Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UB BO 14-3-2025.exe

Overview

General Information

Sample name:UB BO 14-3-2025.exe
Analysis ID:1638841
MD5:9e63e5a68ef5a0d71810e71ab0ccfd38
SHA1:05946ede8cf54d3e7141e793d49fb285cf7e93fb
SHA256:31b78f85d2a1aa72f3ec47187d3ef589375825c0c3a4434649f874f3c7cb8cfd
Tags:exeuser-threatcat_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Found direct / indirect Syscall (likely to bypass EDR)
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • UB BO 14-3-2025.exe (PID: 7736 cmdline: "C:\Users\user\Desktop\UB BO 14-3-2025.exe" MD5: 9E63E5A68EF5A0D71810E71AB0CCFD38)
    • UB BO 14-3-2025.exe (PID: 7816 cmdline: "C:\Users\user\Desktop\UB BO 14-3-2025.exe" MD5: 9E63E5A68EF5A0D71810E71AB0CCFD38)
      • wN0oVYUN02oHqTQE.exe (PID: 6212 cmdline: "C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\fBli8pRFNHV.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
        • dxdiag.exe (PID: 2964 cmdline: "C:\Windows\SysWOW64\dxdiag.exe" MD5: 24D3F0DB6CCF0C341EA4F6B206DF2EDF)
          • wN0oVYUN02oHqTQE.exe (PID: 6292 cmdline: "C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\m6okWBv7.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)
          • firefox.exe (PID: 7840 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.3603275387.0000000002830000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.1655686357.0000000006DD0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000B.00000002.3605772473.0000000004F00000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000A.00000002.3603139931.00000000027D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000001.00000002.1579641780.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.UB BO 14-3-2025.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              1.2.UB BO 14-3-2025.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-14T20:47:06.356340+010028554651A Network Trojan was detected192.168.2.44972813.248.169.4880TCP
                2025-03-14T20:47:29.817997+010028554651A Network Trojan was detected192.168.2.44973213.248.169.4880TCP
                2025-03-14T20:47:43.064313+010028554651A Network Trojan was detected192.168.2.44973613.248.169.4880TCP
                2025-03-14T20:48:07.377478+010028554651A Network Trojan was detected192.168.2.44974013.248.169.4880TCP
                2025-03-14T20:48:20.938972+010028554651A Network Trojan was detected192.168.2.449744217.160.0.23680TCP
                2025-03-14T20:48:34.334911+010028554651A Network Trojan was detected192.168.2.449748209.74.77.23080TCP
                2025-03-14T20:48:47.678950+010028554651A Network Trojan was detected192.168.2.449752199.59.243.22880TCP
                2025-03-14T20:49:01.821552+010028554651A Network Trojan was detected192.168.2.449756107.148.6.14580TCP
                2025-03-14T20:49:15.155735+010028554651A Network Trojan was detected192.168.2.44976013.248.169.4880TCP
                2025-03-14T20:49:28.986782+010028554651A Network Trojan was detected192.168.2.449764188.114.97.380TCP
                2025-03-14T20:49:51.144022+010028554651A Network Trojan was detected192.168.2.4497683.33.130.19080TCP
                2025-03-14T20:50:06.071945+010028554651A Network Trojan was detected192.168.2.44977213.248.169.4880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-14T20:46:12.496251+010028554641A Network Trojan was detected192.168.2.44977513.248.169.4880TCP
                2025-03-14T20:47:22.949551+010028554641A Network Trojan was detected192.168.2.44972913.248.169.4880TCP
                2025-03-14T20:47:24.467744+010028554641A Network Trojan was detected192.168.2.44973013.248.169.4880TCP
                2025-03-14T20:47:27.151677+010028554641A Network Trojan was detected192.168.2.44973113.248.169.4880TCP
                2025-03-14T20:47:35.675457+010028554641A Network Trojan was detected192.168.2.44973313.248.169.4880TCP
                2025-03-14T20:47:38.030662+010028554641A Network Trojan was detected192.168.2.44973413.248.169.4880TCP
                2025-03-14T20:47:40.466819+010028554641A Network Trojan was detected192.168.2.44973513.248.169.4880TCP
                2025-03-14T20:47:56.795663+010028554641A Network Trojan was detected192.168.2.44973713.248.169.4880TCP
                2025-03-14T20:48:00.230660+010028554641A Network Trojan was detected192.168.2.44973813.248.169.4880TCP
                2025-03-14T20:48:01.833032+010028554641A Network Trojan was detected192.168.2.44973913.248.169.4880TCP
                2025-03-14T20:48:13.117459+010028554641A Network Trojan was detected192.168.2.449741217.160.0.23680TCP
                2025-03-14T20:48:15.858817+010028554641A Network Trojan was detected192.168.2.449742217.160.0.23680TCP
                2025-03-14T20:48:18.375867+010028554641A Network Trojan was detected192.168.2.449743217.160.0.23680TCP
                2025-03-14T20:48:26.675889+010028554641A Network Trojan was detected192.168.2.449745209.74.77.23080TCP
                2025-03-14T20:48:29.221653+010028554641A Network Trojan was detected192.168.2.449746209.74.77.23080TCP
                2025-03-14T20:48:31.856032+010028554641A Network Trojan was detected192.168.2.449747209.74.77.23080TCP
                2025-03-14T20:48:40.000204+010028554641A Network Trojan was detected192.168.2.449749199.59.243.22880TCP
                2025-03-14T20:48:42.507873+010028554641A Network Trojan was detected192.168.2.449750199.59.243.22880TCP
                2025-03-14T20:48:45.212387+010028554641A Network Trojan was detected192.168.2.449751199.59.243.22880TCP
                2025-03-14T20:48:54.118865+010028554641A Network Trojan was detected192.168.2.449753107.148.6.14580TCP
                2025-03-14T20:48:56.731069+010028554641A Network Trojan was detected192.168.2.449754107.148.6.14580TCP
                2025-03-14T20:48:59.474747+010028554641A Network Trojan was detected192.168.2.449755107.148.6.14580TCP
                2025-03-14T20:49:07.628581+010028554641A Network Trojan was detected192.168.2.44975713.248.169.4880TCP
                2025-03-14T20:49:10.002261+010028554641A Network Trojan was detected192.168.2.44975813.248.169.4880TCP
                2025-03-14T20:49:12.582778+010028554641A Network Trojan was detected192.168.2.44975913.248.169.4880TCP
                2025-03-14T20:49:21.730923+010028554641A Network Trojan was detected192.168.2.449761188.114.97.380TCP
                2025-03-14T20:49:23.936118+010028554641A Network Trojan was detected192.168.2.449762188.114.97.380TCP
                2025-03-14T20:49:26.826578+010028554641A Network Trojan was detected192.168.2.449763188.114.97.380TCP
                2025-03-14T20:49:42.863851+010028554641A Network Trojan was detected192.168.2.4497653.33.130.19080TCP
                2025-03-14T20:49:45.361889+010028554641A Network Trojan was detected192.168.2.4497663.33.130.19080TCP
                2025-03-14T20:49:47.820762+010028554641A Network Trojan was detected192.168.2.4497673.33.130.19080TCP
                2025-03-14T20:49:57.809331+010028554641A Network Trojan was detected192.168.2.44976913.248.169.4880TCP
                2025-03-14T20:49:59.380827+010028554641A Network Trojan was detected192.168.2.44977013.248.169.4880TCP
                2025-03-14T20:50:02.903007+010028554641A Network Trojan was detected192.168.2.44977113.248.169.4880TCP
                2025-03-14T20:50:11.621776+010028554641A Network Trojan was detected192.168.2.44977313.248.169.4880TCP
                2025-03-14T20:50:14.156232+010028554641A Network Trojan was detected192.168.2.44977413.248.169.4880TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: UB BO 14-3-2025.exeAvira: detected
                Antivirus detection for URL or domain
                Source: http://www.thisisnonft.studio/n045/?ST=Kg1/aFpGKMnhVBELvCPlibmeqf8M35bzleOSUoobpbOI+fIV4I892KjJed3c+mujHuz90NdIU5GCAy6IeTvEYGUGwB+ydcZK8QQg7SB1/eFctOOO4w9LWAk=&QHH0=0VzpAvira URL Cloud: Label: malware
                Source: http://www.thisisnonft.studio/n045/Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: UB BO 14-3-2025.exeVirustotal: Detection: 43%Perma Link
                Source: UB BO 14-3-2025.exeReversingLabs: Detection: 50%
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.UB BO 14-3-2025.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.UB BO 14-3-2025.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3603275387.0000000002830000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1655686357.0000000006DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3605772473.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3603139931.00000000027D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1579641780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3602699303.00000000004B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1581301092.0000000001DA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3604268423.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Joe Sandbox ML detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: UB BO 14-3-2025.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: UB BO 14-3-2025.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: dxdiag.pdbGCTL source: wN0oVYUN02oHqTQE.exe, 00000009.00000002.3603567301.000000000156E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: UB BO 14-3-2025.exe, 00000001.00000002.1580023195.0000000001990000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000003.1582288667.000000000430C000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000002.3604571161.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000002.3604571161.000000000465E000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000003.1579997677.0000000004151000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: dxdiag.pdb source: wN0oVYUN02oHqTQE.exe, 00000009.00000002.3603567301.000000000156E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: UB BO 14-3-2025.exe, UB BO 14-3-2025.exe, 00000001.00000002.1580023195.0000000001990000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, dxdiag.exe, 0000000A.00000003.1582288667.000000000430C000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000002.3604571161.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000002.3604571161.000000000465E000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000003.1579997677.0000000004151000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: wN0oVYUN02oHqTQE.exe, 00000009.00000002.3602695168.00000000003BF000.00000002.00000001.01000000.0000000C.sdmp, wN0oVYUN02oHqTQE.exe, 0000000B.00000000.1651536628.00000000003BF000.00000002.00000001.01000000.0000000C.sdmp
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004CC9E0 FindFirstFileW,FindNextFileW,FindClose,10_2_004CC9E0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 4x nop then xor esi, esi1_2_00418AEA
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 4x nop then xor eax, eax10_2_004B9F10
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 4x nop then mov ebx, 00000004h10_2_043E04DF

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49755 -> 107.148.6.145:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49748 -> 209.74.77.230:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49744 -> 217.160.0.236:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49759 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49739 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49728 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49753 -> 107.148.6.145:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49735 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49734 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49751 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49732 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49745 -> 209.74.77.230:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49740 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49765 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49766 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49752 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49773 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49767 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49736 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49768 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49749 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49750 -> 199.59.243.228:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49763 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49730 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49742 -> 217.160.0.236:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49772 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49762 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49770 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49756 -> 107.148.6.145:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49729 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49771 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49741 -> 217.160.0.236:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49761 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49733 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49743 -> 217.160.0.236:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49774 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49758 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49737 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49757 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49731 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49754 -> 107.148.6.145:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49760 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49769 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49764 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49738 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49746 -> 209.74.77.230:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49747 -> 209.74.77.230:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49775 -> 13.248.169.48:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.seekmeme.xyz
                Source: DNS query: www.myfort.xyz
                Source: DNS query: www.blockchaintourism.xyz
                Source: DNS query: www.persembunyian.xyz
                Source: DNS query: www.kantad.xyz
                Source: DNS query: www.tether1.xyz
                Source: DNS query: www.furacao.xyz
                Source: DNS query: www.drlara.xyz
                Source: DNS query: www.bawiin.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 209.74.77.230 209.74.77.230
                Source: Joe Sandbox ViewASN Name: PEGTECHINCUS PEGTECHINCUS
