h]1_2_0165F5B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165F5B0 mov eax, dword ptr fs:[00000030h]1_2_0165F5B0
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C35BA mov eax, dword ptr fs:[00000030h]1_2_016C35BA
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C35BA mov eax, dword ptr fs:[00000030h]1_2_016C35BA
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C35BA mov eax, dword ptr fs:[00000030h]1_2_016C35BA
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016C35BA mov eax, dword ptr fs:[00000030h]1_2_016C35BA
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01632582 mov eax, dword ptr fs:[00000030h]1_2_01632582
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01632582 mov ecx, dword ptr fs:[00000030h]1_2_01632582
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162758F mov eax, dword ptr fs:[00000030h]1_2_0162758F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162758F mov eax, dword ptr fs:[00000030h]1_2_0162758F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162758F mov eax, dword ptr fs:[00000030h]1_2_0162758F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01664588 mov eax, dword ptr fs:[00000030h]1_2_01664588
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E59C mov eax, dword ptr fs:[00000030h]1_2_0166E59C
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016BB594 mov eax, dword ptr fs:[00000030h]1_2_016BB594
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016BB594 mov eax, dword ptr fs:[00000030h]1_2_016BB594
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01631460 mov eax, dword ptr fs:[00000030h]1_2_01631460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01631460 mov eax, dword ptr fs:[00000030h]1_2_01631460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01631460 mov eax, dword ptr fs:[00000030h]1_2_01631460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01631460 mov eax, dword ptr fs:[00000030h]1_2_01631460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_01631460 mov eax, dword ptr fs:[00000030h]1_2_01631460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164F460 mov eax, dword ptr fs:[00000030h]1_2_0164F460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164F460 mov eax, dword ptr fs:[00000030h]1_2_0164F460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164F460 mov eax, dword ptr fs:[00000030h]1_2_0164F460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164F460 mov eax, dword ptr fs:[00000030h]1_2_0164F460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164F460 mov eax, dword ptr fs:[00000030h]1_2_0164F460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0164F460 mov eax, dword ptr fs:[00000030h]1_2_0164F460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016BC460 mov ecx, dword ptr fs:[00000030h]1_2_016BC460
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0170547F mov eax, dword ptr fs:[00000030h]1_2_0170547F
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165A470 mov eax, dword ptr fs:[00000030h]1_2_0165A470
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165A470 mov eax, dword ptr fs:[00000030h]1_2_0165A470
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0165A470 mov eax, dword ptr fs:[00000030h]1_2_0165A470
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163B440 mov eax, dword ptr fs:[00000030h]1_2_0163B440
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163B440 mov eax, dword ptr fs:[00000030h]1_2_0163B440
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163B440 mov eax, dword ptr fs:[00000030h]1_2_0163B440
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163B440 mov eax, dword ptr fs:[00000030h]1_2_0163B440
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163B440 mov eax, dword ptr fs:[00000030h]1_2_0163B440
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0163B440 mov eax, dword ptr fs:[00000030h]1_2_0163B440
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E443 mov eax, dword ptr fs:[00000030h]1_2_0166E443
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E443 mov eax, dword ptr fs:[00000030h]1_2_0166E443
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E443 mov eax, dword ptr fs:[00000030h]1_2_0166E443
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E443 mov eax, dword ptr fs:[00000030h]1_2_0166E443
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E443 mov eax, dword ptr fs:[00000030h]1_2_0166E443
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E443 mov eax, dword ptr fs:[00000030h]1_2_0166E443
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E443 mov eax, dword ptr fs:[00000030h]1_2_0166E443
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0166E443 mov eax, dword ptr fs:[00000030h]1_2_0166E443
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_016EF453 mov eax, dword ptr fs:[00000030h]1_2_016EF453
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeCode function: 1_2_0162645D mov eax, dword ptr fs:[00000030h]1_2_0162645D
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtQuerySystemInformation: Direct from: 0x772748CCJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtQueryVolumeInformationFile: Direct from: 0x77272F2CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtOpenSection: Direct from: 0x77272E0CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtClose: Direct from: 0x77272B6C
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtReadVirtualMemory: Direct from: 0x77272E8CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtCreateKey: Direct from: 0x77272C6CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtSetInformationThread: Direct from: 0x77272B4CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtQueryAttributesFile: Direct from: 0x77272E6CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtAllocateVirtualMemory: Direct from: 0x772748ECJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtQueryInformationToken: Direct from: 0x77272CACJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtTerminateThread: Direct from: 0x77272FCCJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtOpenKeyEx: Direct from: 0x77272B9CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtDeviceIoControlFile: Direct from: 0x77272AECJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtAllocateVirtualMemory: Direct from: 0x77272BECJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtCreateFile: Direct from: 0x77272FECJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtOpenFile: Direct from: 0x77272DCCJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtWriteVirtualMemory: Direct from: 0x77272E3CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtMapViewOfSection: