Windows Analysis Report
SC.028UCCP.exe

AV Detection

Source: SC.028UCCP.exe	Virustotal: Detection: 50%			Perma Link
Source: SC.028UCCP.exe	ReversingLabs: Detection: 33%

Source: Yara match	File source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.7445956463.0000000004910000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2969631128.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3048431353.0000000034AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.7444154369.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

Source: 8.2.mstsc.exe.50cf840.4.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 8.2.mstsc.exe.2f43518.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 7.2.explorer.exe.13c7f840.0.unpack	Avira: Label: TR/Patched.Ren.Gen

Source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: FormBook {"C2 list": ["www.eliteequinewellness.com/ms12/"], "decoy": ["familywealthsociety.com", "hypnotherapywashington.com", "top-promotion.net", "tovber.xyz", "guiadestudio.com", "alibabas.international", "campsitecredits.com", "18370327105.com", "yvhome.net", "triknblog.net", "limpiezasturisticas.com", "khaivisuals.com", "amyjohnsonrealtor.com", "websponsorzone.net", "cobblestonemineralslp.com", "women-clothing-64680.com", "houtme.com", "404shadydale.com", "laposadaapts.com", "paparazirestaurant.co.uk", "helios.moe", "kx2662.com", "expatsturkiye.com", "levelhsealth.com", "eeccu.info", "princestrustawards.co.uk", "lingdangcj.com", "goverifyvin.com", "innovapay.africa", "dvxlbw.top", "g20.xn--fiq228c5hs", "fdbezd.top", "findcar.uk", "lordsbury.co.uk", "brainmovementinternational.com", "slysz.com", "thinkdev.africa", "garageautosaintthomas.com", "bhspharmas.com", "likemommy.online", "hospitalityhsia.com", "friendsofquarepianos.co.uk", "chejukongjian.com", "drugtestingservices.co.uk", "abimpianti.ch", "lasvegasestimates.com", "expertprestartupbootcamp.co.uk", "centersuico.com", "consolewars.net", "cafemarita.site", "findyellowfreightjobs.com", "economjchq.space", "everwoodpreserving.net", "lists-cellphones.life", "buckleyassociates.co.uk", "littel-italy.com", "hangrytots.com", "ss777.net", "arborfinancialgroup.info", "hookspatqp.space", "finesttravels.africa", "fullhousemarketer.com", "conscienciaretroprogresiva.com", "arialttnr.com"]}

Compliance

Source: SC.028UCCP.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source:	Binary string: mshtml.pdb source: SC.028UCCP.exe, 00000006.00000001.2747874116.0000000000649000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: SC.028UCCP.exe, 00000006.00000003.2881960130.0000000034C75000.00000004.00000020.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3051285400.0000000034F4D000.00000040.00001000.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3051285400.0000000034E20000.00000040.00001000.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2876852464.0000000034ACC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SC.028UCCP.exe, SC.028UCCP.exe, 00000006.00000003.2881960130.0000000034C75000.00000004.00000020.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3051285400.0000000034F4D000.00000040.00001000.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3051285400.0000000034E20000.00000040.00001000.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2876852464.0000000034ACC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mstsc.pdbGCTL source: SC.028UCCP.exe, 00000006.00000002.3049797732.0000000034CB0000.00000040.10000000.00040000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2966799157.000000003517A000.00000004.00000020.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2964883119.0000000034CBF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: SC.028UCCP.exe, 00000006.00000001.2747874116.0000000000649000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: mstsc.pdb source: SC.028UCCP.exe, 00000006.00000002.3049797732.0000000034CB0000.00000040.10000000.00040000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2966799157.000000003517A000.00000004.00000020.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2964883119.0000000034CBF000.00000004.00000020.00020000.00000000.sdmp

Spreading

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 0_2_00405475 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,		0_2_00405475
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 0_2_00405E9C FindFirstFileA,FindClose,		0_2_00405E9C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 0_2_0040264F FindFirstFileA,		0_2_0040264F

Networking

Source: C:\Windows\explorer.exe	Network Connect: 165.160.15.20 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 206.233.207.174 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 142.250.185.211 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 183.181.96.18 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 192.187.111.221 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 13.248.157.32 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.185.159.144 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 217.26.48.101 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 188.114.97.3 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 81.17.29.147 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 34.102.136.180 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 142.250.186.51 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 169.60.232.139 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 104.21.39.114 80			Jump to behavior

Source: Traffic	Snort IDS: 2018752 ET TROJAN Generic .bin download from Dotted Quad 192.168.11.20:49810 -> 195.133.40.46:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49822 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49822 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49822 -> 188.114.97.3:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49823 -> 81.17.29.147:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49823 -> 81.17.29.147:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49823 -> 81.17.29.147:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49827 -> 142.250.186.51:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49827 -> 142.250.186.51:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49827 -> 142.250.186.51:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49830 -> 198.185.159.144:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49830 -> 198.185.159.144:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49830 -> 198.185.159.144:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49835 -> 165.160.15.20:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49835 -> 165.160.15.20:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49835 -> 165.160.15.20:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49840 -> 13.248.157.32:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49840 -> 13.248.157.32:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49840 -> 13.248.157.32:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49842 -> 104.21.39.114:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49842 -> 104.21.39.114:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49842 -> 104.21.39.114:80
Source: Traffic	Snort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49844 -> 169.60.232.139:80
Source: Traffic	Snort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49844 -> 169.60.232.139:80
Source: Traffic	Snort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49844 -> 169.60.232.139:80

Source: Malware configuration extractor

URLs: www.eliteequinewellness.com/ms12/

Source: Joe Sandbox View	ASN Name: CSCUS CSCUS
Source: Joe Sandbox View	ASN Name: SPD-NETTR SPD-NETTR

Source: global traffic	HTTP traffic detected: GET /ms12/?a6A8=p0GhgVm0MHDdp8m&hT=qQKx9PCKTcR0X3fJLav3D/FI6bogqcX+QhlqDFXKzmg3lH7RMn/qXLrYouNPLK8mW2// HTTP/1.1Host: www.paparazirestaurant.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=3vbl2R1UVlik5qBB6wrenITxXeLVrWa6N7N62KRalH+vVSA16yD/agKPQdEyB3rsS7Yj&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.eliteequinewellness.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?a6A8=p0GhgVm0MHDdp8m&hT=GEgy5f1eXaBWyRpWMBxBbWcEY1MHcvciQ8raEzEPejcDf7w8zE5rQdkYfLeQVLgbPBXb HTTP/1.1Host: www.economjchq.spaceConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=rKVQxN6JSordSXvKLLfEBVUre63ztGesQlGfCtix5zz1Yo/EERiTRw3ZQxg6mz/OTP1R&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.friendsofquarepianos.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=aVqkBEdIHBWaW/lsOPNfNUdw5ZC180ox2ANf6BVSo52uRq15en0/dTfjz5sq7L16GRwO&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.arialttnr.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=rnwHnBjC2B91WSvUx5IF3sWIhMPrpsyX3rQSnskEXaZlLwDtCWtuXGHAHocTRNCypERK&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.garageautosaintthomas.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?a6A8=p0GhgVm0MHDdp8m&hT=i6mctz/lYNz9iKxESYWey4cK6TMKWjJsbrWHZTfqTQLBeE+tWIBGneMXWwL4vjyr8Zpy HTTP/1.1Host: www.hospitalityhsia.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=GAqcOfRaXYyBPpQNc1d4+pcaGBxp+bphJlxAZfzVtb5VN+LprCdBX89oplvsYdaz1A4Y&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.abimpianti.chConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?a6A8=p0GhgVm0MHDdp8m&hT=dB2SKHnvFm/evHV5UtSyv0UoYXCrydohCzjDkTmDf/VJc0uDcAnYtxnT/Jo2TNbLuMGT HTTP/1.1Host: www.drugtestingservices.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?a6A8=p0GhgVm0MHDdp8m&hT=KsItnxjux7GTZO7TUTKtm8QLzBBO9NcCFMwewp8NtohxkT6a6dLohlItrjGlglAawoap HTTP/1.1Host: www.amyjohnsonrealtor.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=XQDAKTxCfPAtZ1kZf5EiiDFWaFS1BQmSMuwLBzPPFACL8OgktJOl440I6bHrpdhUiEnu&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.lists-cellphones.lifeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=G6LllRn2UhCgoj9/NoDttLpXGK4pGwfwFGBz2EgLi6yWMZIZhDysno0vSCCcnKmdw4QQ&UlWl0=MBZlMJlh34CHQ HTTP/1.1Host: www.findyellowfreightjobs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=YOOWDLIFFjmzpH1SAG7YZM+LVKYOCEYmA0eV1woM6pvlajKzKUVwFam52RyaFl1jbOMY&UlWl0=MBZlMJlh34CHQ HTTP/1.1Host: www.conscienciaretroprogresiva.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=lfzlfRYQFuadehd27GXthwlbqohm3e93HBX/EbDE1KV1AljB6VPD+GnlvvGiXqJ/lo6n&UlWl0=MBZlMJlh34CHQ HTTP/1.1Host: www.triknblog.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=GAqcOfRaXYyBPpQNc1d4+pcaGBxp+bphJlxAZfzVtb5VN+LprCdBX89oplvsYdaz1A4Y&UlWl0=MBZlMJlh34CHQ HTTP/1.1Host: www.abimpianti.chConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Source: Joe Sandbox View