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /jnjq/?QHH0=0Vzp&ST=fYRBpq79/vdLM/DQgUTaIu39HZeemTjl68e08EeOFQJvBUWO3am1R+W+phJmgy/s/r3iuW7pGCpbnyWZa3Gh/Jt9fH8FyswI9zU5bOdUB9eNR2ELpbTcr/c= HTTP/1.1Host: www.seekmeme.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /regg/?ST=PAmcXzTqSfUijjzYizmRdyyNroiEs381c3IHYjA8Krt584xkA/rjcOMKFKFzXd5oQDUyuOhJZTtnd+0gRL9ojEc34jVk4gBowQlz11ktJB7G5bPvd7iRGfg=&QHH0=0Vzp HTTP/1.1Host: www.myfort.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /t3sb/?ST=HEteVdb0loX9TCJX12IXpRZWBzpB+8imQfLEmfsRQz8PUBwhHxoP95aVQBoW2e/8thx8RB/zzSUPBfvuAUDaW+g1j8/5EACJC1jNxddv4bZyLwyPUddzVEk=&QHH0=0Vzp HTTP/1.1Host: www.blockchaintourism.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /bi7u/?QHH0=0Vzp&ST=nHws1j0sm5LWhKJWs7f/0V/F2YNzIomF8923TJe5xzXsLv8edAM+FUf+gOM1c/pFatMF3UDmCvERFe3bt+SyiH5iHV2NfQl0G44LqKDqNx01qHGn/w051PY= HTTP/1.1Host: www.iooe.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /n045/?ST=Kg1/aFpGKMnhVBELvCPlibmeqf8M35bzleOSUoobpbOI+fIV4I892KjJed3c+mujHuz90NdIU5GCAy6IeTvEYGUGwB+ydcZK8QQg7SB1/eFctOOO4w9LWAk=&QHH0=0Vzp HTTP/1.1Host: www.thisisnonft.studioAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /zhv2/?QHH0=0Vzp&ST=dDSKm3gEoRYza6KN/VfMA9PgMjG6OnjXV+uzWu228M6JzN3Pvry6D8nAjFeivr8BLh4TFOP1Uj2+Tn25f8DVx85JanCr0HxXFD0uZiNXpGsO2yVtum6m4Ro= HTTP/1.1Host: www.thriay.websiteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /x6ep/?ST=T32mkHhYAlDJyMIvAtBcxVB63jRgJVB53CrBP/3sN9QNlPQDRbZAJkxC5z+ku75vBkQpYxnkW8kZgrxJCLfFq0nesq6LgqEnux/H9kGpA2hvdqALFMr2fSE=&QHH0=0Vzp HTTP/1.1Host: www.gane4.latAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /ij9y/?QHH0=0Vzp&ST=LIb/uEPn3lmrqfsoYgv3+Eg86u1UejI+02hK0TSGrwRYZJ3EF/TIBXPgi0s5v7w1XQ5TaOVn95AhXneeny4weeC0gQX1yueNkZr5uhf3QzUJsm72YWSzCgY= HTTP/1.1Host: www.10134.appAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /2kmu/?ST=JcbGVkyLHk7wbXdvsc4W2JzAGYwhQknpm41F3OM3CJfGfheODZEGFIK9J0d9CWKa2BXzqygSoakPLEpaLUVucqkzeJfbnXU7eitllwMB4qTuLXBKvVV+clI=&QHH0=0Vzp HTTP/1.1Host: www.kantad.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /focp/?QHH0=0Vzp&ST=mXJHtAZSrcMVNAYe0Kfq2FJYJcD6dFMzhzcfA/LZkfgqhdihAxT3aslAf9nOYajIz7QizkjlvIUHcb1FopIoHD46K0qUy9lf5cyl621RCgAfM4tktgk7yEk= HTTP/1.1Host: www.tether1.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /mbjv/?ST=5qUXdsyzVae3u/R+YEe1fYuJ83bpRvNcm4gvK8eGl2rHQDMBjzLvTzE75Mlc27Grgu3TUA1LZ1fwZl+kwnQTKUwk1NID1z97tq4+dhRS0Dv1UoS5sw0dYQg=&QHH0=0Vzp HTTP/1.1Host: www.ylv.mediaAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficHTTP traffic detected: GET /mhbk/?ST=uO2wLjIG0b4Su6/7UmmHPNwODugTdFKX97SIZogVbo5+e7EyyTKvOuKHK9kJs5pDbWJlx2sesrX2UqKYhYH+uWJdYv1vcdF+feVRVqghtfo4VFxZ9io1+W8=&QHH0=0Vzp HTTP/1.1Host: www.drlara.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)
                Source: global trafficDNS traffic detected: DNS query: www.seekmeme.xyz
                Source: global trafficDNS traffic detected: DNS query: www.myfort.xyz
                Source: global trafficDNS traffic detected: DNS query: www.blockchaintourism.xyz
                Source: global trafficDNS traffic detected: DNS query: www.persembunyian.xyz
                Source: global trafficDNS traffic detected: DNS query: www.iooe.net
                Source: global trafficDNS traffic detected: DNS query: www.thisisnonft.studio
                Source: global trafficDNS traffic detected: DNS query: www.thriay.website
                Source: global trafficDNS traffic detected: DNS query: www.gane4.lat
                Source: global trafficDNS traffic detected: DNS query: www.10134.app
                Source: global trafficDNS traffic detected: DNS query: www.kantad.xyz
                Source: global trafficDNS traffic detected: DNS query: www.tether1.xyz
                Source: global trafficDNS traffic detected: DNS query: www.furacao.xyz
                Source: global trafficDNS traffic detected: DNS query: www.ylv.media
                Source: global trafficDNS traffic detected: DNS query: www.drlara.xyz
                Source: global trafficDNS traffic detected: DNS query: www.bawiin.xyz
                Source: unknownHTTP traffic detected: POST /regg/ HTTP/1.1Host: www.myfort.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brConnection: closeContent-Length: 199Cache-Control: no-cacheContent-Type: application/x-www-form-urlencodedOrigin: http://www.myfort.xyzReferer: http://www.myfort.xyz/regg/User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; Tablet PC 2.0; BRI/2; .NET4.0E)Data Raw: 53 54 3d 43 43 4f 38 55 46 66 58 51 65 41 77 38 44 6e 72 69 7a 65 36 5a 6a 75 31 71 49 36 78 6b 57 67 4a 64 33 77 43 51 41 38 65 42 4a 63 62 69 62 74 78 4f 65 6a 4e 43 4e 34 30 44 75 4a 76 47 76 64 63 58 6a 35 42 76 63 46 66 5a 7a 4e 73 4b 4b 77 38 52 38 31 34 6c 58 30 55 31 55 6b 42 73 41 35 37 7a 41 78 6e 79 56 6b 36 48 7a 2f 57 32 63 44 4d 61 34 61 51 4b 71 36 56 73 65 6c 67 57 48 6b 7a 35 62 2f 6c 34 56 4e 42 6a 78 4c 37 75 72 4b 47 39 6b 4b 6a 2b 36 2b 68 38 67 4f 69 63 66 77 6c 38 66 54 6c 6f 36 76 71 4a 75 55 74 61 33 4e 39 71 76 33 4c 47 31 38 54 59 6f 4f 73 47 44 45 74 72 41 3d 3d Data Ascii: ST=CCO8UFfXQeAw8Dnrize6Zju1qI6xkWgJd3wCQA8eBJcbibtxOejNCN40DuJvGvdcXj5BvcFfZzNsKKw8R814lX0U1UkBsA57zAxnyVk6Hz/W2cDMa4aQKq6VselgWHkz5b/l4VNBjxL7urKG9kKj+6+h8gOicfwl8fTlo6vqJuUta3N9qv3LG18TYoOsGDEtrA==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 100X-WS-RateLimit-Remaining: 99Date: Fri, 14 Mar 2025 19:48:13 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 100X-WS-RateLimit-Remaining: 99Date: Fri, 14 Mar 2025 19:48:15 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 100X-WS-RateLimit-Remaining: 99Date: Fri, 14 Mar 2025 19:48:18 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 837Connection: closeX-WS-RateLimit-Limit: 100X-WS-RateLimit-Remaining: 99Date: Fri, 14 Mar 2025 19:48:20 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 4c 65 20 66 69 63 68 69 65 72 20 72 65 71 75 69 73 20 6e 27 61 20 70 61 73 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 74 72 6f 75 76 26 65 61 63 75 74 65 3b 2e 0a 49 6c 20 70 65 75 74 20 73 27 61 67 69 72 20 64 27 75 6e 65 20 65 72 72 65 75 72 20 74 65 63 68 6e 69 71 75 65 2e 20 56 65 75 69 6c 6c 65 7a 20 72 26 65 61 63 75 74 65 3b 65 73 73 61 79 65 72 20 75 6c 74 26 65 61 63 75 74 65 3b 72 69 65 75 72 65 6d 65 6e 74 2e 20 53 69 20 76 6f 75 73 20 6e 65 20 70 6f 75 76 65 7a 20 70 61 73 20 61 63 63 26 65 61 63 75 74 65 3b 64 65 72 20 61 75 20 66 69 63 68 69 65 72 20 61 70 72 26 65 67 72 61 76 65 3b 73 20 70 6c 75 73 69 65 75 72 73 20 74 65 6e 74 61 74 69 76 65 73 2c 20 63 65 6c 61 20 73 69 67 6e 69 66 69 65 20 71 75 27 69 6c 20 61 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 73 75 70 70 72 69 6d 26 65 61 63 75 74 65 3b 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Mar 2025 19:48:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Mar 2025 19:48:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Mar 2025 19:48:31 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Mar 2025 19:48:34 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Mar 2025 19:48:53 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66706af2-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Mar 2025 19:48:56 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66706af2-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Mar 2025 19:48:59 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66706af2-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Mar 2025 19:49:01 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "66706af2-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: wN0oVYUN02oHqTQE.exe, 0000000B.00000002.3605772473.0000000004F55000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bawiin.xyz
                Source: wN0oVYUN02oHqTQE.exe, 0000000B.00000002.3605772473.0000000004F55000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bawiin.xyz/ys2n/
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152374384.0000000006416000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmV
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1152695342.0000000007DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: dxdiag.exe, 0000000A.00000002.3606447463.00000000076B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
                Source: dxdiag.exe, 0000000A.00000002.3606447463.00000000076B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: dxdiag.exe, 0000000A.00000002.3606447463.00000000076B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: dxdiag.exe, 0000000A.00000002.3606447463.00000000076B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: dxdiag.exe, 0000000A.00000002.3606447463.00000000076B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: dxdiag.exe, 0000000A.00000002.3606447463.00000000076B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: dxdiag.exe, 0000000A.00000002.3606447463.00000000076B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
                Source: dxdiag.exe, 0000000A.00000002.3606447463.00000000076B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: dxdiag.exe, 0000000A.00000002.3603377189.00000000028DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: dxdiag.exe, 0000000A.00000002.3603377189.00000000028DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: dxdiag.exe, 0000000A.00000002.3603377189.00000000028DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: dxdiag.exe, 0000000A.00000003.1760341578.000000000769D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: dxdiag.exe, 0000000A.00000002.3606447463.00000000076B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
                Source: dxdiag.exe, 0000000A.00000002.3604908230.0000000005A12000.00000004.10000000.00040000.00000000.sdmp, dxdiag.exe, 0000000A.00000002.3606289632.0000000007390000.00000004.00000800.00020000.00000000.sdmp, wN0oVYUN02oHqTQE.exe, 0000000B.00000002.3604451450.00000000039B2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: dxdiag.exe, 0000000A.00000002.3606447463.00000000076B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.UB BO 14-3-2025.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.UB BO 14-3-2025.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3603275387.0000000002830000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1655686357.0000000006DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3605772473.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3603139931.00000000027D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1579641780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3602699303.00000000004B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1581301092.0000000001DA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3604268423.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                .NET source code contains very large array initializations
                Source: UB BO 14-3-2025.exe, DataGridViewFarsiDatePickerColumn.csLarge array initialization: : array initializer size 659366
                Source: 10.2.dxdiag.exe.4b2cd14.2.raw.unpack, DataGridViewFarsiDatePickerColumn.csLarge array initialization: : array initializer size 659366
                Source: 11.2.wN0oVYUN02oHqTQE.exe.2accd14.1.raw.unpack, DataGridViewFarsiDatePickerColumn.csLarge array initialization: : array initializer size 659366
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_0042CC13 NtClose,1_2_0042CC13
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02B60 NtClose,LdrInitializeThunk,1_2_01A02B60
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_01A02DF0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02C70 NtFreeVirtualMemory,LdrInitializeThunk,1_2_01A02C70
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A035C0 NtCreateMutant,LdrInitializeThunk,1_2_01A035C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A04340 NtSetContextThread,1_2_01A04340
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A04650 NtSuspendThread,1_2_01A04650
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02BA0 NtEnumerateValueKey,1_2_01A02BA0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02B80 NtQueryInformationFile,1_2_01A02B80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02BE0 NtQueryValueKey,1_2_01A02BE0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02BF0 NtAllocateVirtualMemory,1_2_01A02BF0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02AB0 NtWaitForSingleObject,1_2_01A02AB0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02AF0 NtWriteFile,1_2_01A02AF0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02AD0 NtReadFile,1_2_01A02AD0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02DB0 NtEnumerateKey,1_2_01A02DB0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02DD0 NtDelayExecution,1_2_01A02DD0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02D30 NtUnmapViewOfSection,1_2_01A02D30
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02D00 NtSetInformationFile,1_2_01A02D00
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02D10 NtMapViewOfSection,1_2_01A02D10
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02CA0 NtQueryInformationToken,1_2_01A02CA0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02CF0 NtOpenProcess,1_2_01A02CF0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02CC0 NtQueryVirtualMemory,1_2_01A02CC0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02C00 NtQueryInformationProcess,1_2_01A02C00
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02C60 NtCreateKey,1_2_01A02C60
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02FA0 NtQuerySection,1_2_01A02FA0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02FB0 NtResumeThread,1_2_01A02FB0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02F90 NtProtectVirtualMemory,1_2_01A02F90
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02FE0 NtCreateFile,1_2_01A02FE0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02F30 NtCreateSection,1_2_01A02F30
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02F60 NtCreateProcessEx,1_2_01A02F60
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02EA0 NtAdjustPrivilegesToken,1_2_01A02EA0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02E80 NtReadVirtualMemory,1_2_01A02E80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02EE0 NtQueueApcThread,1_2_01A02EE0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02E30 NtWriteVirtualMemory,1_2_01A02E30
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A03090 NtSetValueKey,1_2_01A03090
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A03010 NtOpenDirectoryObject,1_2_01A03010
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A039B0 NtGetContextThread,1_2_01A039B0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A03D10 NtOpenProcessToken,1_2_01A03D10
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A03D70 NtOpenThread,1_2_01A03D70
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04534650 NtSuspendThread,LdrInitializeThunk,10_2_04534650
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04534340 NtSetContextThread,LdrInitializeThunk,10_2_04534340
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_04532C70
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532C60 NtCreateKey,LdrInitializeThunk,10_2_04532C60
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532CA0 NtQueryInformationToken,LdrInitializeThunk,10_2_04532CA0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532D10 NtMapViewOfSection,LdrInitializeThunk,10_2_04532D10
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532D30 NtUnmapViewOfSection,LdrInitializeThunk,10_2_04532D30
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532DD0 NtDelayExecution,LdrInitializeThunk,10_2_04532DD0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_04532DF0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532EE0 NtQueueApcThread,LdrInitializeThunk,10_2_04532EE0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532E80 NtReadVirtualMemory,LdrInitializeThunk,10_2_04532E80
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532F30 NtCreateSection,LdrInitializeThunk,10_2_04532F30
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532FE0 NtCreateFile,LdrInitializeThunk,10_2_04532FE0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532FB0 NtResumeThread,LdrInitializeThunk,10_2_04532FB0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532AD0 NtReadFile,LdrInitializeThunk,10_2_04532AD0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532AF0 NtWriteFile,LdrInitializeThunk,10_2_04532AF0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532B60 NtClose,LdrInitializeThunk,10_2_04532B60