Direct from: 0x77272D1CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtResumeThread: Direct from: 0x772736ACJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtProtectVirtualMemory: Direct from: 0x77272F9CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtSetInformationProcess: Direct from: 0x77272C5CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtNotifyChangeKey: Direct from: 0x77273C2CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtCreateMutant: Direct from: 0x772735CCJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtSetInformationThread: Direct from: 0x772663F9Jump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtQueryInformationProcess: Direct from: 0x77272C26Jump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtResumeThread: Direct from: 0x77272FBCJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtCreateUserProcess: Direct from: 0x7727371CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtWriteVirtualMemory: Direct from: 0x7727490CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtAllocateVirtualMemory: Direct from: 0x77273C9CJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtAllocateVirtualMemory: Direct from: 0x77272BFCJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtReadFile: Direct from: 0x77272ADCJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtQuerySystemInformation: Direct from: 0x77272DFCJump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeNtDelayExecution: Direct from: 0x77272DDCJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeMemory written: C:\Users\user\Desktop\7zKn77RsRX.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: NULL target: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeSection loaded: NULL target: C:\Windows\SysWOW64\rekeywiz.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: NULL target: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: NULL target: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\rekeywiz.exeThread register set: target process: 2652Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\rekeywiz.exeThread APC queued: target process: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeProcess created: C:\Users\user\Desktop\7zKn77RsRX.exe "C:\Users\user\Desktop\7zKn77RsRX.exe"Jump to behavior
                Source: C:\Program Files (x86)\cugaDMuDnSgBzuICqisnqOwWvQWYlUpwfQIccxJwYkTYQHzeHzgcKDEMfUJoEDtLiBMrhVpfsjNQh\hPIFXCuRV9.exeProcess created: C:\Windows\SysWOW64\rekeywiz.exe "C:\Windows\SysWOW64\rekeywiz.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: hPIFXCuRV9.exe, 00000005.00000000.1649413171.0000000001281000.00000002.00000001.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000005.00000002.3786269419.0000000001280000.00000002.00000001.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000000.1808326008.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: hPIFXCuRV9.exe, 00000005.00000000.1649413171.0000000001281000.00000002.00000001.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000005.00000002.3786269419.0000000001280000.00000002.00000001.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000000.1808326008.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: hPIFXCuRV9.exe, 00000005.00000000.1649413171.0000000001281000.00000002.00000001.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000005.00000002.3786269419.0000000001280000.00000002.00000001.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000000.1808326008.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: hPIFXCuRV9.exe, 00000005.00000000.1649413171.0000000001281000.00000002.00000001.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000005.00000002.3786269419.0000000001280000.00000002.00000001.00040000.00000000.sdmp, hPIFXCuRV9.exe, 00000007.00000000.1808326008.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeQueries volume information: C:\Users\user\Desktop\7zKn77RsRX.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\7zKn77RsRX.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.7zKn77RsRX.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.7zKn77RsRX.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.3785605979.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1729468117.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3788440303.0000000004BA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3786668154.0000000000910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3786643946.00000000047F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1730366209.0000000001590000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3786884212.0000000004370000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1732619227.0000000003850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\rekeywiz.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\rekeywiz.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\rekeywiz.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.7zKn77RsRX.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.7zKn77RsRX.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.3785605979.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1729468117.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3788440303.0000000004BA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3786668154.0000000000910000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3786643946.00000000047F0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1730366209.0000000001590000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3786884212.0000000004370000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1732619227.0000000003850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1634649 Sample: 7zKn77RsRX.exe Startdate: 11/03/2025 Architecture: WINDOWS Score: 100 31 www.chivor.xyz 2->31 33 www.bitcoinescort.xyz 2->33 35 16 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Antivirus detection for URL or domain 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 53 5 other signatures 2->53 10 7zKn77RsRX.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\Users\user\AppData\...\7zKn77RsRX.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 7zKn77RsRX.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 hPIFXCuRV9.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 rekeywiz.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 hPIFXCuRV9.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.gariano.info 81.88.63.46, 54223, 54224, 54225 REGISTER-ASIT Italy 23->37 39 www.pekedge.top 66.29.133.199, 54227, 54228, 54229 ADVANTAGECOMUS United States 23->39 41 11 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.