IP Address: 165.160.15.20 165.160.15.20

Source: global traffic

HTTP traffic detected: GET /CsPlxqjFa224.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 195.133.40.46Cache-Control: no-cache

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 08:12:57 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 20 Mar 2023 08:15:35 GMTContent-Type: text/htmlContent-Length: 291ETag: "64063330-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 20 Mar 2023 08:15:56 GMTContent-Type: text/htmlContent-Length: 2843Connection: closeVary: Accept-EncodingLast-Modified: Tue, 20 Apr 2021 00:29:25 GMTETag: "b1b-5c05c89d55ec5"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 08:16:17 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.133.40.46

Source: SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C7B000.00000004.00000020.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C5B000.00000004.00000020.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.133.40.46/
Source: SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.133.40.46/CsPlxqjFa224.bin
Source: SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.133.40.46/CsPlxqjFa224.bin0
Source: SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.133.40.46/CsPlxqjFa224.bin3
Source: SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.133.40.46/CsPlxqjFa224.binU
Source: SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.133.40.46/CsPlxqjFa224.bin~
Source: SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.133.40.46/G
Source: SC.028UCCP.exe, 00000006.00000001.2747874116.0000000000649000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: SC.028UCCP.exe, SC.028UCCP.exe, 00000000.00000000.2396678614.0000000000409000.00000008.00000001.01000000.00000003.sdmp, SC.028UCCP.exe, 00000000.00000002.2934571208.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SC.028UCCP.exe, 00000006.00000000.2747209758.0000000000409000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SC.028UCCP.exe, 00000000.00000000.2396678614.0000000000409000.00000008.00000001.01000000.00000003.sdmp, SC.028UCCP.exe, 00000000.00000002.2934571208.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SC.028UCCP.exe, 00000006.00000000.2747209758.0000000000409000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: explorer.exe, 00000007.00000003.3115928229.000000000D7B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4196973708.000000000D7B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
Source: explorer.exe, 00000007.00000002.7445959237.0000000002C70000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: SC.028UCCP.exe, 00000006.00000001.2747874116.0000000000649000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.gopher.ftp://ftp.
Source: SC.028UCCP.exe, 00000006.00000001.2747874116.0000000000626000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: SC.028UCCP.exe, 00000006.00000001.2747874116.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: SC.028UCCP.exe, 00000006.00000001.2747874116.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: explorer.exe, 00000007.00000003.3115928229.000000000D7B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4196973708.000000000D7B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000007.00000003.3115928229.000000000D7B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4196973708.000000000D7B8000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/j
Source: explorer.exe, 00000007.00000003.3110344796.0000000010C0C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000007.00000000.2898033699.000000000996D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000007.00000000.2906971222.000000000D89D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.coma
Source: SC.028UCCP.exe, 00000006.00000001.2747874116.0000000000649000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: explorer.exe, 00000007.00000000.2906971222.000000000D89D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: explorer.exe, 00000007.00000003.3115928229.000000000D778000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: explorer.exe, 00000007.00000002.7485227128.000000001416F000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.laposadaapts.com/ms12/?hT=vo99NxIlv9atltQAf5

Source: unknown

DNS traffic detected: queries for: 97.97.242.52.in-addr.arpa

Source: global traffic	HTTP traffic detected: GET /CsPlxqjFa224.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 195.133.40.46Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ms12/?a6A8=p0GhgVm0MHDdp8m&hT=qQKx9PCKTcR0X3fJLav3D/FI6bogqcX+QhlqDFXKzmg3lH7RMn/qXLrYouNPLK8mW2// HTTP/1.1Host: www.paparazirestaurant.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=3vbl2R1UVlik5qBB6wrenITxXeLVrWa6N7N62KRalH+vVSA16yD/agKPQdEyB3rsS7Yj&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.eliteequinewellness.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?a6A8=p0GhgVm0MHDdp8m&hT=GEgy5f1eXaBWyRpWMBxBbWcEY1MHcvciQ8raEzEPejcDf7w8zE5rQdkYfLeQVLgbPBXb HTTP/1.1Host: www.economjchq.spaceConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=rKVQxN6JSordSXvKLLfEBVUre63ztGesQlGfCtix5zz1Yo/EERiTRw3ZQxg6mz/OTP1R&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.friendsofquarepianos.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=aVqkBEdIHBWaW/lsOPNfNUdw5ZC180ox2ANf6BVSo52uRq15en0/dTfjz5sq7L16GRwO&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.arialttnr.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=rnwHnBjC2B91WSvUx5IF3sWIhMPrpsyX3rQSnskEXaZlLwDtCWtuXGHAHocTRNCypERK&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.garageautosaintthomas.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?a6A8=p0GhgVm0MHDdp8m&hT=i6mctz/lYNz9iKxESYWey4cK6TMKWjJsbrWHZTfqTQLBeE+tWIBGneMXWwL4vjyr8Zpy HTTP/1.1Host: www.hospitalityhsia.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=GAqcOfRaXYyBPpQNc1d4+pcaGBxp+bphJlxAZfzVtb5VN+LprCdBX89oplvsYdaz1A4Y&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.abimpianti.chConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?a6A8=p0GhgVm0MHDdp8m&hT=dB2SKHnvFm/evHV5UtSyv0UoYXCrydohCzjDkTmDf/VJc0uDcAnYtxnT/Jo2TNbLuMGT HTTP/1.1Host: www.drugtestingservices.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?a6A8=p0GhgVm0MHDdp8m&hT=KsItnxjux7GTZO7TUTKtm8QLzBBO9NcCFMwewp8NtohxkT6a6dLohlItrjGlglAawoap HTTP/1.1Host: www.amyjohnsonrealtor.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=XQDAKTxCfPAtZ1kZf5EiiDFWaFS1BQmSMuwLBzPPFACL8OgktJOl440I6bHrpdhUiEnu&a6A8=p0GhgVm0MHDdp8m HTTP/1.1Host: www.lists-cellphones.lifeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=G6LllRn2UhCgoj9/NoDttLpXGK4pGwfwFGBz2EgLi6yWMZIZhDysno0vSCCcnKmdw4QQ&UlWl0=MBZlMJlh34CHQ HTTP/1.1Host: www.findyellowfreightjobs.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=YOOWDLIFFjmzpH1SAG7YZM+LVKYOCEYmA0eV1woM6pvlajKzKUVwFam52RyaFl1jbOMY&UlWl0=MBZlMJlh34CHQ HTTP/1.1Host: www.conscienciaretroprogresiva.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=lfzlfRYQFuadehd27GXthwlbqohm3e93HBX/EbDE1KV1AljB6VPD+GnlvvGiXqJ/lo6n&UlWl0=MBZlMJlh34CHQ HTTP/1.1Host: www.triknblog.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic	HTTP traffic detected: GET /ms12/?hT=GAqcOfRaXYyBPpQNc1d4+pcaGBxp+bphJlxAZfzVtb5VN+LprCdBX89oplvsYdaz1A4Y&UlWl0=MBZlMJlh34CHQ HTTP/1.1Host: www.abimpianti.chConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Code function: 0_2_00404FE3 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00404FE3

E-Banking Fraud

Source: Yara match	File source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.7445956463.0000000004910000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2969631128.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3048431353.0000000034AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.7444154369.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.7445956463.0000000004910000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000002.7445956463.0000000004910000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000008.00000002.7445956463.0000000004910000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000002.7461101436.000000000AD28000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_772cc62d Author: unknown
Source: 00000006.00000002.2969631128.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000002.2969631128.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000006.00000002.2969631128.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.3048431353.0000000034AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000002.3048431353.0000000034AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000006.00000002.3048431353.0000000034AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.7444154369.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000002.7444154369.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000008.00000002.7444154369.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: SC.028UCCP.exe PID: 2704, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: SC.028UCCP.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.7445956463.0000000004910000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000008.00000002.7445956463.0000000004910000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000008.00000002.7445956463.0000000004910000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000002.7461101436.000000000AD28000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18
Source: 00000006.00000002.2969631128.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.2969631128.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000006.00000002.2969631128.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.3048431353.0000000034AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.3048431353.0000000034AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000006.00000002.3048431353.0000000034AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.7444154369.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000008.00000002.7444154369.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000008.00000002.7444154369.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: SC.028UCCP.exe PID: 2704, type: MEMORYSTR	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Code function: 0_2_0040310B EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,