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532BF0 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_04532BF0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532BE0 NtQueryValueKey,LdrInitializeThunk,10_2_04532BE0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532BA0 NtEnumerateValueKey,LdrInitializeThunk,10_2_04532BA0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045335C0 NtCreateMutant,LdrInitializeThunk,10_2_045335C0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045339B0 NtGetContextThread,LdrInitializeThunk,10_2_045339B0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532C00 NtQueryInformationProcess,10_2_04532C00
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532CC0 NtQueryVirtualMemory,10_2_04532CC0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532CF0 NtOpenProcess,10_2_04532CF0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532D00 NtSetInformationFile,10_2_04532D00
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532DB0 NtEnumerateKey,10_2_04532DB0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532E30 NtWriteVirtualMemory,10_2_04532E30
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532EA0 NtAdjustPrivilegesToken,10_2_04532EA0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532F60 NtCreateProcessEx,10_2_04532F60
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532F90 NtProtectVirtualMemory,10_2_04532F90
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532FA0 NtQuerySection,10_2_04532FA0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532AB0 NtWaitForSingleObject,10_2_04532AB0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04532B80 NtQueryInformationFile,10_2_04532B80
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04533010 NtOpenDirectoryObject,10_2_04533010
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04533090 NtSetValueKey,10_2_04533090
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04533D70 NtOpenThread,10_2_04533D70
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04533D10 NtOpenProcessToken,10_2_04533D10
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004D9570 NtCreateFile,10_2_004D9570
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004D96E0 NtReadFile,10_2_004D96E0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004D97D0 NtDeleteFile,10_2_004D97D0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004D9870 NtClose,10_2_004D9870
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004D99D0 NtAllocateVirtualMemory,10_2_004D99D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 0_2_084E00400_2_084E0040
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 0_2_084EEB000_2_084EEB00
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 0_2_084E00060_2_084E0006
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 0_2_084EE6A80_2_084EE6A8
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00418B531_2_00418B53
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_004031001_2_00403100
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_0042F2431_2_0042F243
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00402BC01_2_00402BC0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_004103B31_2_004103B3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00402BB31_2_00402BB3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00416D631_2_00416D63
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00416D681_2_00416D68
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_0040250C1_2_0040250C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_004025101_2_00402510
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_0040E5C31_2_0040E5C3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_004105D31_2_004105D3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_0040E5BA1_2_0040E5BA
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00402EA01_2_00402EA0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_0040E70E1_2_0040E70E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_0040E7131_2_0040E713
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A901AA1_2_01A901AA
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A841A21_2_01A841A2
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A881CC1_2_01A881CC
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C01001_2_019C0100
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6A1181_2_01A6A118
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A581581_2_01A58158
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A620001_2_01A62000
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A903E61_2_01A903E6
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DE3F01_2_019DE3F0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8A3521_2_01A8A352
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A502C01_2_01A502C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A702741_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A905911_2_01A90591
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D05351_2_019D0535
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A7E4F61_2_01A7E4F6
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A744201_2_01A74420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A824461_2_01A82446
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CC7C01_2_019CC7C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F47501_2_019F4750
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D07701_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EC6E01_2_019EC6E0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A9A9A61_2_01A9A9A6
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A01_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E69621_2_019E6962
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B68B81_2_019B68B8
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE8F01_2_019FE8F0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DA8401_2_019DA840
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D28401_2_019D2840
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A86BD71_2_01A86BD7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8AB401_2_01A8AB40
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CEA801_2_019CEA80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E8DBF1_2_019E8DBF
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CADE01_2_019CADE0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DAD001_2_019DAD00
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6CD1F1_2_01A6CD1F
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70CB51_2_01A70CB5
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C0CF21_2_019C0CF2
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0C001_2_019D0C00
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4EFA01_2_01A4EFA0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C2FC81_2_019C2FC8
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DCFE01_2_019DCFE0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A12F281_2_01A12F28
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A72F301_2_01A72F30
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F0F301_2_019F0F30
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A44F401_2_01A44F40
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E2E901_2_019E2E90
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8CE931_2_01A8CE93
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8EEDB1_2_01A8EEDB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8EE261_2_01A8EE26
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0E591_2_019D0E59
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DB1B01_2_019DB1B0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A9B16B1_2_01A9B16B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A0516C1_2_01A0516C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BF1721_2_019BF172
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A870E91_2_01A870E9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8F0E01_2_01A8F0E0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D70C01_2_019D70C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A7F0CC1_2_01A7F0CC
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A1739A1_2_01A1739A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8132D1_2_01A8132D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BD34C1_2_019BD34C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D52A01_2_019D52A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A712ED1_2_01A712ED
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EB2C01_2_019EB2C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6D5B01_2_01A6D5B0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A995C31_2_01A995C3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A875711_2_01A87571
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8F43F1_2_01A8F43F
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C14601_2_019C1460
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8F7B01_2_01A8F7B0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A816CC1_2_01A816CC
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A156301_2_01A15630
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A659101_2_01A65910
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D99501_2_019D9950
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EB9501_2_019EB950
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D38E01_2_019D38E0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3D8001_2_01A3D800
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EFB801_2_019EFB80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A45BF01_2_01A45BF0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A0DBF91_2_01A0DBF9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8FB761_2_01A8FB76
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A15AA01_2_01A15AA0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A71AA31_2_01A71AA3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6DAAC1_2_01A6DAAC
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A7DAC61_2_01A7DAC6
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A43A6C1_2_01A43A6C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8FA491_2_01A8FA49
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A87A461_2_01A87A46
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EFDC01_2_019EFDC0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A87D731_2_01A87D73
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D3D401_2_019D3D40
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A81D5A1_2_01A81D5A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8FCF21_2_01A8FCF2
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A49C321_2_01A49C32
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D1F921_2_019D1F92
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8FFB11_2_01A8FFB1
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01993FD21_2_01993FD2
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01993FD51_2_01993FD5
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8FF091_2_01A8FF09
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D9EB01_2_019D9EB0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B244610_2_045B2446
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045A442010_2_045A4420
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045AE4F610_2_045AE4F6
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0450053510_2_04500535
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045C059110_2_045C0591
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0451C6E010_2_0451C6E0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0452475010_2_04524750
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0450077010_2_04500770
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0459200010_2_04592000
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0458815810_2_04588158
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0459A11810_2_0459A118
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044F010010_2_044F0100
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B81CC10_2_045B81CC
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045C01AA10_2_045C01AA
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B41A210_2_045B41A2
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045A027410_2_045A0274
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045802C010_2_045802C0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BA35210_2_045BA352
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0450E3F010_2_0450E3F0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045C03E610_2_045C03E6
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04500C0010_2_04500C00
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044F0CF210_2_044F0CF2
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045A0CB510_2_045A0CB5
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0459CD1F10_2_0459CD1F
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0450AD0010_2_0450AD00
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044FADE010_2_044FADE0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04518DBF10_2_04518DBF
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04500E5910_2_04500E59
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BEE2610_2_045BEE26
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BEEDB10_2_045BEEDB
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04512E9010_2_04512E90
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BCE9310_2_045BCE93
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04574F4010_2_04574F40
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04520F3010_2_04520F30
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045A2F3010_2_045A2F30
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04542F2810_2_04542F28
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044F2FC810_2_044F2FC8
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0450CFE010_2_0450CFE0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0457EFA010_2_0457EFA0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0450A84010_2_0450A840
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0450284010_2_04502840
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0452E8F010_2_0452E8F0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044E68B810_2_044E68B8
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0451696210_2_04516962
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045029A010_2_045029A0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045CA9A610_2_045CA9A6
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044FEA8010_2_044FEA80
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BAB4010_2_045BAB40
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B6BD710_2_045B6BD7
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044F146010_2_044F1460
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BF43F10_2_045BF43F
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B757110_2_045B7571
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045C95C310_2_045C95C3
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0459D5B010_2_0459D5B0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0454563010_2_04545630
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B16CC10_2_045B16CC
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BF7B010_2_045BF7B0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045070C010_2_045070C0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045AF0CC10_2_045AF0CC
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B70E910_2_045B70E9
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BF0E010_2_045BF0E0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045CB16B10_2_045CB16B
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044EF17210_2_044EF172
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0453516C10_2_0453516C
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0450B1B010_2_0450B1B0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0451B2C010_2_0451B2C0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045A12ED10_2_045A12ED
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045052A010_2_045052A0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044ED34C10_2_044ED34C
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B132D10_2_045B132D
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0454739A10_2_0454739A
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04579C3210_2_04579C32
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BFCF210_2_045BFCF2
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B1D5A10_2_045B1D5A
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04503D4010_2_04503D40
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B7D7310_2_045B7D73
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0451FDC010_2_0451FDC0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04509EB010_2_04509EB0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BFF0910_2_045BFF09
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044C3FD510_2_044C3FD5
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044C3FD210_2_044C3FD2
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04501F9210_2_04501F92
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BFFB110_2_045BFFB1
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0456D80010_2_0456D800
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045038E010_2_045038E0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0450995010_2_04509950
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0451B95010_2_0451B950
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0459591010_2_04595910
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BFA4910_2_045BFA49
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045B7A4610_2_045B7A46
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04573A6C10_2_04573A6C
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045ADAC610_2_045ADAC6
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04545AA010_2_04545AA0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0459DAAC10_2_0459DAAC
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045A1AA310_2_045A1AA3
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_045BFB7610_2_045BFB76
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_04575BF010_2_04575BF0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0453DBF910_2_0453DBF9
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_0451FB8010_2_0451FB80
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004C212010_2_004C2120
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004BD01010_2_004BD010
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004BB21710_2_004BB217
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004BB22010_2_004BB220
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004BD23010_2_004BD230
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004BB36B10_2_004BB36B
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004BB37010_2_004BB370
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004C57B010_2_004C57B0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004C39C510_2_004C39C5
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004C39C010_2_004C39C0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004DBEA010_2_004DBEA0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043F542410_2_043F5424
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043EE4A310_2_043EE4A3
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043EE38410_2_043EE384
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043EE83D10_2_043EE83D
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043ED90810_2_043ED908
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043F5BD110_2_043F5BD1
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: String function: 01A3EA12 appears 86 times
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: String function: 01A05130 appears 58 times
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: String function: 01A17E54 appears 111 times
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: String function: 019BB970 appears 280 times
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: String function: 01A4F290 appears 105 times
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: String function: 04547E54 appears 111 times
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: String function: 0456EA12 appears 86 times
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: String function: 044EB970 appears 280 times
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: String function: 04535130 appears 58 times
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: String function: 0457F290 appears 105 times
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1149982365.0000000003600000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs UB BO 14-3-2025.exe
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1153661972.0000000008490000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTL.dll" vs UB BO 14-3-2025.exe
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1149758256.000000000188E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs UB BO 14-3-2025.exe
                Source: UB BO 14-3-2025.exe, 00000000.00000002.1154231587.0000000008A70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs UB BO 14-3-2025.exe
                Source: UB BO 14-3-2025.exe, 00000000.00000000.1126584997.00000000010B0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameYRtW.exe4 vs UB BO 14-3-2025.exe
                Source: UB BO 14-3-2025.exe, 00000001.00000002.1580023195.0000000001ABD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UB BO 14-3-2025.exe
                Source: UB BO 14-3-2025.exeBinary or memory string: OriginalFilenameYRtW.exe4 vs UB BO 14-3-2025.exe
                Source: UB BO 14-3-2025.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: UB BO 14-3-2025.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, R7mgP2TOGFwpRWcUbb.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, R7mgP2TOGFwpRWcUbb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, R7mgP2TOGFwpRWcUbb.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, Clf96BYUlJ29es7rBQ.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, Clf96BYUlJ29es7rBQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@15/7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\UB BO 14-3-2025.exe.logJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\dxdiag.exeFile created: C:\Users\user\AppData\Local\Temp\20Xb-18Jump to behavior
                Source: UB BO 14-3-2025.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: UB BO 14-3-2025.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: dxdiag.exe, 0000000A.00000003.1761254663.0000000002938000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000002.3603377189.0000000002938000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: UB BO 14-3-2025.exeVirustotal: Detection: 43%
                Source: UB BO 14-3-2025.exeReversingLabs: Detection: 50%
                Source: unknownProcess created: C:\Users\user\Desktop\UB BO 14-3-2025.exe "C:\Users\user\Desktop\UB BO 14-3-2025.exe"
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess created: C:\Users\user\Desktop\UB BO 14-3-2025.exe "C:\Users\user\Desktop\UB BO 14-3-2025.exe"
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeProcess created: C:\Windows\SysWOW64\dxdiag.exe "C:\Windows\SysWOW64\dxdiag.exe"
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess created: C:\Users\user\Desktop\UB BO 14-3-2025.exe "C:\Users\user\Desktop\UB BO 14-3-2025.exe"Jump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeProcess created: C:\Windows\SysWOW64\dxdiag.exe "C:\Windows\SysWOW64\dxdiag.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: UB BO 14-3-2025.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: UB BO 14-3-2025.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: dxdiag.pdbGCTL source: wN0oVYUN02oHqTQE.exe, 00000009.00000002.3603567301.000000000156E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: UB BO 14-3-2025.exe, 00000001.00000002.1580023195.0000000001990000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000003.1582288667.000000000430C000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000002.3604571161.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000002.3604571161.000000000465E000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000003.1579997677.0000000004151000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: dxdiag.pdb source: wN0oVYUN02oHqTQE.exe, 00000009.00000002.3603567301.000000000156E000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: UB BO 14-3-2025.exe, UB BO 14-3-2025.exe, 00000001.00000002.1580023195.0000000001990000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, dxdiag.exe, 0000000A.00000003.1582288667.000000000430C000.00000004.00000020.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000002.3604571161.00000000044C0000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000002.3604571161.000000000465E000.00000040.00001000.00020000.00000000.sdmp, dxdiag.exe, 0000000A.00000003.1579997677.0000000004151000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: wN0oVYUN02oHqTQE.exe, 00000009.00000002.3602695168.00000000003BF000.00000002.00000001.01000000.0000000C.sdmp, wN0oVYUN02oHqTQE.exe, 0000000B.00000000.1651536628.00000000003BF000.00000002.00000001.01000000.0000000C.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, R7mgP2TOGFwpRWcUbb.cs.Net Code: JmibWKabLt System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00402205 push edx; iretd 1_2_00402216
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00402217 push esi; iretd 1_2_00402218
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_004182C3 push esi; iretd 1_2_00418352
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00401AC3 push esi; retf 1_2_00401AD6
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00418334 push esi; iretd 1_2_00418352
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00404BE6 push eax; ret 1_2_00404BE7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_004033A0 push eax; ret 1_2_004033A2
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_0199225F pushad ; ret 1_2_019927F9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019927FA pushad ; ret 1_2_019927F9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C09AD push ecx; mov dword ptr [esp], ecx1_2_019C09B6
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_0199283D push eax; iretd 1_2_01992858
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01991200 push eax; iretd 1_2_01991369
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044C27FA pushad ; ret 10_2_044C27F9
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044C225F pushad ; ret 10_2_044C27F9
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044C283D push eax; iretd 10_2_044C2858
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_044F09AD push ecx; mov dword ptr [esp], ecx10_2_044F09B6
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004CA2F3 push 1E55D481h; retf 10_2_004CA321
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004CC33A push 4577BC2Fh; ret 10_2_004CC36E
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004CC536 push ecx; retf 10_2_004CC537
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004C287E pushfd ; ret 10_2_004C28A0
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004C4F20 push esi; iretd 10_2_004C4FAF
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004C4F91 push esi; iretd 10_2_004C4FAF
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004B1843 push eax; ret 10_2_004B1844
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004CBDAA push es; ret 10_2_004CBDC2
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004CBE38 push 7D3C0A07h; iretd 10_2_004CBE3D
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004CDE30 pushad ; iretd 10_2_004CDE43
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043E7448 push eax; iretd 10_2_043E749E
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043EC4C5 pushfd ; retf 10_2_043EC4C6
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043E5179 push ss; iretd 10_2_043E517A
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043E522D push eax; iretd 10_2_043E522E
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_043EC26C push eax; ret 10_2_043EC26D
                Source: UB BO 14-3-2025.exeStatic PE information: section name: .text entropy: 7.780188744235169
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, oTyD3P5bbwpbYC5NMQN.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tDKqvYMsIr', 'JIOqVIBMIl', 'g7Rq9tVDpo', 'yKuqq0FPvB', 'tn5q1DF8yU', 'Y8lqMkJ3Y1', 'KLsqgKAfav'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, cH6JSIr1qB5yoIyj5U.csHigh entropy of concatenated method names: 'is9vDM0nRh', 'L1Ivi52d5C', 'G5Svdg3R0W', 'bpPvmXJPUE', 'iiLvnGK04q', 'YHavyuSHsj', 'kMSvBtPTjO', 'm6Lvuh8E1n', 'zH1vL7emaW', 'RZnvt60LNU'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, zfJUkMb6UZBqs70iVK.csHigh entropy of concatenated method names: 'NJJ5Zlf96B', 'dlJ5T29es7', 'm9S5xUstFs', 'c9o58uEZtQ', 'WTu5PxD5Nt', 'RRp5hYyacw', 'BriwdAraMcedHQypYn', 'ffF8swMNjqsC9ggusf', 'nUs55VPPuA', 'Ndx5U5wnTR'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, Y8bvmW2DOLbD9LtQn1.csHigh entropy of concatenated method names: 'ToString', 'c6PhS5bUAu', 'kZ8hiBscMb', 'LSvhd6Wo5o', 'kOWhm8bc8H', 'iklhnCvXgm', 'BgfhyuIpRN', 'cVMhBPR6sD', 'e1lhu9jpV9', 'FwHhLY8L4N'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, fZtQMqw39xHuW3TuxD.csHigh entropy of concatenated method names: 'qj8OFDEDQI', 'u2DOJoAfOj', 'p6LQdZ88eH', 'gyyQmUrY32', 'itFQnALlbB', 'aouQy7Ltdd', 'pLfQBl4Phu', 'AhYQuV67An', 'mJ5QLrdhsx', 'x3GQt5fWGA'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, aNtkRpDYyacwvcy5pa.csHigh entropy of concatenated method names: 'VldANNgI6P', 'OUwAcYFLr7', 'dhbAOO6XIC', 'f6EAZUHBkB', 'UK6ATyudXJ', 'cmOORd2l5N', 'nmJOGrk5H4', 'tx2O3vARdW', 'AxkOeieHn8', 'u28OrYC4ks'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, R7mgP2TOGFwpRWcUbb.csHigh entropy of concatenated method names: 'I5gUNi6Umd', 'TF1UErMRsf', 'FF4UcX8VvD', 'OAMUQfS8uh', 'S4JUOrnPCC', 'sfWUAne4AA', 'HW4UZ3nAtq', 'RMHUTBxjoi', 'NMNU6lDPSf', 'a2dUxQPC6F'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, uwc7lmGZQkMi3Uth0y.csHigh entropy of concatenated method names: 'AZkoeqPeuF', 'vmxolZlhkh', 'WygHaPAQVh', 'boCH5gCpel', 'm80oSrxgmG', 'd1DoCdioD9', 'gSVoKIHrWm', 'QBrofR0JNt', 'FyeokJwiw5', 'N9Eo2sIXGD'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, najXxNK18EFGRM2YGE.csHigh entropy of concatenated method names: 'gPq7YTjCee', 'PwB7jU3Ucu', 'FgY7DCVmbU', 'Vls7ix8epF', 'bKL7mKUGsV', 'g1y7n5EoDo', 'pjL7Bf4TG4', 'NjG7uPbp07', 'dtw7tAEJUC', 'M1t7SMog0M'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, O5jWHy55rsTBNLIq2wh.csHigh entropy of concatenated method names: 'He3VlocHnT', 'EkAVzAeEhO', 'uVj9aAGbnc', 'p8o95mwcTd', 'IaS9pXtAMD', 'Pbn9U2YbUj', 'VnC9b2Dp1U', 'eSW9NtYkoX', 'af79EBlKW3', 'vbk9caDTEd'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, HfvtTpzkFkvPsAYMoC.csHigh entropy of concatenated method names: 'S8fVsjMCBp', 'rcDVY0bjdW', 'XrOVjPUnRZ', 'f5xVD7tNoi', 'eGRVi4SE3N', 'sLqVmu8nBV', 'olXVnf0vHe', 'nu2Vg94emS', 'fiZVIWUeMS', 'AsUV4tVPIH'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, wkZdDcpI6R9EgmxD8I.csHigh entropy of concatenated method names: 'Qv7W7p4Fc', 'a650o3xMf', 'qiXsDbcbk', 'r5hJHmiKR', 'eDSjVKpiv', 'DYVwTEQAl', 'Ha6jo4bsqrFjB3DiSi', 'Desq8e2PYNReH7yM2i', 'fSeHByASe', 'hH9VymKUB'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, medTD8j9SUstFsU9ou.csHigh entropy of concatenated method names: 'oibQ0aPEKo', 'AcUQsC2Shq', 'MoIQYwMCdW', 'Y64QjdvoBD', 'l5PQPdFgwe', 'pA7QhkqJ1x', 'KEbQoZnVk2', 'waVQHMTiTt', 'TpgQvhSRqm', 'WUAQVaxkEI'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, q1Tfyq3Do2CYZyktqv.csHigh entropy of concatenated method names: 'wE1vPTX6Tx', 'iCWvoCRhv0', 'FTwvvWEuim', 'NQBv9CsNrv', 'e8vv1oiUJT', 'mWivgWfxOy', 'Dispose', 'QrXHE5TMb5', 'Jl8HcxVXP1', 'VePHQSmTu2'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, vS5aq7LpQy8nJ4qX8u.csHigh entropy of concatenated method names: 'NVLZIlLex9', 'alMZ4Qb9l7', 'tfNZW6Ua6U', 'j2HZ0rfc5G', 'cEAZFlPWRv', 'ck2ZsBjVU5', 'aWZZJSOw3n', 'WwRZY0Zj0E', 'KuqZjde48u', 'vNJZwLG6mI'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, Vnh2pDBtBZIYrRuwo3.csHigh entropy of concatenated method names: 'XawZERkRQ2', 'kuTZQgWOtL', 'THRZArmYL7', 'NAKAlqeSlX', 'DNlAzHKcbx', 'CFAZaeKAxE', 'SXeZ5wxgFE', 'KJOZpP1Vhw', 'O1SZUg19bo', 'hStZbICFrV'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, UNt92ScBr2OWh8u6bw.csHigh entropy of concatenated method names: 'Dispose', 'TCY5rZyktq', 'n2cpi9QEBm', 'NC12LpkZyZ', 'rUQ5lprt1Z', 'Dr55zgmkho', 'ProcessDialogKey', 'yJUpaH6JSI', 'uqBp55yoIy', 'E5Upp4ISAp'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, Xs8ElwQrRQxiU2rsaI.