0_2_0040310B

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 0_2_00404822		0_2_00404822
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 0_2_004062C3		0_2_004062C3
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 0_2_00406A9A		0_2_00406A9A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECD480		6_2_34ECD480
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60445		6_2_34E60445
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F175C6		6_2_34F175C6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1F5C9		6_2_34F1F5C9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2A526		6_2_34F2A526
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED36EC		6_2_34ED36EC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5C6E0		6_2_34E5C6E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1F6F6		6_2_34F1F6F6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1A6C0		6_2_34F1A6C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E84670		6_2_34E84670
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0D646		6_2_34F0D646
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFD62C		6_2_34EFD62C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7C600		6_2_34E7C600
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E62760		6_2_34E62760
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6A760		6_2_34E6A760
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F16757		6_2_34F16757
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F170F1		6_2_34F170F1
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6B0D0		6_2_34E6B0D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E500A0		6_2_34E500A0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E9508C		6_2_34E9508C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0E076		6_2_34F0E076
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7B1E0		6_2_34E7B1E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E651C0		6_2_34E651C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EA717A		6_2_34EA717A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFD130		6_2_34EFD130
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2010E		6_2_34F2010E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4D2EC		6_2_34E4D2EC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E22245		6_2_34E22245
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1124C		6_2_34F1124C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E51380		6_2_34E51380
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1F330		6_2_34F1F330
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6E310		6_2_34E6E310
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7FCE0		6_2_34E7FCE0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2ACEB		6_2_34F2ACEB
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E78CDF		6_2_34E78CDF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EF9C98		6_2_34EF9C98
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E63C60		6_2_34E63C60
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1EC60		6_2_34F1EC60
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F16C69		6_2_34F16C69
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0EC4C		6_2_34F0EC4C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6AC20		6_2_34E6AC20
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E50C12		6_2_34E50C12
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFFDF4		6_2_34EFFDF4
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E69DD0		6_2_34E69DD0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E72DB0		6_2_34E72DB0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60D69		6_2_34E60D69
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F17D4C		6_2_34F17D4C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1FD27		6_2_34F1FD27
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5AD00		6_2_34E5AD00
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E52EE8		6_2_34E52EE8
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F19ED2		6_2_34F19ED2
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E61EB2		6_2_34E61EB2
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F10EAD		6_2_34F10EAD
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F00E6D		6_2_34F00E6D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EA2E48		6_2_34EA2E48
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E80E50		6_2_34E80E50
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E66FE0		6_2_34E66FE0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F11FC6		6_2_34F11FC6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1EFBF		6_2_34F1EFBF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1FF63		6_2_34F1FF63
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6CF00		6_2_34E6CF00
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F178F3		6_2_34F178F3
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E628C0		6_2_34E628C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F118DA		6_2_34F118DA
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED98B2		6_2_34ED98B2
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E76882		6_2_34E76882
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1F872		6_2_34F1F872
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E46868		6_2_34E46868
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E69870		6_2_34E69870
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7B870		6_2_34E7B870
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F00835		6_2_34F00835
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E63800		6_2_34E63800
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8E810		6_2_34E8E810
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E299E8		6_2_34E299E8
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EA59C0		6_2_34EA59C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5E9A0		6_2_34E5E9A0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1E9A6		6_2_34F1E9A6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7FAA0		6_2_34E7FAA0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1FA89		6_2_34F1FA89

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: String function: 34E4B910 appears 245 times
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: String function: 34EDEF10 appears 102 times
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: String function: 34ECE692 appears 81 times
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: String function: 34EA7BE4 appears 78 times

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92CF0 NtDelayExecution,LdrInitializeThunk,		6_2_34E92CF0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92C50 NtUnmapViewOfSection,LdrInitializeThunk,		6_2_34E92C50
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92C30 NtMapViewOfSection,LdrInitializeThunk,		6_2_34E92C30
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,		6_2_34E92DC0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92DA0 NtReadVirtualMemory,LdrInitializeThunk,		6_2_34E92DA0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92D10 NtQuerySystemInformation,LdrInitializeThunk,		6_2_34E92D10
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92ED0 NtResumeThread,LdrInitializeThunk,		6_2_34E92ED0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92EB0 NtProtectVirtualMemory,LdrInitializeThunk,		6_2_34E92EB0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92E50 NtCreateSection,LdrInitializeThunk,		6_2_34E92E50
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92F00 NtCreateFile,LdrInitializeThunk,		6_2_34E92F00
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E929F0 NtReadFile,LdrInitializeThunk,		6_2_34E929F0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92A80 NtClose,LdrInitializeThunk,		6_2_34E92A80
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92BC0 NtQueryInformationToken,LdrInitializeThunk,		6_2_34E92BC0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92B90 NtFreeVirtualMemory,LdrInitializeThunk,		6_2_34E92B90
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92B10 NtAllocateVirtualMemory,LdrInitializeThunk,		6_2_34E92B10
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E934E0 NtCreateMutant,		6_2_34E934E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E94570 NtSuspendThread,		6_2_34E94570
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E94260 NtSetContextThread,		6_2_34E94260
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92CD0 NtEnumerateKey,		6_2_34E92CD0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E93C90 NtOpenThread,		6_2_34E93C90
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92C20 NtSetInformationFile,		6_2_34E92C20
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E93C30 NtOpenProcessToken,		6_2_34E93C30
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92C10 NtOpenProcess,		6_2_34E92C10
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92D50 NtWriteVirtualMemory,		6_2_34E92D50
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92EC0 NtQuerySection,		6_2_34E92EC0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92E80 NtCreateProcessEx,		6_2_34E92E80
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92E00 NtQueueApcThread,		6_2_34E92E00
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92FB0 NtSetValueKey,		6_2_34E92FB0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92F30 NtOpenDirectoryObject,		6_2_34E92F30
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E938D0 NtGetContextThread,		6_2_34E938D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E929D0 NtWaitForSingleObject,		6_2_34E929D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92AC0 NtEnumerateValueKey,		6_2_34E92AC0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92AA0 NtQueryInformationFile,		6_2_34E92AA0

Source: SC.028UCCP.exe, 00000006.00000002.3051285400.0000000034F4D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SC.028UCCP.exe
Source: SC.028UCCP.exe, 00000006.00000003.2966799157.000000003529C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemstsc.exej% vs SC.028UCCP.exe
Source: SC.028UCCP.exe, 00000006.00000002.3051285400.00000000350F0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SC.028UCCP.exe
Source: SC.028UCCP.exe, 00000006.00000002.3049797732.0000000034DD2000.00000040.10000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenamemstsc.exej% vs SC.028UCCP.exe
Source: SC.028UCCP.exe, 00000006.00000003.2876852464.0000000034BEF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SC.028UCCP.exe
Source: SC.028UCCP.exe, 00000006.00000003.2881960130.0000000034DA2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SC.028UCCP.exe
Source: SC.028UCCP.exe, 00000006.00000003.2964883119.0000000034CBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemstsc.exej% vs SC.028UCCP.exe

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\mstsc.exe	Section loaded: edgegdi.dll			Jump to behavior

Source: SC.028UCCP.exe

Static PE information: invalid certificate

Source: SC.028UCCP.exe	Virustotal: Detection: 50%
Source: SC.028UCCP.exe	ReversingLabs: Detection: 33%

Source: C:\Users\user\Desktop\SC.028UCCP.exe

File read: C:\Users\user\Desktop\SC.028UCCP.exe

Jump to behavior

Source: SC.028UCCP.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SC.028UCCP.exe C:\Users\user\Desktop\SC.028UCCP.exe
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Process created: C:\Users\user\Desktop\SC.028UCCP.exe C:\Users\user\Desktop\SC.028UCCP.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\mstsc.exe C:\Windows\SysWOW64\mstsc.exe
Source: C:\Windows\SysWOW64\mstsc.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\SC.028UCCP.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Process created: C:\Users\user\Desktop\SC.028UCCP.exe C:\Users\user\Desktop\SC.028UCCP.exe			Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\mstsc.exe C:\Windows\SysWOW64\mstsc.exe			Jump to behavior
Source: C:\Windows\SysWOW64\mstsc.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\SC.028UCCP.exe"			Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe

File created: C:\Users\user\Documents\Snarer.ini

Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe

File created: C:\Users\user\AppData\Local\Temp\nsl7C13.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@8/4@24/16

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Code function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,

0_2_00402036

Source: C:\Users\user\Desktop\SC.028UCCP.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Code function: 0_2_004042E6 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_004042E6

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4136:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4136:304:WilStaging_02

Source:	Binary string: mshtml.pdb source: SC.028UCCP.exe, 00000006.00000001.2747874116.0000000000649000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: wntdll.pdbUGP source: SC.028UCCP.exe, 00000006.00000003.2881960130.0000000034C75000.00000004.00000020.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3051285400.0000000034F4D000.00000040.00001000.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3051285400.0000000034E20000.00000040.00001000.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2876852464.0000000034ACC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SC.028UCCP.exe, SC.028UCCP.exe, 00000006.00000003.2881960130.0000000034C75000.00000004.00000020.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3051285400.0000000034F4D000.00000040.00001000.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3051285400.0000000034E20000.00000040.00001000.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2876852464.0000000034ACC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mstsc.pdbGCTL source: SC.028UCCP.exe, 00000006.00000002.3049797732.0000000034CB0000.00000040.10000000.00040000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2966799157.000000003517A000.00000004.00000020.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2964883119.0000000034CBF000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mshtml.pdbUGP source: SC.028UCCP.exe, 00000006.00000001.2747874116.0000000000649000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: mstsc.pdb source: SC.028UCCP.exe, 00000006.00000002.3049797732.0000000034CB0000.00000040.10000000.00040000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2966799157.000000003517A000.00000004.00000020.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000003.2964883119.0000000034CBF000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Source: Yara match	File source: 00000000.00000002.2936860727.000000000411D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2969977740.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2936860727.0000000002C10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Unepitomizeds\Indlaansrenter\Patter.Lam, type: DROPPED

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 0_2_10002CE0 push eax; ret		0_2_10002D0E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E297A1 push es; iretd		6_2_34E297A8
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E221AD pushad ; retf 0004h		6_2_34E2223F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E508CD push ecx; mov dword ptr [esp], ecx		6_2_34E508D6

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Code function: 0_2_00405EC3 GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00405EC3

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe

File created: C:\Users\user\AppData\Local\Temp\nsc7F31.tmp\System.dll

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: explorer.exe

User mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x87 0x7E 0xE9

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mstsc.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\SC.028UCCP.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe			Jump to behavior
Source: C:\Users\user\Desktop\SC.028UCCP.exe	File opened: C:\Program Files\qga\qga.exe			Jump to behavior
Source: C:\Users\user\Desktop\SC.028UCCP.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe			Jump to behavior
Source: C:\Users\user\Desktop\SC.028UCCP.exe	File opened: C:\Program Files\qga\qga.exe			Jump to behavior

Source: C:\Windows\explorer.exe TID: 3016	Thread sleep time: -48000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\mstsc.exe TID: 3100	Thread sleep count: 126 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\mstsc.exe TID: 3100	Thread sleep time: -252000s >= -30000s			Jump to behavior

Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\mstsc.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\mstsc.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Code function: 6_2_34E91763 rdtsc

6_2_34E91763

Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 863			Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 881			Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe

API coverage: 1.1 %

Source: C:\Windows\SysWOW64\mstsc.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 0_2_00405475 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,		0_2_00405475
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 0_2_00405E9C FindFirstFileA,FindClose,		0_2_00405E9C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 0_2_0040264F FindFirstFileA,		0_2_0040264F

Source: C:\Users\user\Desktop\SC.028UCCP.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SC.028UCCP.exe	API call chain: ExitProcess graph end node

Source: SC.028UCCP.exe, 00000000.00000002.2999683901.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: SC.028UCCP.exe, 00000000.00000002.2999683901.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: SC.028UCCP.exe, 00000000.00000002.2999683901.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: SC.028UCCP.exe, 00000000.00000002.2999683901.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: SC.028UCCP.exe, 00000000.00000002.2999683901.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicvss
Source: SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SC.028UCCP.exe, 00000006.00000002.3034808343.0000000004C47000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: SC.028UCCP.exe, 00000000.00000002.2999683901.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: SC.028UCCP.exe, 00000000.00000002.2999683901.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: SC.028UCCP.exe, 00000000.00000002.2999683901.0000000010059000.00000004.00000800.00020000.00000000.sdmp, SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: SC.028UCCP.exe, 00000006.00000002.3035813492.0000000006549000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat

Anti Debugging

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Code function: 0_2_00405EC3 GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00405EC3

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Code function: 6_2_34E91763 rdtsc