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'QWyprQdHry', 'ibMplfgCy7', 'A1ppz6WLFi', 'T5JUaFbFxE', 'QHZU5Qpl8c', 'xgqUp1ma9o', 'SHkUUsysld', 'xq8ACAp6Oj1tfBvwQbc'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, amvEFymPW7FKwVGI3b.csHigh entropy of concatenated method names: 'oYtAgwCRqL', 'GmPAIbUgXv', 'NpZAWMNdUm', 'xEkA0nvkEq', 'DA7AsJo9ln', 'dYeAJYd8rK', 'u7xAjUWJXx', 'PyTAwY9na2', 'S78VWi4VRVW6l3hGMFP', 'zvChTs48DP6CNt4mi4L'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, yISAp6lVY3uvnd8Mba.csHigh entropy of concatenated method names: 'FsyVQ8TtiG', 'V0RVOPKebB', 'DfcVASojwn', 'gYTVZjkDcV', 'UrIVvFbvfM', 'eJnVTd6VT4', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.UB BO 14-3-2025.exe.8a70000.5.raw.unpack, Clf96BYUlJ29es7rBQ.csHigh entropy of concatenated method names: 'lOycfIsmMP', 'QGZck2UMeH', 'TS9c2LQ2QG', 'eWbcXuAaL1', 'w34cRtJesX', 'KxPcGs8svS', 'J6Rc3hMDxn', 'L8bceeoJ5E', 'EdZcr5e7hI', 'YuBclj1pve'
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: UB BO 14-3-2025.exe PID: 7736, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI/Special instruction interceptor: Address: 7FFCC372D324
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI/Special instruction interceptor: Address: 7FFCC372D7E4
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI/Special instruction interceptor: Address: 7FFCC372D944
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI/Special instruction interceptor: Address: 7FFCC372D504
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI/Special instruction interceptor: Address: 7FFCC372D544
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI/Special instruction interceptor: Address: 7FFCC372D1E4
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI/Special instruction interceptor: Address: 7FFCC3730154
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI/Special instruction interceptor: Address: 7FFCC372DA44
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeMemory allocated: 17E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeMemory allocated: 3370000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeMemory allocated: 5370000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeMemory allocated: 8C60000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeMemory allocated: 9C60000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeMemory allocated: 9E40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeMemory allocated: AE40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A0096E rdtsc 1_2_01A0096E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeWindow / User API: threadDelayed 9821Jump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\dxdiag.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exe TID: 7740Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exe TID: 7756Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exe TID: 7780Thread sleep count: 152 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exe TID: 7780Thread sleep time: -304000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exe TID: 7780Thread sleep count: 9821 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exe TID: 7780Thread sleep time: -19642000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exe TID: 5344Thread sleep time: -75000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exe TID: 5344Thread sleep count: 33 > 30Jump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exe TID: 5344Thread sleep time: -49500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exe TID: 5344Thread sleep count: 39 > 30Jump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exe TID: 5344Thread sleep time: -39000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\dxdiag.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\dxdiag.exeCode function: 10_2_004CC9E0 FindFirstFileW,FindNextFileW,FindClose,10_2_004CC9E0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeThread delayed: delay time: 30000Jump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: dxdiag.exe, 0000000A.00000002.3603377189.00000000028CC000.00000004.00000020.00020000.00000000.sdmp, wN0oVYUN02oHqTQE.exe, 0000000B.00000002.3603806050.0000000000B19000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1878473735.000002344836C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A0096E rdtsc 1_2_01A0096E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_00417CF3 LdrLoadDll,1_2_00417CF3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BA197 mov eax, dword ptr fs:[00000030h]1_2_019BA197
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BA197 mov eax, dword ptr fs:[00000030h]1_2_019BA197
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BA197 mov eax, dword ptr fs:[00000030h]1_2_019BA197
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A00185 mov eax, dword ptr fs:[00000030h]1_2_01A00185
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A64180 mov eax, dword ptr fs:[00000030h]1_2_01A64180
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A64180 mov eax, dword ptr fs:[00000030h]1_2_01A64180
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A7C188 mov eax, dword ptr fs:[00000030h]1_2_01A7C188
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A7C188 mov eax, dword ptr fs:[00000030h]1_2_01A7C188
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4019F mov eax, dword ptr fs:[00000030h]1_2_01A4019F
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4019F mov eax, dword ptr fs:[00000030h]1_2_01A4019F
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4019F mov eax, dword ptr fs:[00000030h]1_2_01A4019F
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4019F mov eax, dword ptr fs:[00000030h]1_2_01A4019F
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A961E5 mov eax, dword ptr fs:[00000030h]1_2_01A961E5
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F01F8 mov eax, dword ptr fs:[00000030h]1_2_019F01F8
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A861C3 mov eax, dword ptr fs:[00000030h]1_2_01A861C3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A861C3 mov eax, dword ptr fs:[00000030h]1_2_01A861C3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E1D0 mov eax, dword ptr fs:[00000030h]1_2_01A3E1D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E1D0 mov eax, dword ptr fs:[00000030h]1_2_01A3E1D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E1D0 mov ecx, dword ptr fs:[00000030h]1_2_01A3E1D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E1D0 mov eax, dword ptr fs:[00000030h]1_2_01A3E1D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E1D0 mov eax, dword ptr fs:[00000030h]1_2_01A3E1D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E10E mov eax, dword ptr fs:[00000030h]1_2_01A6E10E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E10E mov ecx, dword ptr fs:[00000030h]1_2_01A6E10E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E10E mov eax, dword ptr fs:[00000030h]1_2_01A6E10E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E10E mov eax, dword ptr fs:[00000030h]1_2_01A6E10E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E10E mov ecx, dword ptr fs:[00000030h]1_2_01A6E10E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E10E mov eax, dword ptr fs:[00000030h]1_2_01A6E10E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E10E mov eax, dword ptr fs:[00000030h]1_2_01A6E10E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E10E mov ecx, dword ptr fs:[00000030h]1_2_01A6E10E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E10E mov eax, dword ptr fs:[00000030h]1_2_01A6E10E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E10E mov ecx, dword ptr fs:[00000030h]1_2_01A6E10E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F0124 mov eax, dword ptr fs:[00000030h]1_2_019F0124
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A80115 mov eax, dword ptr fs:[00000030h]1_2_01A80115
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6A118 mov ecx, dword ptr fs:[00000030h]1_2_01A6A118
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6A118 mov eax, dword ptr fs:[00000030h]1_2_01A6A118
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6A118 mov eax, dword ptr fs:[00000030h]1_2_01A6A118
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6A118 mov eax, dword ptr fs:[00000030h]1_2_01A6A118
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C6154 mov eax, dword ptr fs:[00000030h]1_2_019C6154
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C6154 mov eax, dword ptr fs:[00000030h]1_2_019C6154
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BC156 mov eax, dword ptr fs:[00000030h]1_2_019BC156
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94164 mov eax, dword ptr fs:[00000030h]1_2_01A94164
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94164 mov eax, dword ptr fs:[00000030h]1_2_01A94164
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A54144 mov eax, dword ptr fs:[00000030h]1_2_01A54144
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A54144 mov eax, dword ptr fs:[00000030h]1_2_01A54144
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A54144 mov ecx, dword ptr fs:[00000030h]1_2_01A54144
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A54144 mov eax, dword ptr fs:[00000030h]1_2_01A54144
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A54144 mov eax, dword ptr fs:[00000030h]1_2_01A54144
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A58158 mov eax, dword ptr fs:[00000030h]1_2_01A58158
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A580A8 mov eax, dword ptr fs:[00000030h]1_2_01A580A8
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A860B8 mov eax, dword ptr fs:[00000030h]1_2_01A860B8
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A860B8 mov ecx, dword ptr fs:[00000030h]1_2_01A860B8
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C208A mov eax, dword ptr fs:[00000030h]1_2_019C208A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B80A0 mov eax, dword ptr fs:[00000030h]1_2_019B80A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A460E0 mov eax, dword ptr fs:[00000030h]1_2_01A460E0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A020F0 mov ecx, dword ptr fs:[00000030h]1_2_01A020F0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BC0F0 mov eax, dword ptr fs:[00000030h]1_2_019BC0F0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C80E9 mov eax, dword ptr fs:[00000030h]1_2_019C80E9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BA0E3 mov ecx, dword ptr fs:[00000030h]1_2_019BA0E3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A420DE mov eax, dword ptr fs:[00000030h]1_2_01A420DE
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DE016 mov eax, dword ptr fs:[00000030h]1_2_019DE016
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DE016 mov eax, dword ptr fs:[00000030h]1_2_019DE016
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DE016 mov eax, dword ptr fs:[00000030h]1_2_019DE016
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DE016 mov eax, dword ptr fs:[00000030h]1_2_019DE016
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A56030 mov eax, dword ptr fs:[00000030h]1_2_01A56030
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A44000 mov ecx, dword ptr fs:[00000030h]1_2_01A44000
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A62000 mov eax, dword ptr fs:[00000030h]1_2_01A62000
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A62000 mov eax, dword ptr fs:[00000030h]1_2_01A62000
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A62000 mov eax, dword ptr fs:[00000030h]1_2_01A62000
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A62000 mov eax, dword ptr fs:[00000030h]1_2_01A62000
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A62000 mov eax, dword ptr fs:[00000030h]1_2_01A62000
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A62000 mov eax, dword ptr fs:[00000030h]1_2_01A62000
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A62000 mov eax, dword ptr fs:[00000030h]1_2_01A62000
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A62000 mov eax, dword ptr fs:[00000030h]1_2_01A62000
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BA020 mov eax, dword ptr fs:[00000030h]1_2_019BA020
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BC020 mov eax, dword ptr fs:[00000030h]1_2_019BC020
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C2050 mov eax, dword ptr fs:[00000030h]1_2_019C2050
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EC073 mov eax, dword ptr fs:[00000030h]1_2_019EC073
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A46050 mov eax, dword ptr fs:[00000030h]1_2_01A46050
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B8397 mov eax, dword ptr fs:[00000030h]1_2_019B8397
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B8397 mov eax, dword ptr fs:[00000030h]1_2_019B8397
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B8397 mov eax, dword ptr fs:[00000030h]1_2_019B8397
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E438F mov eax, dword ptr fs:[00000030h]1_2_019E438F
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E438F mov eax, dword ptr fs:[00000030h]1_2_019E438F
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BE388 mov eax, dword ptr fs:[00000030h]1_2_019BE388
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BE388 mov eax, dword ptr fs:[00000030h]1_2_019BE388
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BE388 mov eax, dword ptr fs:[00000030h]1_2_019BE388