6_2_34E91763

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8E4EF mov eax, dword ptr fs:[00000030h]		6_2_34E8E4EF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8E4EF mov eax, dword ptr fs:[00000030h]		6_2_34E8E4EF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E854E0 mov eax, dword ptr fs:[00000030h]		6_2_34E854E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0F4FD mov eax, dword ptr fs:[00000030h]		6_2_34F0F4FD
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E564F0 mov eax, dword ptr fs:[00000030h]		6_2_34E564F0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8A4F0 mov eax, dword ptr fs:[00000030h]		6_2_34E8A4F0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8A4F0 mov eax, dword ptr fs:[00000030h]		6_2_34E8A4F0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E794FA mov eax, dword ptr fs:[00000030h]		6_2_34E794FA
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E714C9 mov eax, dword ptr fs:[00000030h]		6_2_34E714C9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E714C9 mov eax, dword ptr fs:[00000030h]		6_2_34E714C9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E714C9 mov eax, dword ptr fs:[00000030h]		6_2_34E714C9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E714C9 mov eax, dword ptr fs:[00000030h]		6_2_34E714C9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E714C9 mov eax, dword ptr fs:[00000030h]		6_2_34E714C9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E744D1 mov eax, dword ptr fs:[00000030h]		6_2_34E744D1
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E744D1 mov eax, dword ptr fs:[00000030h]		6_2_34E744D1
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F4D0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F4D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F4D0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F4D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F4D0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F4D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F4D0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F4D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F4D0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F4D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F4D0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F4D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F4D0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F4D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F4D0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F4D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F4D0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F4D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E844A8 mov eax, dword ptr fs:[00000030h]		6_2_34E844A8
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E524A2 mov eax, dword ptr fs:[00000030h]		6_2_34E524A2
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E524A2 mov ecx, dword ptr fs:[00000030h]		6_2_34E524A2
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDD4A0 mov ecx, dword ptr fs:[00000030h]		6_2_34EDD4A0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDD4A0 mov eax, dword ptr fs:[00000030h]		6_2_34EDD4A0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDD4A0 mov eax, dword ptr fs:[00000030h]		6_2_34EDD4A0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8E4BC mov eax, dword ptr fs:[00000030h]		6_2_34E8E4BC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E50485 mov ecx, dword ptr fs:[00000030h]		6_2_34E50485
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8648A mov eax, dword ptr fs:[00000030h]		6_2_34E8648A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8648A mov eax, dword ptr fs:[00000030h]		6_2_34E8648A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8648A mov eax, dword ptr fs:[00000030h]		6_2_34E8648A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8B490 mov eax, dword ptr fs:[00000030h]		6_2_34E8B490
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8B490 mov eax, dword ptr fs:[00000030h]		6_2_34E8B490
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDC490 mov eax, dword ptr fs:[00000030h]		6_2_34EDC490
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0F478 mov eax, dword ptr fs:[00000030h]		6_2_34F0F478
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E58470 mov eax, dword ptr fs:[00000030h]		6_2_34E58470
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E58470 mov eax, dword ptr fs:[00000030h]		6_2_34E58470
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1A464 mov eax, dword ptr fs:[00000030h]		6_2_34F1A464
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60445 mov eax, dword ptr fs:[00000030h]		6_2_34E60445
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60445 mov eax, dword ptr fs:[00000030h]		6_2_34E60445
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60445 mov eax, dword ptr fs:[00000030h]		6_2_34E60445
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60445 mov eax, dword ptr fs:[00000030h]		6_2_34E60445
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60445 mov eax, dword ptr fs:[00000030h]		6_2_34E60445
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60445 mov eax, dword ptr fs:[00000030h]		6_2_34E60445
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED0443 mov eax, dword ptr fs:[00000030h]		6_2_34ED0443
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5D454 mov eax, dword ptr fs:[00000030h]		6_2_34E5D454
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5D454 mov eax, dword ptr fs:[00000030h]		6_2_34E5D454
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5D454 mov eax, dword ptr fs:[00000030h]		6_2_34E5D454
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5D454 mov eax, dword ptr fs:[00000030h]		6_2_34E5D454
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5D454 mov eax, dword ptr fs:[00000030h]		6_2_34E5D454
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5D454 mov eax, dword ptr fs:[00000030h]		6_2_34E5D454
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8D450 mov eax, dword ptr fs:[00000030h]		6_2_34E8D450
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8D450 mov eax, dword ptr fs:[00000030h]		6_2_34E8D450
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E45E mov eax, dword ptr fs:[00000030h]		6_2_34E7E45E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E45E mov eax, dword ptr fs:[00000030h]		6_2_34E7E45E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E45E mov eax, dword ptr fs:[00000030h]		6_2_34E7E45E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E45E mov eax, dword ptr fs:[00000030h]		6_2_34E7E45E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E45E mov eax, dword ptr fs:[00000030h]		6_2_34E7E45E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDF42F mov eax, dword ptr fs:[00000030h]		6_2_34EDF42F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDF42F mov eax, dword ptr fs:[00000030h]		6_2_34EDF42F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDF42F mov eax, dword ptr fs:[00000030h]		6_2_34EDF42F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDF42F mov eax, dword ptr fs:[00000030h]		6_2_34EDF42F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDF42F mov eax, dword ptr fs:[00000030h]		6_2_34EDF42F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4B420 mov eax, dword ptr fs:[00000030h]		6_2_34E4B420
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED9429 mov eax, dword ptr fs:[00000030h]		6_2_34ED9429
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E87425 mov eax, dword ptr fs:[00000030h]		6_2_34E87425
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E87425 mov ecx, dword ptr fs:[00000030h]		6_2_34E87425
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4640D mov eax, dword ptr fs:[00000030h]		6_2_34E4640D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE6400 mov eax, dword ptr fs:[00000030h]		6_2_34EE6400
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE6400 mov eax, dword ptr fs:[00000030h]		6_2_34EE6400
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0F409 mov eax, dword ptr fs:[00000030h]		6_2_34F0F409
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5B5E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5B5E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5B5E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5B5E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5B5E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5B5E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5B5E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5B5E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5B5E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5B5E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5B5E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5B5E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E815EF mov eax, dword ptr fs:[00000030h]		6_2_34E815EF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8A5E7 mov ebx, dword ptr fs:[00000030h]		6_2_34E8A5E7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8A5E7 mov eax, dword ptr fs:[00000030h]		6_2_34E8A5E7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDC5FC mov eax, dword ptr fs:[00000030h]		6_2_34EDC5FC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F5C7 mov eax, dword ptr fs:[00000030h]		6_2_34E4F5C7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F5C7 mov eax, dword ptr fs:[00000030h]		6_2_34E4F5C7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F5C7 mov eax, dword ptr fs:[00000030h]		6_2_34E4F5C7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F5C7 mov eax, dword ptr fs:[00000030h]		6_2_34E4F5C7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F5C7 mov eax, dword ptr fs:[00000030h]		6_2_34E4F5C7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F5C7 mov eax, dword ptr fs:[00000030h]		6_2_34E4F5C7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F5C7 mov eax, dword ptr fs:[00000030h]		6_2_34E4F5C7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F5C7 mov eax, dword ptr fs:[00000030h]		6_2_34E4F5C7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F5C7 mov eax, dword ptr fs:[00000030h]		6_2_34E4F5C7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED05C6 mov eax, dword ptr fs:[00000030h]		6_2_34ED05C6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8C5C6 mov eax, dword ptr fs:[00000030h]		6_2_34E8C5C6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E865D0 mov eax, dword ptr fs:[00000030h]		6_2_34E865D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED85AA mov eax, dword ptr fs:[00000030h]		6_2_34ED85AA
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E545B0 mov eax, dword ptr fs:[00000030h]		6_2_34E545B0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E545B0 mov eax, dword ptr fs:[00000030h]		6_2_34E545B0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE588 mov eax, dword ptr fs:[00000030h]		6_2_34ECE588
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE588 mov eax, dword ptr fs:[00000030h]		6_2_34ECE588
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8A580 mov eax, dword ptr fs:[00000030h]		6_2_34E8A580
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8A580 mov eax, dword ptr fs:[00000030h]		6_2_34E8A580
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E89580 mov eax, dword ptr fs:[00000030h]		6_2_34E89580
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E89580 mov eax, dword ptr fs:[00000030h]		6_2_34E89580
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0F582 mov eax, dword ptr fs:[00000030h]		6_2_34F0F582
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E82594 mov eax, dword ptr fs:[00000030h]		6_2_34E82594
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDC592 mov eax, dword ptr fs:[00000030h]		6_2_34EDC592
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6C560 mov eax, dword ptr fs:[00000030h]		6_2_34E6C560
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6E547 mov eax, dword ptr fs:[00000030h]		6_2_34E6E547
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1A553 mov eax, dword ptr fs:[00000030h]		6_2_34F1A553
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E86540 mov eax, dword ptr fs:[00000030h]		6_2_34E86540
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E88540 mov eax, dword ptr fs:[00000030h]		6_2_34E88540
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5254C mov eax, dword ptr fs:[00000030h]		6_2_34E5254C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2B55F mov eax, dword ptr fs:[00000030h]		6_2_34F2B55F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2B55F mov eax, dword ptr fs:[00000030h]		6_2_34F2B55F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8F523 mov eax, dword ptr fs:[00000030h]		6_2_34E8F523
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6252B mov eax, dword ptr fs:[00000030h]		6_2_34E6252B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6252B mov eax, dword ptr fs:[00000030h]		6_2_34E6252B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6252B mov eax, dword ptr fs:[00000030h]		6_2_34E6252B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6252B mov eax, dword ptr fs:[00000030h]		6_2_34E6252B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6252B mov eax, dword ptr fs:[00000030h]		6_2_34E6252B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6252B mov eax, dword ptr fs:[00000030h]		6_2_34E6252B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6252B mov eax, dword ptr fs:[00000030h]		6_2_34E6252B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E81527 mov eax, dword ptr fs:[00000030h]		6_2_34E81527
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92539 mov eax, dword ptr fs:[00000030h]		6_2_34E92539
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E53536 mov eax, dword ptr fs:[00000030h]		6_2_34E53536
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E53536 mov eax, dword ptr fs:[00000030h]		6_2_34E53536
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4753F mov eax, dword ptr fs:[00000030h]		6_2_34E4753F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4753F mov eax, dword ptr fs:[00000030h]		6_2_34E4753F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4753F mov eax, dword ptr fs:[00000030h]		6_2_34E4753F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E507 mov eax, dword ptr fs:[00000030h]		6_2_34E7E507
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E507 mov eax, dword ptr fs:[00000030h]		6_2_34E7E507
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E507 mov eax, dword ptr fs:[00000030h]		6_2_34E7E507
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E507 mov eax, dword ptr fs:[00000030h]		6_2_34E7E507
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E507 mov eax, dword ptr fs:[00000030h]		6_2_34E7E507
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E507 mov eax, dword ptr fs:[00000030h]		6_2_34E7E507
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E507 mov eax, dword ptr fs:[00000030h]		6_2_34E7E507
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E507 mov eax, dword ptr fs:[00000030h]		6_2_34E7E507
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8C50D mov eax, dword ptr fs:[00000030h]		6_2_34E8C50D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8C50D mov eax, dword ptr fs:[00000030h]		6_2_34E8C50D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E52500 mov eax, dword ptr fs:[00000030h]		6_2_34E52500
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4B502 mov eax, dword ptr fs:[00000030h]		6_2_34E4B502
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDC51D mov eax, dword ptr fs:[00000030h]		6_2_34EDC51D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E71514 mov eax, dword ptr fs:[00000030h]		6_2_34E71514
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E71514 mov eax, dword ptr fs:[00000030h]		6_2_34E71514
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E71514 mov eax, dword ptr fs:[00000030h]		6_2_34E71514
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E71514 mov eax, dword ptr fs:[00000030h]		6_2_34E71514
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E71514 mov eax, dword ptr fs:[00000030h]		6_2_34E71514
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E71514 mov eax, dword ptr fs:[00000030h]		6_2_34E71514
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov ecx, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov ecx, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF51B mov eax, dword ptr fs:[00000030h]		6_2_34EFF51B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E496E0 mov eax, dword ptr fs:[00000030h]		6_2_34E496E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E496E0 mov eax, dword ptr fs:[00000030h]		6_2_34E496E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5C6E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5C6E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E556E0 mov eax, dword ptr fs:[00000030h]		6_2_34E556E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E556E0 mov eax, dword ptr fs:[00000030h]		6_2_34E556E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E556E0 mov eax, dword ptr fs:[00000030h]		6_2_34E556E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E766E0 mov eax, dword ptr fs:[00000030h]		6_2_34E766E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E766E0 mov eax, dword ptr fs:[00000030h]		6_2_34E766E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECC6F2 mov eax, dword ptr fs:[00000030h]		6_2_34ECC6F2
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECC6F2 mov eax, dword ptr fs:[00000030h]		6_2_34ECC6F2
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E506CF mov eax, dword ptr fs:[00000030h]		6_2_34E506CF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EF86C2 mov eax, dword ptr fs:[00000030h]		6_2_34EF86C2
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1A6C0 mov eax, dword ptr fs:[00000030h]		6_2_34F1A6C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7D6D0 mov eax, dword ptr fs:[00000030h]		6_2_34E7D6D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F186A8 mov eax, dword ptr fs:[00000030h]		6_2_34F186A8
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F186A8 mov eax, dword ptr fs:[00000030h]		6_2_34F186A8
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E60680 mov eax, dword ptr fs:[00000030h]		6_2_34E60680
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECD69D mov eax, dword ptr fs:[00000030h]		6_2_34ECD69D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E58690 mov eax, dword ptr fs:[00000030h]		6_2_34E58690
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0F68C mov eax, dword ptr fs:[00000030h]		6_2_34F0F68C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDC691 mov eax, dword ptr fs:[00000030h]		6_2_34EDC691
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED166E mov eax, dword ptr fs:[00000030h]		6_2_34ED166E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED166E mov eax, dword ptr fs:[00000030h]		6_2_34ED166E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED166E mov eax, dword ptr fs:[00000030h]		6_2_34ED166E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8666D mov esi, dword ptr fs:[00000030h]		6_2_34E8666D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8666D mov eax, dword ptr fs:[00000030h]		6_2_34E8666D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8666D mov eax, dword ptr fs:[00000030h]		6_2_34E8666D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E63660 mov eax, dword ptr fs:[00000030h]		6_2_34E63660
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E63660 mov eax, dword ptr fs:[00000030h]		6_2_34E63660
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E63660 mov eax, dword ptr fs:[00000030h]		6_2_34E63660
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E47662 mov eax, dword ptr fs:[00000030h]		6_2_34E47662
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E47662 mov eax, dword ptr fs:[00000030h]		6_2_34E47662
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E47662 mov eax, dword ptr fs:[00000030h]		6_2_34E47662
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E50670 mov eax, dword ptr fs:[00000030h]		6_2_34E50670
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92670 mov eax, dword ptr fs:[00000030h]		6_2_34E92670
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92670 mov eax, dword ptr fs:[00000030h]		6_2_34E92670
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E53640 mov eax, dword ptr fs:[00000030h]		6_2_34E53640
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6F640 mov eax, dword ptr fs:[00000030h]		6_2_34E6F640
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6F640 mov eax, dword ptr fs:[00000030h]		6_2_34E6F640
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6F640 mov eax, dword ptr fs:[00000030h]		6_2_34E6F640
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8C640 mov eax, dword ptr fs:[00000030h]		6_2_34E8C640
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8C640 mov eax, dword ptr fs:[00000030h]		6_2_34E8C640
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4D64A mov eax, dword ptr fs:[00000030h]		6_2_34E4D64A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4D64A mov eax, dword ptr fs:[00000030h]		6_2_34E4D64A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8265C mov eax, dword ptr fs:[00000030h]		6_2_34E8265C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8265C mov ecx, dword ptr fs:[00000030h]		6_2_34E8265C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8265C mov eax, dword ptr fs:[00000030h]		6_2_34E8265C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E85654 mov eax, dword ptr fs:[00000030h]		6_2_34E85654
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5965A mov eax, dword ptr fs:[00000030h]		6_2_34E5965A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5965A mov eax, dword ptr fs:[00000030h]		6_2_34E5965A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFD62C mov ecx, dword ptr fs:[00000030h]		6_2_34EFD62C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFD62C mov ecx, dword ptr fs:[00000030h]		6_2_34EFD62C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFD62C mov eax, dword ptr fs:[00000030h]		6_2_34EFD62C
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E57623 mov eax, dword ptr fs:[00000030h]		6_2_34E57623
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E55622 mov eax, dword ptr fs:[00000030h]		6_2_34E55622
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E55622 mov eax, dword ptr fs:[00000030h]		6_2_34E55622
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8C620 mov eax, dword ptr fs:[00000030h]		6_2_34E8C620
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E50630 mov eax, dword ptr fs:[00000030h]		6_2_34E50630
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8F63F mov eax, dword ptr fs:[00000030h]		6_2_34E8F63F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8F63F mov eax, dword ptr fs:[00000030h]		6_2_34E8F63F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E80630 mov eax, dword ptr fs:[00000030h]		6_2_34E80630
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED8633 mov esi, dword ptr fs:[00000030h]		6_2_34ED8633
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED8633 mov eax, dword ptr fs:[00000030h]		6_2_34ED8633
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED8633 mov eax, dword ptr fs:[00000030h]		6_2_34ED8633
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE3608 mov eax, dword ptr fs:[00000030h]		6_2_34EE3608
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE3608 mov eax, dword ptr fs:[00000030h]		6_2_34EE3608
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE3608 mov eax, dword ptr fs:[00000030h]		6_2_34EE3608
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE3608 mov eax, dword ptr fs:[00000030h]		6_2_34EE3608
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE3608 mov eax, dword ptr fs:[00000030h]		6_2_34EE3608
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE3608 mov eax, dword ptr fs:[00000030h]		6_2_34EE3608
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7D600 mov eax, dword ptr fs:[00000030h]		6_2_34E7D600
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7D600 mov eax, dword ptr fs:[00000030h]		6_2_34E7D600
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8360F mov eax, dword ptr fs:[00000030h]		6_2_34E8360F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F24600 mov eax, dword ptr fs:[00000030h]		6_2_34F24600
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0F607 mov eax, dword ptr fs:[00000030h]		6_2_34F0F607
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E537E4 mov eax, dword ptr fs:[00000030h]		6_2_34E537E4
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E537E4 mov eax, dword ptr fs:[00000030h]		6_2_34E537E4
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E537E4 mov eax, dword ptr fs:[00000030h]		6_2_34E537E4
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E537E4 mov eax, dword ptr fs:[00000030h]		6_2_34E537E4
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E537E4 mov eax, dword ptr fs:[00000030h]		6_2_34E537E4
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E537E4 mov eax, dword ptr fs:[00000030h]		6_2_34E537E4
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E537E4 mov eax, dword ptr fs:[00000030h]		6_2_34E537E4
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7E7E0 mov eax, dword ptr fs:[00000030h]		6_2_34E7E7E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E577F9 mov eax, dword ptr fs:[00000030h]		6_2_34E577F9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E577F9 mov eax, dword ptr fs:[00000030h]		6_2_34E577F9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0F7CF mov eax, dword ptr fs:[00000030h]		6_2_34F0F7CF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E507A7 mov eax, dword ptr fs:[00000030h]		6_2_34E507A7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F217BC mov eax, dword ptr fs:[00000030h]		6_2_34F217BC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1D7A7 mov eax, dword ptr fs:[00000030h]		6_2_34F1D7A7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1D7A7 mov eax, dword ptr fs:[00000030h]		6_2_34F1D7A7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1D7A7 mov eax, dword ptr fs:[00000030h]		6_2_34F1D7A7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE79D mov eax, dword ptr fs:[00000030h]		6_2_34ECE79D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE79D mov eax, dword ptr fs:[00000030h]		6_2_34ECE79D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE79D mov eax, dword ptr fs:[00000030h]		6_2_34ECE79D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE79D mov eax, dword ptr fs:[00000030h]		6_2_34ECE79D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE79D mov eax, dword ptr fs:[00000030h]		6_2_34ECE79D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE79D mov eax, dword ptr fs:[00000030h]		6_2_34ECE79D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE79D mov eax, dword ptr fs:[00000030h]		6_2_34ECE79D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE79D mov eax, dword ptr fs:[00000030h]		6_2_34ECE79D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ECE79D mov eax, dword ptr fs:[00000030h]		6_2_34ECE79D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2B781 mov eax, dword ptr fs:[00000030h]		6_2_34F2B781
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2B781 mov eax, dword ptr fs:[00000030h]		6_2_34F2B781
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E81796 mov eax, dword ptr fs:[00000030h]		6_2_34E81796
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E81796 mov eax, dword ptr fs:[00000030h]		6_2_34E81796
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E62760 mov ecx, dword ptr fs:[00000030h]		6_2_34E62760
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E91763 mov eax, dword ptr fs:[00000030h]		6_2_34E91763
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E91763 mov eax, dword ptr fs:[00000030h]		6_2_34E91763
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E91763 mov eax, dword ptr fs:[00000030h]		6_2_34E91763
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E91763 mov eax, dword ptr fs:[00000030h]		6_2_34E91763
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E91763 mov eax, dword ptr fs:[00000030h]		6_2_34E91763
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E91763 mov eax, dword ptr fs:[00000030h]		6_2_34E91763
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E54779 mov eax, dword ptr fs:[00000030h]		6_2_34E54779
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E54779 mov eax, dword ptr fs:[00000030h]		6_2_34E54779
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E80774 mov eax, dword ptr fs:[00000030h]		6_2_34E80774
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8174A mov eax, dword ptr fs:[00000030h]		6_2_34E8174A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED174B mov eax, dword ptr fs:[00000030h]		6_2_34ED174B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34ED174B mov ecx, dword ptr fs:[00000030h]		6_2_34ED174B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E83740 mov eax, dword ptr fs:[00000030h]		6_2_34E83740
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E72755 mov eax, dword ptr fs:[00000030h]		6_2_34E72755
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E72755 mov eax, dword ptr fs:[00000030h]		6_2_34E72755
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E72755 mov eax, dword ptr fs:[00000030h]		6_2_34E72755
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E72755 mov ecx, dword ptr fs:[00000030h]		6_2_34E72755
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E72755 mov eax, dword ptr fs:[00000030h]		6_2_34E72755
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E72755 mov eax, dword ptr fs:[00000030h]		6_2_34E72755
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8A750 mov eax, dword ptr fs:[00000030h]		6_2_34E8A750
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F75B mov eax, dword ptr fs:[00000030h]		6_2_34E4F75B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F75B mov eax, dword ptr fs:[00000030h]		6_2_34E4F75B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F75B mov eax, dword ptr fs:[00000030h]		6_2_34E4F75B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F75B mov eax, dword ptr fs:[00000030h]		6_2_34E4F75B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F75B mov eax, dword ptr fs:[00000030h]		6_2_34E4F75B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F75B mov eax, dword ptr fs:[00000030h]		6_2_34E4F75B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F75B mov eax, dword ptr fs:[00000030h]		6_2_34E4F75B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F75B mov eax, dword ptr fs:[00000030h]		6_2_34E4F75B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F75B mov eax, dword ptr fs:[00000030h]		6_2_34E4F75B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFE750 mov eax, dword ptr fs:[00000030h]		6_2_34EFE750
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E79723 mov eax, dword ptr fs:[00000030h]		6_2_34E79723
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4B705 mov eax, dword ptr fs:[00000030h]		6_2_34E4B705
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4B705 mov eax, dword ptr fs:[00000030h]		6_2_34E4B705
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4B705 mov eax, dword ptr fs:[00000030h]		6_2_34E4B705
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4B705 mov eax, dword ptr fs:[00000030h]		6_2_34E4B705
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5D700 mov ecx, dword ptr fs:[00000030h]		6_2_34E5D700
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0F717 mov eax, dword ptr fs:[00000030h]		6_2_34F0F717