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA3C0 mov eax, dword ptr fs:[00000030h]1_2_019CA3C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA3C0 mov eax, dword ptr fs:[00000030h]1_2_019CA3C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA3C0 mov eax, dword ptr fs:[00000030h]1_2_019CA3C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA3C0 mov eax, dword ptr fs:[00000030h]1_2_019CA3C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA3C0 mov eax, dword ptr fs:[00000030h]1_2_019CA3C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA3C0 mov eax, dword ptr fs:[00000030h]1_2_019CA3C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C83C0 mov eax, dword ptr fs:[00000030h]1_2_019C83C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C83C0 mov eax, dword ptr fs:[00000030h]1_2_019C83C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C83C0 mov eax, dword ptr fs:[00000030h]1_2_019C83C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C83C0 mov eax, dword ptr fs:[00000030h]1_2_019C83C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F63FF mov eax, dword ptr fs:[00000030h]1_2_019F63FF
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A463C0 mov eax, dword ptr fs:[00000030h]1_2_01A463C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A7C3CD mov eax, dword ptr fs:[00000030h]1_2_01A7C3CD
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DE3F0 mov eax, dword ptr fs:[00000030h]1_2_019DE3F0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DE3F0 mov eax, dword ptr fs:[00000030h]1_2_019DE3F0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DE3F0 mov eax, dword ptr fs:[00000030h]1_2_019DE3F0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A643D4 mov eax, dword ptr fs:[00000030h]1_2_01A643D4
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A643D4 mov eax, dword ptr fs:[00000030h]1_2_01A643D4
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D03E9 mov eax, dword ptr fs:[00000030h]1_2_019D03E9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D03E9 mov eax, dword ptr fs:[00000030h]1_2_019D03E9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D03E9 mov eax, dword ptr fs:[00000030h]1_2_019D03E9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D03E9 mov eax, dword ptr fs:[00000030h]1_2_019D03E9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D03E9 mov eax, dword ptr fs:[00000030h]1_2_019D03E9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D03E9 mov eax, dword ptr fs:[00000030h]1_2_019D03E9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D03E9 mov eax, dword ptr fs:[00000030h]1_2_019D03E9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D03E9 mov eax, dword ptr fs:[00000030h]1_2_019D03E9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E3DB mov eax, dword ptr fs:[00000030h]1_2_01A6E3DB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E3DB mov eax, dword ptr fs:[00000030h]1_2_01A6E3DB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E3DB mov ecx, dword ptr fs:[00000030h]1_2_01A6E3DB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6E3DB mov eax, dword ptr fs:[00000030h]1_2_01A6E3DB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BC310 mov ecx, dword ptr fs:[00000030h]1_2_019BC310
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A98324 mov eax, dword ptr fs:[00000030h]1_2_01A98324
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A98324 mov ecx, dword ptr fs:[00000030h]1_2_01A98324
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A98324 mov eax, dword ptr fs:[00000030h]1_2_01A98324
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A98324 mov eax, dword ptr fs:[00000030h]1_2_01A98324
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E0310 mov ecx, dword ptr fs:[00000030h]1_2_019E0310
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA30B mov eax, dword ptr fs:[00000030h]1_2_019FA30B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA30B mov eax, dword ptr fs:[00000030h]1_2_019FA30B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA30B mov eax, dword ptr fs:[00000030h]1_2_019FA30B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6437C mov eax, dword ptr fs:[00000030h]1_2_01A6437C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A9634F mov eax, dword ptr fs:[00000030h]1_2_01A9634F
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A42349 mov eax, dword ptr fs:[00000030h]1_2_01A42349
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A68350 mov ecx, dword ptr fs:[00000030h]1_2_01A68350
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4035C mov eax, dword ptr fs:[00000030h]1_2_01A4035C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4035C mov eax, dword ptr fs:[00000030h]1_2_01A4035C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4035C mov eax, dword ptr fs:[00000030h]1_2_01A4035C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4035C mov ecx, dword ptr fs:[00000030h]1_2_01A4035C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4035C mov eax, dword ptr fs:[00000030h]1_2_01A4035C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4035C mov eax, dword ptr fs:[00000030h]1_2_01A4035C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8A352 mov eax, dword ptr fs:[00000030h]1_2_01A8A352
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A562A0 mov eax, dword ptr fs:[00000030h]1_2_01A562A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A562A0 mov ecx, dword ptr fs:[00000030h]1_2_01A562A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A562A0 mov eax, dword ptr fs:[00000030h]1_2_01A562A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A562A0 mov eax, dword ptr fs:[00000030h]1_2_01A562A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A562A0 mov eax, dword ptr fs:[00000030h]1_2_01A562A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A562A0 mov eax, dword ptr fs:[00000030h]1_2_01A562A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE284 mov eax, dword ptr fs:[00000030h]1_2_019FE284
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE284 mov eax, dword ptr fs:[00000030h]1_2_019FE284
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A40283 mov eax, dword ptr fs:[00000030h]1_2_01A40283
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A40283 mov eax, dword ptr fs:[00000030h]1_2_01A40283
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A40283 mov eax, dword ptr fs:[00000030h]1_2_01A40283
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D02A0 mov eax, dword ptr fs:[00000030h]1_2_019D02A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D02A0 mov eax, dword ptr fs:[00000030h]1_2_019D02A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA2C3 mov eax, dword ptr fs:[00000030h]1_2_019CA2C3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA2C3 mov eax, dword ptr fs:[00000030h]1_2_019CA2C3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA2C3 mov eax, dword ptr fs:[00000030h]1_2_019CA2C3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA2C3 mov eax, dword ptr fs:[00000030h]1_2_019CA2C3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA2C3 mov eax, dword ptr fs:[00000030h]1_2_019CA2C3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D02E1 mov eax, dword ptr fs:[00000030h]1_2_019D02E1
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D02E1 mov eax, dword ptr fs:[00000030h]1_2_019D02E1
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D02E1 mov eax, dword ptr fs:[00000030h]1_2_019D02E1
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A962D6 mov eax, dword ptr fs:[00000030h]1_2_01A962D6
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B823B mov eax, dword ptr fs:[00000030h]1_2_019B823B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C6259 mov eax, dword ptr fs:[00000030h]1_2_019C6259
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BA250 mov eax, dword ptr fs:[00000030h]1_2_019BA250
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A70274 mov eax, dword ptr fs:[00000030h]1_2_01A70274
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A48243 mov eax, dword ptr fs:[00000030h]1_2_01A48243
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A48243 mov ecx, dword ptr fs:[00000030h]1_2_01A48243
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B826B mov eax, dword ptr fs:[00000030h]1_2_019B826B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A9625D mov eax, dword ptr fs:[00000030h]1_2_01A9625D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A7A250 mov eax, dword ptr fs:[00000030h]1_2_01A7A250
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A7A250 mov eax, dword ptr fs:[00000030h]1_2_01A7A250
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C4260 mov eax, dword ptr fs:[00000030h]1_2_019C4260
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C4260 mov eax, dword ptr fs:[00000030h]1_2_019C4260
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C4260 mov eax, dword ptr fs:[00000030h]1_2_019C4260
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE59C mov eax, dword ptr fs:[00000030h]1_2_019FE59C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A405A7 mov eax, dword ptr fs:[00000030h]1_2_01A405A7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A405A7 mov eax, dword ptr fs:[00000030h]1_2_01A405A7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A405A7 mov eax, dword ptr fs:[00000030h]1_2_01A405A7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F4588 mov eax, dword ptr fs:[00000030h]1_2_019F4588
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C2582 mov eax, dword ptr fs:[00000030h]1_2_019C2582
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C2582 mov ecx, dword ptr fs:[00000030h]1_2_019C2582
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E45B1 mov eax, dword ptr fs:[00000030h]1_2_019E45B1
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E45B1 mov eax, dword ptr fs:[00000030h]1_2_019E45B1
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C65D0 mov eax, dword ptr fs:[00000030h]1_2_019C65D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA5D0 mov eax, dword ptr fs:[00000030h]1_2_019FA5D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA5D0 mov eax, dword ptr fs:[00000030h]1_2_019FA5D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE5CF mov eax, dword ptr fs:[00000030h]1_2_019FE5CF
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE5CF mov eax, dword ptr fs:[00000030h]1_2_019FE5CF
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FC5ED mov eax, dword ptr fs:[00000030h]1_2_019FC5ED
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FC5ED mov eax, dword ptr fs:[00000030h]1_2_019FC5ED
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE5E7 mov eax, dword ptr fs:[00000030h]1_2_019EE5E7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE5E7 mov eax, dword ptr fs:[00000030h]1_2_019EE5E7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE5E7 mov eax, dword ptr fs:[00000030h]1_2_019EE5E7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE5E7 mov eax, dword ptr fs:[00000030h]1_2_019EE5E7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE5E7 mov eax, dword ptr fs:[00000030h]1_2_019EE5E7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE5E7 mov eax, dword ptr fs:[00000030h]1_2_019EE5E7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE5E7 mov eax, dword ptr fs:[00000030h]1_2_019EE5E7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE5E7 mov eax, dword ptr fs:[00000030h]1_2_019EE5E7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C25E0 mov eax, dword ptr fs:[00000030h]1_2_019C25E0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE53E mov eax, dword ptr fs:[00000030h]1_2_019EE53E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE53E mov eax, dword ptr fs:[00000030h]1_2_019EE53E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE53E mov eax, dword ptr fs:[00000030h]1_2_019EE53E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE53E mov eax, dword ptr fs:[00000030h]1_2_019EE53E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE53E mov eax, dword ptr fs:[00000030h]1_2_019EE53E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A56500 mov eax, dword ptr fs:[00000030h]1_2_01A56500
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0535 mov eax, dword ptr fs:[00000030h]1_2_019D0535
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0535 mov eax, dword ptr fs:[00000030h]1_2_019D0535
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0535 mov eax, dword ptr fs:[00000030h]1_2_019D0535
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0535 mov eax, dword ptr fs:[00000030h]1_2_019D0535
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0535 mov eax, dword ptr fs:[00000030h]1_2_019D0535
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0535 mov eax, dword ptr fs:[00000030h]1_2_019D0535
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94500 mov eax, dword ptr fs:[00000030h]1_2_01A94500
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94500 mov eax, dword ptr fs:[00000030h]1_2_01A94500
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94500 mov eax, dword ptr fs:[00000030h]1_2_01A94500
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94500 mov eax, dword ptr fs:[00000030h]1_2_01A94500
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94500 mov eax, dword ptr fs:[00000030h]1_2_01A94500
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94500 mov eax, dword ptr fs:[00000030h]1_2_01A94500
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94500 mov eax, dword ptr fs:[00000030h]1_2_01A94500
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C8550 mov eax, dword ptr fs:[00000030h]1_2_019C8550
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C8550 mov eax, dword ptr fs:[00000030h]1_2_019C8550
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F656A mov eax, dword ptr fs:[00000030h]1_2_019F656A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F656A mov eax, dword ptr fs:[00000030h]1_2_019F656A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F656A mov eax, dword ptr fs:[00000030h]1_2_019F656A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4A4B0 mov eax, dword ptr fs:[00000030h]1_2_01A4A4B0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F44B0 mov ecx, dword ptr fs:[00000030h]1_2_019F44B0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C64AB mov eax, dword ptr fs:[00000030h]1_2_019C64AB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A7A49A mov eax, dword ptr fs:[00000030h]1_2_01A7A49A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C04E5 mov ecx, dword ptr fs:[00000030h]1_2_019C04E5
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A46420 mov eax, dword ptr fs:[00000030h]1_2_01A46420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A46420 mov eax, dword ptr fs:[00000030h]1_2_01A46420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A46420 mov eax, dword ptr fs:[00000030h]1_2_01A46420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A46420 mov eax, dword ptr fs:[00000030h]1_2_01A46420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A46420 mov eax, dword ptr fs:[00000030h]1_2_01A46420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A46420 mov eax, dword ptr fs:[00000030h]1_2_01A46420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A46420 mov eax, dword ptr fs:[00000030h]1_2_01A46420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F8402 mov eax, dword ptr fs:[00000030h]1_2_019F8402
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F8402 mov eax, dword ptr fs:[00000030h]1_2_019F8402
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F8402 mov eax, dword ptr fs:[00000030h]1_2_019F8402
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA430 mov eax, dword ptr fs:[00000030h]1_2_019FA430
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BE420 mov eax, dword ptr fs:[00000030h]1_2_019BE420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BE420 mov eax, dword ptr fs:[00000030h]1_2_019BE420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BE420 mov eax, dword ptr fs:[00000030h]1_2_019BE420
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BC427 mov eax, dword ptr fs:[00000030h]1_2_019BC427
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E245A mov eax, dword ptr fs:[00000030h]1_2_019E245A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4C460 mov ecx, dword ptr fs:[00000030h]1_2_01A4C460
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B645D mov eax, dword ptr fs:[00000030h]1_2_019B645D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE443 mov eax, dword ptr fs:[00000030h]1_2_019FE443
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE443 mov eax, dword ptr fs:[00000030h]1_2_019FE443
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE443 mov eax, dword ptr fs:[00000030h]1_2_019FE443
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE443 mov eax, dword ptr fs:[00000030h]1_2_019FE443
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE443 mov eax, dword ptr fs:[00000030h]1_2_019FE443
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE443 mov eax, dword ptr fs:[00000030h]1_2_019FE443
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE443 mov eax, dword ptr fs:[00000030h]1_2_019FE443
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FE443 mov eax, dword ptr fs:[00000030h]1_2_019FE443
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EA470 mov eax, dword ptr fs:[00000030h]1_2_019EA470
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EA470 mov eax, dword ptr fs:[00000030h]1_2_019EA470
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EA470 mov eax, dword ptr fs:[00000030h]1_2_019EA470
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A7A456 mov eax, dword ptr fs:[00000030h]1_2_01A7A456
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A747A0 mov eax, dword ptr fs:[00000030h]1_2_01A747A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6678E mov eax, dword ptr fs:[00000030h]1_2_01A6678E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C07AF mov eax, dword ptr fs:[00000030h]1_2_019C07AF
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4E7E1 mov eax, dword ptr fs:[00000030h]1_2_01A4E7E1
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CC7C0 mov eax, dword ptr fs:[00000030h]1_2_019CC7C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C47FB mov eax, dword ptr fs:[00000030h]1_2_019C47FB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C47FB mov eax, dword ptr fs:[00000030h]1_2_019C47FB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A407C3 mov eax, dword ptr fs:[00000030h]1_2_01A407C3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E27ED mov eax, dword ptr fs:[00000030h]1_2_019E27ED
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E27ED mov eax, dword ptr fs:[00000030h]1_2_019E27ED
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E27ED mov eax, dword ptr fs:[00000030h]1_2_019E27ED
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C0710 mov eax, dword ptr fs:[00000030h]1_2_019C0710
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F0710 mov eax, dword ptr fs:[00000030h]1_2_019F0710
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3C730 mov eax, dword ptr fs:[00000030h]1_2_01A3C730
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FC700 mov eax, dword ptr fs:[00000030h]1_2_019FC700
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F273C mov eax, dword ptr fs:[00000030h]1_2_019F273C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F273C mov ecx, dword ptr fs:[00000030h]1_2_019F273C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F273C mov eax, dword ptr fs:[00000030h]1_2_019F273C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FC720 mov eax, dword ptr fs:[00000030h]1_2_019FC720
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FC720 mov eax, dword ptr fs:[00000030h]1_2_019FC720
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C0750 mov eax, dword ptr fs:[00000030h]1_2_019C0750
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F674D mov esi, dword ptr fs:[00000030h]1_2_019F674D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F674D mov eax, dword ptr fs:[00000030h]1_2_019F674D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F674D mov eax, dword ptr fs:[00000030h]1_2_019F674D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C8770 mov eax, dword ptr fs:[00000030h]1_2_019C8770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0770 mov eax, dword ptr fs:[00000030h]1_2_019D0770
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02750 mov eax, dword ptr fs:[00000030h]1_2_01A02750
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02750 mov eax, dword ptr fs:[00000030h]1_2_01A02750
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A44755 mov eax, dword ptr fs:[00000030h]1_2_01A44755
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4E75D mov eax, dword ptr fs:[00000030h]1_2_01A4E75D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C4690 mov eax, dword ptr fs:[00000030h]1_2_019C4690
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C4690 mov eax, dword ptr fs:[00000030h]1_2_019C4690
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F66B0 mov eax, dword ptr fs:[00000030h]1_2_019F66B0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FC6A6 mov eax, dword ptr fs:[00000030h]1_2_019FC6A6
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E6F2 mov eax, dword ptr fs:[00000030h]1_2_01A3E6F2
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E6F2 mov eax, dword ptr fs:[00000030h]1_2_01A3E6F2
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E6F2 mov eax, dword ptr fs:[00000030h]1_2_01A3E6F2
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E6F2 mov eax, dword ptr fs:[00000030h]1_2_01A3E6F2
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A406F1 mov eax, dword ptr fs:[00000030h]1_2_01A406F1
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A406F1 mov eax, dword ptr fs:[00000030h]1_2_01A406F1
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA6C7 mov ebx, dword ptr fs:[00000030h]1_2_019FA6C7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA6C7 mov eax, dword ptr fs:[00000030h]1_2_019FA6C7
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D260B mov eax, dword ptr fs:[00000030h]1_2_019D260B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D260B mov eax, dword ptr fs:[00000030h]1_2_019D260B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D260B mov eax, dword ptr fs:[00000030h]1_2_019D260B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D260B mov eax, dword ptr fs:[00000030h]1_2_019D260B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D260B mov eax, dword ptr fs:[00000030h]1_2_019D260B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D260B mov eax, dword ptr fs:[00000030h]1_2_019D260B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D260B mov eax, dword ptr fs:[00000030h]1_2_019D260B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E609 mov eax, dword ptr fs:[00000030h]1_2_01A3E609
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C262C mov eax, dword ptr fs:[00000030h]1_2_019C262C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A02619 mov eax, dword ptr fs:[00000030h]1_2_01A02619
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DE627 mov eax, dword ptr fs:[00000030h]1_2_019DE627
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F6620 mov eax, dword ptr fs:[00000030h]1_2_019F6620
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F8620 mov eax, dword ptr fs:[00000030h]1_2_019F8620
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8866E mov eax, dword ptr fs:[00000030h]1_2_01A8866E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8866E mov eax, dword ptr fs:[00000030h]1_2_01A8866E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019DC640 mov eax, dword ptr fs:[00000030h]1_2_019DC640
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F2674 mov eax, dword ptr fs:[00000030h]1_2_019F2674
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA660 mov eax, dword ptr fs:[00000030h]1_2_019FA660
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA660 mov eax, dword ptr fs:[00000030h]1_2_019FA660
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A489B3 mov esi, dword ptr fs:[00000030h]1_2_01A489B3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A489B3 mov eax, dword ptr fs:[00000030h]1_2_01A489B3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A489B3 mov eax, dword ptr fs:[00000030h]1_2_01A489B3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C09AD mov eax, dword ptr fs:[00000030h]1_2_019C09AD
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C09AD mov eax, dword ptr fs:[00000030h]1_2_019C09AD
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D29A0 mov eax, dword ptr fs:[00000030h]1_2_019D29A0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4E9E0 mov eax, dword ptr fs:[00000030h]1_2_01A4E9E0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA9D0 mov eax, dword ptr fs:[00000030h]1_2_019CA9D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA9D0 mov eax, dword ptr fs:[00000030h]1_2_019CA9D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA9D0 mov eax, dword ptr fs:[00000030h]1_2_019CA9D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA9D0 mov eax, dword ptr fs:[00000030h]1_2_019CA9D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA9D0 mov eax, dword ptr fs:[00000030h]1_2_019CA9D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CA9D0 mov eax, dword ptr fs:[00000030h]1_2_019CA9D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F49D0 mov eax, dword ptr fs:[00000030h]1_2_019F49D0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A569C0 mov eax, dword ptr fs:[00000030h]1_2_01A569C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F29F9 mov eax, dword ptr fs:[00000030h]1_2_019F29F9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F29F9 mov eax, dword ptr fs:[00000030h]1_2_019F29F9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8A9D3 mov eax, dword ptr fs:[00000030h]1_2_01A8A9D3
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B8918 mov eax, dword ptr fs:[00000030h]1_2_019B8918
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B8918 mov eax, dword ptr fs:[00000030h]1_2_019B8918
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4892A mov eax, dword ptr fs:[00000030h]1_2_01A4892A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A5892B mov eax, dword ptr fs:[00000030h]1_2_01A5892B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E908 mov eax, dword ptr fs:[00000030h]1_2_01A3E908
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3E908 mov eax, dword ptr fs:[00000030h]1_2_01A3E908
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4C912 mov eax, dword ptr fs:[00000030h]1_2_01A4C912
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A0096E mov eax, dword ptr fs:[00000030h]1_2_01A0096E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A0096E mov edx, dword ptr fs:[00000030h]1_2_01A0096E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A0096E mov eax, dword ptr fs:[00000030h]1_2_01A0096E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4C97C mov eax, dword ptr fs:[00000030h]1_2_01A4C97C
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A64978 mov eax, dword ptr fs:[00000030h]1_2_01A64978
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A64978 mov eax, dword ptr fs:[00000030h]1_2_01A64978
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A40946 mov eax, dword ptr fs:[00000030h]1_2_01A40946
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94940 mov eax, dword ptr fs:[00000030h]1_2_01A94940
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E6962 mov eax, dword ptr fs:[00000030h]1_2_019E6962
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E6962 mov eax, dword ptr fs:[00000030h]1_2_019E6962
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E6962 mov eax, dword ptr fs:[00000030h]1_2_019E6962
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C0887 mov eax, dword ptr fs:[00000030h]1_2_019C0887
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4C89D mov eax, dword ptr fs:[00000030h]1_2_01A4C89D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8A8E4 mov eax, dword ptr fs:[00000030h]1_2_01A8A8E4
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EE8C0 mov eax, dword ptr fs:[00000030h]1_2_019EE8C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FC8F9 mov eax, dword ptr fs:[00000030h]1_2_019FC8F9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FC8F9 mov eax, dword ptr fs:[00000030h]1_2_019FC8F9
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A908C0 mov eax, dword ptr fs:[00000030h]1_2_01A908C0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6483A mov eax, dword ptr fs:[00000030h]1_2_01A6483A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6483A mov eax, dword ptr fs:[00000030h]1_2_01A6483A
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E2835 mov eax, dword ptr fs:[00000030h]1_2_019E2835
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E2835 mov eax, dword ptr fs:[00000030h]1_2_019E2835
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E2835 mov eax, dword ptr fs:[00000030h]1_2_019E2835
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E2835 mov ecx, dword ptr fs:[00000030h]1_2_019E2835
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E2835 mov eax, dword ptr fs:[00000030h]1_2_019E2835
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E2835 mov eax, dword ptr fs:[00000030h]1_2_019E2835
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FA830 mov eax, dword ptr fs:[00000030h]1_2_019FA830
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4C810 mov eax, dword ptr fs:[00000030h]1_2_01A4C810
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C4859 mov eax, dword ptr fs:[00000030h]1_2_019C4859
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C4859 mov eax, dword ptr fs:[00000030h]1_2_019C4859
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F0854 mov eax, dword ptr fs:[00000030h]1_2_019F0854
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A56870 mov eax, dword ptr fs:[00000030h]1_2_01A56870
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A56870 mov eax, dword ptr fs:[00000030h]1_2_01A56870
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4E872 mov eax, dword ptr fs:[00000030h]1_2_01A4E872
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4E872 mov eax, dword ptr fs:[00000030h]1_2_01A4E872
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D2840 mov ecx, dword ptr fs:[00000030h]1_2_019D2840
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A74BB0 mov eax, dword ptr fs:[00000030h]1_2_01A74BB0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A74BB0 mov eax, dword ptr fs:[00000030h]1_2_01A74BB0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0BBE mov eax, dword ptr fs:[00000030h]1_2_019D0BBE
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0BBE mov eax, dword ptr fs:[00000030h]1_2_019D0BBE
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C0BCD mov eax, dword ptr fs:[00000030h]1_2_019C0BCD
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C0BCD mov eax, dword ptr fs:[00000030h]1_2_019C0BCD
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C0BCD mov eax, dword ptr fs:[00000030h]1_2_019C0BCD
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4CBF0 mov eax, dword ptr fs:[00000030h]1_2_01A4CBF0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E0BCB mov eax, dword ptr fs:[00000030h]1_2_019E0BCB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E0BCB mov eax, dword ptr fs:[00000030h]1_2_019E0BCB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E0BCB mov eax, dword ptr fs:[00000030h]1_2_019E0BCB
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EEBFC mov eax, dword ptr fs:[00000030h]1_2_019EEBFC