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7270D mov eax, dword ptr fs:[00000030h]		6_2_34E7270D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7270D mov eax, dword ptr fs:[00000030h]		6_2_34E7270D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7270D mov eax, dword ptr fs:[00000030h]		6_2_34E7270D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1970B mov eax, dword ptr fs:[00000030h]		6_2_34F1970B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F1970B mov eax, dword ptr fs:[00000030h]		6_2_34F1970B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5471B mov eax, dword ptr fs:[00000030h]		6_2_34E5471B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5471B mov eax, dword ptr fs:[00000030h]		6_2_34E5471B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4C0F6 mov eax, dword ptr fs:[00000030h]		6_2_34E4C0F6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8D0F0 mov eax, dword ptr fs:[00000030h]		6_2_34E8D0F0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8D0F0 mov ecx, dword ptr fs:[00000030h]		6_2_34E8D0F0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E490F8 mov eax, dword ptr fs:[00000030h]		6_2_34E490F8
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E490F8 mov eax, dword ptr fs:[00000030h]		6_2_34E490F8
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E490F8 mov eax, dword ptr fs:[00000030h]		6_2_34E490F8
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E490F8 mov eax, dword ptr fs:[00000030h]		6_2_34E490F8
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4B0D6 mov eax, dword ptr fs:[00000030h]		6_2_34E4B0D6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4B0D6 mov eax, dword ptr fs:[00000030h]		6_2_34E4B0D6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4B0D6 mov eax, dword ptr fs:[00000030h]		6_2_34E4B0D6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4B0D6 mov eax, dword ptr fs:[00000030h]		6_2_34E4B0D6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E6B0D0 mov eax, dword ptr fs:[00000030h]		6_2_34E6B0D0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F250B7 mov eax, dword ptr fs:[00000030h]		6_2_34F250B7
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF0A5 mov eax, dword ptr fs:[00000030h]		6_2_34EFF0A5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF0A5 mov eax, dword ptr fs:[00000030h]		6_2_34EFF0A5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF0A5 mov eax, dword ptr fs:[00000030h]		6_2_34EFF0A5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF0A5 mov eax, dword ptr fs:[00000030h]		6_2_34EFF0A5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF0A5 mov eax, dword ptr fs:[00000030h]		6_2_34EFF0A5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF0A5 mov eax, dword ptr fs:[00000030h]		6_2_34EFF0A5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EFF0A5 mov eax, dword ptr fs:[00000030h]		6_2_34EFF0A5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E900A5 mov eax, dword ptr fs:[00000030h]		6_2_34E900A5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0B0AF mov eax, dword ptr fs:[00000030h]		6_2_34F0B0AF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F24080 mov eax, dword ptr fs:[00000030h]		6_2_34F24080
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F24080 mov eax, dword ptr fs:[00000030h]		6_2_34F24080
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F24080 mov eax, dword ptr fs:[00000030h]		6_2_34F24080
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F24080 mov eax, dword ptr fs:[00000030h]		6_2_34F24080
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F24080 mov eax, dword ptr fs:[00000030h]		6_2_34F24080
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F24080 mov eax, dword ptr fs:[00000030h]		6_2_34F24080
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F24080 mov eax, dword ptr fs:[00000030h]		6_2_34F24080
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4C090 mov eax, dword ptr fs:[00000030h]		6_2_34E4C090
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4A093 mov ecx, dword ptr fs:[00000030h]		6_2_34E4A093
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EF9060 mov eax, dword ptr fs:[00000030h]		6_2_34EF9060
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E56074 mov eax, dword ptr fs:[00000030h]		6_2_34E56074
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E56074 mov eax, dword ptr fs:[00000030h]		6_2_34E56074
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E57072 mov eax, dword ptr fs:[00000030h]		6_2_34E57072
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2505B mov eax, dword ptr fs:[00000030h]		6_2_34F2505B
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E80044 mov eax, dword ptr fs:[00000030h]		6_2_34E80044
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E51051 mov eax, dword ptr fs:[00000030h]		6_2_34E51051
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E51051 mov eax, dword ptr fs:[00000030h]		6_2_34E51051
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4D02D mov eax, dword ptr fs:[00000030h]		6_2_34E4D02D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E75004 mov eax, dword ptr fs:[00000030h]		6_2_34E75004
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E75004 mov ecx, dword ptr fs:[00000030h]		6_2_34E75004
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E58009 mov eax, dword ptr fs:[00000030h]		6_2_34E58009
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E92010 mov ecx, dword ptr fs:[00000030h]		6_2_34E92010
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E591E5 mov eax, dword ptr fs:[00000030h]		6_2_34E591E5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E591E5 mov eax, dword ptr fs:[00000030h]		6_2_34E591E5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A1E3 mov eax, dword ptr fs:[00000030h]		6_2_34E5A1E3
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A1E3 mov eax, dword ptr fs:[00000030h]		6_2_34E5A1E3
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A1E3 mov eax, dword ptr fs:[00000030h]		6_2_34E5A1E3
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A1E3 mov eax, dword ptr fs:[00000030h]		6_2_34E5A1E3
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A1E3 mov eax, dword ptr fs:[00000030h]		6_2_34E5A1E3
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7B1E0 mov eax, dword ptr fs:[00000030h]		6_2_34E7B1E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7B1E0 mov eax, dword ptr fs:[00000030h]		6_2_34E7B1E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7B1E0 mov eax, dword ptr fs:[00000030h]		6_2_34E7B1E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7B1E0 mov eax, dword ptr fs:[00000030h]		6_2_34E7B1E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7B1E0 mov eax, dword ptr fs:[00000030h]		6_2_34E7B1E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7B1E0 mov eax, dword ptr fs:[00000030h]		6_2_34E7B1E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7B1E0 mov eax, dword ptr fs:[00000030h]		6_2_34E7B1E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E481EB mov eax, dword ptr fs:[00000030h]		6_2_34E481EB
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E491F0 mov eax, dword ptr fs:[00000030h]		6_2_34E491F0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E491F0 mov eax, dword ptr fs:[00000030h]		6_2_34E491F0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E601F1 mov eax, dword ptr fs:[00000030h]		6_2_34E601F1
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E601F1 mov eax, dword ptr fs:[00000030h]		6_2_34E601F1
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E601F1 mov eax, dword ptr fs:[00000030h]		6_2_34E601F1
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F1F0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F1F0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7F1F0 mov eax, dword ptr fs:[00000030h]		6_2_34E7F1F0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F181EE mov eax, dword ptr fs:[00000030h]		6_2_34F181EE
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F181EE mov eax, dword ptr fs:[00000030h]		6_2_34F181EE
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E601C0 mov eax, dword ptr fs:[00000030h]		6_2_34E601C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E601C0 mov eax, dword ptr fs:[00000030h]		6_2_34E601C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E651C0 mov eax, dword ptr fs:[00000030h]		6_2_34E651C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E651C0 mov eax, dword ptr fs:[00000030h]		6_2_34E651C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E651C0 mov eax, dword ptr fs:[00000030h]		6_2_34E651C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E651C0 mov eax, dword ptr fs:[00000030h]		6_2_34E651C0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F251B6 mov eax, dword ptr fs:[00000030h]		6_2_34F251B6
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8E1A4 mov eax, dword ptr fs:[00000030h]		6_2_34E8E1A4
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8E1A4 mov eax, dword ptr fs:[00000030h]		6_2_34E8E1A4
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E841BB mov ecx, dword ptr fs:[00000030h]		6_2_34E841BB
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E841BB mov eax, dword ptr fs:[00000030h]		6_2_34E841BB
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E841BB mov eax, dword ptr fs:[00000030h]		6_2_34E841BB
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E831BE mov eax, dword ptr fs:[00000030h]		6_2_34E831BE
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E831BE mov eax, dword ptr fs:[00000030h]		6_2_34E831BE
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E54180 mov eax, dword ptr fs:[00000030h]		6_2_34E54180
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E54180 mov eax, dword ptr fs:[00000030h]		6_2_34E54180
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E54180 mov eax, dword ptr fs:[00000030h]		6_2_34E54180
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E79194 mov eax, dword ptr fs:[00000030h]		6_2_34E79194
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E91190 mov eax, dword ptr fs:[00000030h]		6_2_34E91190
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E91190 mov eax, dword ptr fs:[00000030h]		6_2_34E91190
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8716D mov eax, dword ptr fs:[00000030h]		6_2_34E8716D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EA717A mov eax, dword ptr fs:[00000030h]		6_2_34EA717A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EA717A mov eax, dword ptr fs:[00000030h]		6_2_34EA717A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E56179 mov eax, dword ptr fs:[00000030h]		6_2_34E56179
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4A147 mov eax, dword ptr fs:[00000030h]		6_2_34E4A147
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4A147 mov eax, dword ptr fs:[00000030h]		6_2_34E4A147
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4A147 mov eax, dword ptr fs:[00000030h]		6_2_34E4A147
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE314A mov eax, dword ptr fs:[00000030h]		6_2_34EE314A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE314A mov eax, dword ptr fs:[00000030h]		6_2_34EE314A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE314A mov eax, dword ptr fs:[00000030h]		6_2_34EE314A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EE314A mov eax, dword ptr fs:[00000030h]		6_2_34EE314A
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F23157 mov eax, dword ptr fs:[00000030h]		6_2_34F23157
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F23157 mov eax, dword ptr fs:[00000030h]		6_2_34F23157
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F23157 mov eax, dword ptr fs:[00000030h]		6_2_34F23157
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E8415F mov eax, dword ptr fs:[00000030h]		6_2_34E8415F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F25149 mov eax, dword ptr fs:[00000030h]		6_2_34F25149
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E87128 mov eax, dword ptr fs:[00000030h]		6_2_34E87128
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E87128 mov eax, dword ptr fs:[00000030h]		6_2_34E87128
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F0F13E mov eax, dword ptr fs:[00000030h]		6_2_34F0F13E
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34EDA130 mov eax, dword ptr fs:[00000030h]		6_2_34EDA130
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E7510F mov eax, dword ptr fs:[00000030h]		6_2_34E7510F
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5510D mov eax, dword ptr fs:[00000030h]		6_2_34E5510D
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E80118 mov eax, dword ptr fs:[00000030h]		6_2_34E80118
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4F113 mov eax, dword ptr fs:[00000030h]		6_2_34E4F113
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E472E0 mov eax, dword ptr fs:[00000030h]		6_2_34E472E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A2E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5A2E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A2E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5A2E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A2E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5A2E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A2E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5A2E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A2E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5A2E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E5A2E0 mov eax, dword ptr fs:[00000030h]		6_2_34E5A2E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E582E0 mov eax, dword ptr fs:[00000030h]		6_2_34E582E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E582E0 mov eax, dword ptr fs:[00000030h]		6_2_34E582E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E582E0 mov eax, dword ptr fs:[00000030h]		6_2_34E582E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E582E0 mov eax, dword ptr fs:[00000030h]		6_2_34E582E0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4D2EC mov eax, dword ptr fs:[00000030h]		6_2_34E4D2EC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4D2EC mov eax, dword ptr fs:[00000030h]		6_2_34E4D2EC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E602F9 mov eax, dword ptr fs:[00000030h]		6_2_34E602F9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E602F9 mov eax, dword ptr fs:[00000030h]		6_2_34E602F9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E602F9 mov eax, dword ptr fs:[00000030h]		6_2_34E602F9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E602F9 mov eax, dword ptr fs:[00000030h]		6_2_34E602F9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E602F9 mov eax, dword ptr fs:[00000030h]		6_2_34E602F9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E602F9 mov eax, dword ptr fs:[00000030h]		6_2_34E602F9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E602F9 mov eax, dword ptr fs:[00000030h]		6_2_34E602F9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E602F9 mov eax, dword ptr fs:[00000030h]		6_2_34E602F9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E732C5 mov eax, dword ptr fs:[00000030h]		6_2_34E732C5
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F232C9 mov eax, dword ptr fs:[00000030h]		6_2_34F232C9
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E742AF mov eax, dword ptr fs:[00000030h]		6_2_34E742AF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E742AF mov eax, dword ptr fs:[00000030h]		6_2_34E742AF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E492AF mov eax, dword ptr fs:[00000030h]		6_2_34E492AF
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2B2BC mov eax, dword ptr fs:[00000030h]		6_2_34F2B2BC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2B2BC mov eax, dword ptr fs:[00000030h]		6_2_34F2B2BC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2B2BC mov eax, dword ptr fs:[00000030h]		6_2_34F2B2BC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F2B2BC mov eax, dword ptr fs:[00000030h]		6_2_34F2B2BC
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34E4C2B0 mov ecx, dword ptr fs:[00000030h]		6_2_34E4C2B0
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Code function: 6_2_34F192AB mov eax, dword ptr fs:[00000030h]		6_2_34F192AB