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C8BF0 mov eax, dword ptr fs:[00000030h]1_2_019C8BF0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C8BF0 mov eax, dword ptr fs:[00000030h]1_2_019C8BF0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C8BF0 mov eax, dword ptr fs:[00000030h]1_2_019C8BF0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6EBD0 mov eax, dword ptr fs:[00000030h]1_2_01A6EBD0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A88B28 mov eax, dword ptr fs:[00000030h]1_2_01A88B28
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A88B28 mov eax, dword ptr fs:[00000030h]1_2_01A88B28
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94B00 mov eax, dword ptr fs:[00000030h]1_2_01A94B00
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3EB1D mov eax, dword ptr fs:[00000030h]1_2_01A3EB1D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3EB1D mov eax, dword ptr fs:[00000030h]1_2_01A3EB1D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3EB1D mov eax, dword ptr fs:[00000030h]1_2_01A3EB1D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3EB1D mov eax, dword ptr fs:[00000030h]1_2_01A3EB1D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3EB1D mov eax, dword ptr fs:[00000030h]1_2_01A3EB1D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3EB1D mov eax, dword ptr fs:[00000030h]1_2_01A3EB1D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3EB1D mov eax, dword ptr fs:[00000030h]1_2_01A3EB1D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3EB1D mov eax, dword ptr fs:[00000030h]1_2_01A3EB1D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A3EB1D mov eax, dword ptr fs:[00000030h]1_2_01A3EB1D
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EEB20 mov eax, dword ptr fs:[00000030h]1_2_019EEB20
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EEB20 mov eax, dword ptr fs:[00000030h]1_2_019EEB20
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019B8B50 mov eax, dword ptr fs:[00000030h]1_2_019B8B50
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A68B42 mov eax, dword ptr fs:[00000030h]1_2_01A68B42
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A56B40 mov eax, dword ptr fs:[00000030h]1_2_01A56B40
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A56B40 mov eax, dword ptr fs:[00000030h]1_2_01A56B40
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019BCB7E mov eax, dword ptr fs:[00000030h]1_2_019BCB7E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A8AB40 mov eax, dword ptr fs:[00000030h]1_2_01A8AB40
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A74B4B mov eax, dword ptr fs:[00000030h]1_2_01A74B4B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A74B4B mov eax, dword ptr fs:[00000030h]1_2_01A74B4B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6EB50 mov eax, dword ptr fs:[00000030h]1_2_01A6EB50
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A92B57 mov eax, dword ptr fs:[00000030h]1_2_01A92B57
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A92B57 mov eax, dword ptr fs:[00000030h]1_2_01A92B57
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A92B57 mov eax, dword ptr fs:[00000030h]1_2_01A92B57
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A92B57 mov eax, dword ptr fs:[00000030h]1_2_01A92B57
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A16AA4 mov eax, dword ptr fs:[00000030h]1_2_01A16AA4
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F8A90 mov edx, dword ptr fs:[00000030h]1_2_019F8A90
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CEA80 mov eax, dword ptr fs:[00000030h]1_2_019CEA80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CEA80 mov eax, dword ptr fs:[00000030h]1_2_019CEA80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CEA80 mov eax, dword ptr fs:[00000030h]1_2_019CEA80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CEA80 mov eax, dword ptr fs:[00000030h]1_2_019CEA80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CEA80 mov eax, dword ptr fs:[00000030h]1_2_019CEA80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CEA80 mov eax, dword ptr fs:[00000030h]1_2_019CEA80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CEA80 mov eax, dword ptr fs:[00000030h]1_2_019CEA80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CEA80 mov eax, dword ptr fs:[00000030h]1_2_019CEA80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019CEA80 mov eax, dword ptr fs:[00000030h]1_2_019CEA80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A94A80 mov eax, dword ptr fs:[00000030h]1_2_01A94A80
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C8AA0 mov eax, dword ptr fs:[00000030h]1_2_019C8AA0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C8AA0 mov eax, dword ptr fs:[00000030h]1_2_019C8AA0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C0AD0 mov eax, dword ptr fs:[00000030h]1_2_019C0AD0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F4AD0 mov eax, dword ptr fs:[00000030h]1_2_019F4AD0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019F4AD0 mov eax, dword ptr fs:[00000030h]1_2_019F4AD0
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A16ACC mov eax, dword ptr fs:[00000030h]1_2_01A16ACC
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A16ACC mov eax, dword ptr fs:[00000030h]1_2_01A16ACC
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A16ACC mov eax, dword ptr fs:[00000030h]1_2_01A16ACC
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FAAEE mov eax, dword ptr fs:[00000030h]1_2_019FAAEE
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FAAEE mov eax, dword ptr fs:[00000030h]1_2_019FAAEE
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FCA38 mov eax, dword ptr fs:[00000030h]1_2_019FCA38
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E4A35 mov eax, dword ptr fs:[00000030h]1_2_019E4A35
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019E4A35 mov eax, dword ptr fs:[00000030h]1_2_019E4A35
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019EEA2E mov eax, dword ptr fs:[00000030h]1_2_019EEA2E
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A4CA11 mov eax, dword ptr fs:[00000030h]1_2_01A4CA11
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019FCA24 mov eax, dword ptr fs:[00000030h]1_2_019FCA24
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0A5B mov eax, dword ptr fs:[00000030h]1_2_019D0A5B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019D0A5B mov eax, dword ptr fs:[00000030h]1_2_019D0A5B
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_01A6EA60 mov eax, dword ptr fs:[00000030h]1_2_01A6EA60
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeCode function: 1_2_019C6A50 mov eax, dword ptr fs:[00000030h]1_2_019C6A50
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtCreateFile: Direct from: 0x77752FECJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtOpenFile: Direct from: 0x77752DCCJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtSetInformationThread: Direct from: 0x777463F9Jump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtQueryInformationToken: Direct from: 0x77752CACJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtTerminateThread: Direct from: 0x77752FCCJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtProtectVirtualMemory: Direct from: 0x77752F9CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtSetInformationProcess: Direct from: 0x77752C5CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtNotifyChangeKey: Direct from: 0x77753C2CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtOpenKeyEx: Direct from: 0x77752B9CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtOpenSection: Direct from: 0x77752E0CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtProtectVirtualMemory: Direct from: 0x77747B2EJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtAllocateVirtualMemory: Direct from: 0x777548ECJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtQueryVolumeInformationFile: Direct from: 0x77752F2CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtQuerySystemInformation: Direct from: 0x777548CCJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtAllocateVirtualMemory: Direct from: 0x77752BECJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtDeviceIoControlFile: Direct from: 0x77752AECJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtCreateUserProcess: Direct from: 0x7775371CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtWriteVirtualMemory: Direct from: 0x7775490CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtQueryInformationProcess: Direct from: 0x77752C26Jump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtResumeThread: Direct from: 0x77752FBCJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtReadVirtualMemory: Direct from: 0x77752E8CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtCreateKey: Direct from: 0x77752C6CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtSetInformationThread: Direct from: 0x77752B4CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtQueryAttributesFile: Direct from: 0x77752E6CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtAllocateVirtualMemory: Direct from: 0x77753C9CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtClose: Direct from: 0x77752B6C
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtCreateMutant: Direct from: 0x777535CCJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtWriteVirtualMemory: Direct from: 0x77752E3CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtMapViewOfSection: Direct from: 0x77752D1CJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtResumeThread: Direct from: 0x777536ACJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtReadFile: Direct from: 0x77752ADCJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtQuerySystemInformation: Direct from: 0x77752DFCJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtDelayExecution: Direct from: 0x77752DDCJump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeNtAllocateVirtualMemory: Direct from: 0x77752BFCJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: NULL target: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeSection loaded: NULL target: C:\Windows\SysWOW64\dxdiag.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: NULL target: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: NULL target: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\dxdiag.exeThread register set: target process: 7840Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\dxdiag.exeThread APC queued: target process: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeProcess created: C:\Users\user\Desktop\UB BO 14-3-2025.exe "C:\Users\user\Desktop\UB BO 14-3-2025.exe"Jump to behavior
                Source: C:\Program Files (x86)\etfyGrlqZBKDxAyQzUTdImHdtXYLVJFVJtUuBDaEgyDCsjkeblvlBTXtpEuS\wN0oVYUN02oHqTQE.exeProcess created: C:\Windows\SysWOW64\dxdiag.exe "C:\Windows\SysWOW64\dxdiag.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: wN0oVYUN02oHqTQE.exe, 00000009.00000000.1503030651.00000000019F0000.00000002.00000001.00040000.00000000.sdmp, wN0oVYUN02oHqTQE.exe, 00000009.00000002.3603875691.00000000019F0000.00000002.00000001.00040000.00000000.sdmp, wN0oVYUN02oHqTQE.exe, 0000000B.00000000.1651836747.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: XProgram Manager
                Source: wN0oVYUN02oHqTQE.exe, 00000009.00000000.1503030651.00000000019F0000.00000002.00000001.00040000.00000000.sdmp, wN0oVYUN02oHqTQE.exe, 00000009.00000002.3603875691.00000000019F0000.00000002.00000001.00040000.00000000.sdmp, wN0oVYUN02oHqTQE.exe, 0000000B.00000000.1651836747.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: wN0oVYUN02oHqTQE.exe, 00000009.00000000.1503030651.00000000019F0000.00000002.00000001.00040000.00000000.sdmp, wN0oVYUN02oHqTQE.exe, 00000009.00000002.3603875691.00000000019F0000.00000002.00000001.00040000.00000000.sdmp, wN0oVYUN02oHqTQE.exe, 0000000B.00000000.1651836747.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: wN0oVYUN02oHqTQE.exe, 00000009.00000000.1503030651.00000000019F0000.00000002.00000001.00040000.00000000.sdmp, wN0oVYUN02oHqTQE.exe, 00000009.00000002.3603875691.00000000019F0000.00000002.00000001.00040000.00000000.sdmp, wN0oVYUN02oHqTQE.exe, 0000000B.00000000.1651836747.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Users\user\Desktop\UB BO 14-3-2025.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\UB BO 14-3-2025.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.UB BO 14-3-2025.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.UB BO 14-3-2025.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3603275387.0000000002830000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1655686357.0000000006DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3605772473.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3603139931.00000000027D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1579641780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3602699303.00000000004B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1581301092.0000000001DA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3604268423.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\dxdiag.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\dxdiag.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.UB BO 14-3-2025.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.UB BO 14-3-2025.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.3603275387.0000000002830000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1655686357.0000000006DD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3605772473.0000000004F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3603139931.00000000027D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1579641780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3602699303.00000000004B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1581301092.0000000001DA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3604268423.0000000003160000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		312
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1638841 Sample: UB BO 14-3-2025.exe Startdate: 14/03/2025 Architecture: WINDOWS Score: 100 30 www.tether1.xyz 2->30 32 www.bawiin.xyz 2->32 34 15 other IPs or domains 2->34 44 Suricata IDS alerts for network traffic 2->44 46 Antivirus detection for URL or domain 2->46 48 Antivirus / Scanner detection for submitted sample 2->48 52 6 other signatures 2->52 10 UB BO 14-3-2025.exe 3 2->10         started        signatures3 50 Performs DNS queries to domains with low reputation 32->50 process4 file5 28 C:\Users\user\...\UB BO 14-3-2025.exe.log, ASCII 10->28 dropped 13 UB BO 14-3-2025.exe 10->13         started        process6 signatures7 64 Maps a DLL or memory area into another process 13->64 16 wN0oVYUN02oHqTQE.exe 13->16 injected process8 signatures9 42 Found direct / indirect Syscall (likely to bypass EDR) 16->42 19 dxdiag.exe 13 16->19         started        process10 signatures11 54 Tries to steal Mail credentials (via file / registry access) 19->54 56 Tries to harvest and steal browser information (history, passwords, etc) 19->56 58 Modifies the context of a thread in another process (thread injection) 19->58 60 3 other signatures 19->60 22 wN0oVYUN02oHqTQE.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 36 www.10134.app 107.148.6.145, 49753, 49754, 49755 PEGTECHINCUS United States 22->36 38 www.thriay.website 209.74.77.230, 49745, 49746, 49747 MULTIBAND-NEWHOPEUS United States 22->38 40 5 other IPs or domains 22->40 62 Found direct / indirect Syscall (likely to bypass EDR) 22->62 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.