Source: C:\Windows\SysWOW64\mstsc.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Code function: 0_2_100015D0 Free,LdrInitializeThunk,VirtualFree,GlobalFree,

0_2_100015D0

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\explorer.exe	Network Connect: 165.160.15.20 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 206.233.207.174 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 142.250.185.211 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 183.181.96.18 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 192.187.111.221 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 13.248.157.32 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 198.185.159.144 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 217.26.48.101 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 188.114.97.3 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 81.17.29.147 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 34.102.136.180 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 142.250.186.51 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 169.60.232.139 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 104.21.39.114 80			Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Section unmapped: C:\Windows\SysWOW64\mstsc.exe base address: 870000

Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Section loaded: unknown target: C:\Windows\SysWOW64\mstsc.exe protection: execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\SC.028UCCP.exe	Section loaded: unknown target: C:\Windows\SysWOW64\mstsc.exe protection: execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\mstsc.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write			Jump to behavior
Source: C:\Windows\SysWOW64\mstsc.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write			Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Thread APC queued: target process: C:\Windows\explorer.exe

Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Thread register set: target process: 4768			Jump to behavior
Source: C:\Windows\SysWOW64\mstsc.exe	Thread register set: target process: 4768			Jump to behavior

Source: C:\Users\user\Desktop\SC.028UCCP.exe	Process created: C:\Users\user\Desktop\SC.028UCCP.exe C:\Users\user\Desktop\SC.028UCCP.exe			Jump to behavior
Source: C:\Windows\SysWOW64\mstsc.exe	Process created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\SC.028UCCP.exe"			Jump to behavior

Source: explorer.exe, 00000007.00000000.2906971222.000000000D89D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.7451826798.0000000004D50000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: Shell_TrayWnd

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\SC.028UCCP.exe

Code function: 0_2_00405BBA GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405BBA

Stealing of Sensitive Information

Source: Yara match	File source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.7445956463.0000000004910000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2969631128.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3048431353.0000000034AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.7444154369.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Source: Yara match	File source: 00000008.00000002.7446412536.0000000004940000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.7445956463.0000000004910000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2969631128.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.3048431353.0000000034AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.7444154369.0000000002C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY