Windows Analysis Report
SPA-198-2024.exe

Overview

General Information

Sample name: SPA-198-2024.exe
Analysis ID: 1544859
MD5: 018636d5cf9775c57e733e0f8f8de8a1
SHA1: ea30ceaf5fd685557e735c704953e367c11914cc
SHA256: 04dab42e8f694a3fac6b3ea2532462e89e9118c928545710a872d34874376a49
Tags: exeuser-threatcat_ch
Infos:

Detection

FormBook
Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SPA-198-2024.exe ReversingLabs: Detection: 57%
Yara detected FormBook
Source: Yara match File source: 3.2.SPA-198-2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.SPA-198-2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2284492644.0000000001D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: SPA-198-2024.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SPA-198-2024.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SPA-198-2024.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: oybO.pdb source: SPA-198-2024.exe
Source: Binary string: wntdll.pdbUGP source: SPA-198-2024.exe, 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SPA-198-2024.exe, SPA-198-2024.exe, 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: oybO.pdbSHA256s source: SPA-198-2024.exe
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 4x nop then jmp 027B4500h 0_2_027B3B4F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 4x nop then jmp 027B4500h 0_2_027B3F00

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.SPA-198-2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.SPA-198-2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2284492644.0000000001D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_0042C433 NtClose, 3_2_0042C433
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_0040A9E3 NtAllocateVirtualMemory, 3_2_0040A9E3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB35C0 NtCreateMutant,LdrInitializeThunk, 3_2_01AB35C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2DF0 NtQuerySystemInformation,LdrInitializeThunk, 3_2_01AB2DF0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2C70 NtFreeVirtualMemory,LdrInitializeThunk, 3_2_01AB2C70
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB3090 NtSetValueKey, 3_2_01AB3090
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB3010 NtOpenDirectoryObject, 3_2_01AB3010
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB4340 NtSetContextThread, 3_2_01AB4340
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB4650 NtSuspendThread, 3_2_01AB4650
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB39B0 NtGetContextThread, 3_2_01AB39B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2BA0 NtEnumerateValueKey, 3_2_01AB2BA0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2B80 NtQueryInformationFile, 3_2_01AB2B80
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2BE0 NtQueryValueKey, 3_2_01AB2BE0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2BF0 NtAllocateVirtualMemory, 3_2_01AB2BF0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2B60 NtClose, 3_2_01AB2B60
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2AB0 NtWaitForSingleObject, 3_2_01AB2AB0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2AF0 NtWriteFile, 3_2_01AB2AF0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2AD0 NtReadFile, 3_2_01AB2AD0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2DB0 NtEnumerateKey, 3_2_01AB2DB0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2DD0 NtDelayExecution, 3_2_01AB2DD0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2D30 NtUnmapViewOfSection, 3_2_01AB2D30
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2D00 NtSetInformationFile, 3_2_01AB2D00
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2D10 NtMapViewOfSection, 3_2_01AB2D10
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB3D10 NtOpenProcessToken, 3_2_01AB3D10
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB3D70 NtOpenThread, 3_2_01AB3D70
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2CA0 NtQueryInformationToken, 3_2_01AB2CA0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2CF0 NtOpenProcess, 3_2_01AB2CF0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2CC0 NtQueryVirtualMemory, 3_2_01AB2CC0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2C00 NtQueryInformationProcess, 3_2_01AB2C00
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2C60 NtCreateKey, 3_2_01AB2C60
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2FA0 NtQuerySection, 3_2_01AB2FA0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2FB0 NtResumeThread, 3_2_01AB2FB0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2F90 NtProtectVirtualMemory, 3_2_01AB2F90
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2FE0 NtCreateFile, 3_2_01AB2FE0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2F30 NtCreateSection, 3_2_01AB2F30
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2F60 NtCreateProcessEx, 3_2_01AB2F60
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2EA0 NtAdjustPrivilegesToken, 3_2_01AB2EA0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2E80 NtReadVirtualMemory, 3_2_01AB2E80
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2EE0 NtQueueApcThread, 3_2_01AB2EE0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB2E30 NtWriteVirtualMemory, 3_2_01AB2E30
Detected potential crypto function
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 0_2_00EAEF04 0_2_00EAEF04
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 0_2_027B53C8 0_2_027B53C8
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 0_2_027B0040 0_2_027B0040
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 0_2_027B0007 0_2_027B0007
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 0_2_027B2098 0_2_027B2098
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 0_2_027B2088 0_2_027B2088
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 0_2_027B16E8 0_2_027B16E8
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 0_2_02950006 0_2_02950006
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 0_2_02950040 0_2_02950040
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00401110 3_2_00401110
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_0040E13B 3_2_0040E13B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_0042EAD3 3_2_0042EAD3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00402370 3_2_00402370
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_0040FCC3 3_2_0040FCC3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00416613 3_2_00416613
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_0040FEE3 3_2_0040FEE3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_0040DF63 3_2_0040DF63
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00402710 3_2_00402710
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00402FD0 3_2_00402FD0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8B1B0 3_2_01A8B1B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B401AA 3_2_01B401AA
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B381CC 3_2_01B381CC
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A70100 3_2_01A70100
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1A118 3_2_01B1A118
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB516C 3_2_01AB516C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B4B16B 3_2_01B4B16B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B08158 3_2_01B08158
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3F0E0 3_2_01B3F0E0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B370E9 3_2_01B370E9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2F0CC 3_2_01B2F0CC
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AC739A 3_2_01AC739A
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B403E6 3_2_01B403E6
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8E3F0 3_2_01A8E3F0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3132D 3_2_01B3132D
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3A352 3_2_01B3A352
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6D34C 3_2_01A6D34C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A852A0 3_2_01A852A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9B2C0 3_2_01A9B2C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B002C0 3_2_01B002C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1D5B0 3_2_01B1D5B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B40591 3_2_01B40591
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A80535 3_2_01A80535
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B37571 3_2_01B37571
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2E4F6 3_2_01B2E4F6
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3F43F 3_2_01B3F43F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A71460 3_2_01A71460
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B32446 3_2_01B32446
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3F7B0 3_2_01B3F7B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7C7C0 3_2_01A7C7C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A80770 3_2_01A80770
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA4750 3_2_01AA4750
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9C6E0 3_2_01A9C6E0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B316CC 3_2_01B316CC
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A829A0 3_2_01A829A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B4A9A6 3_2_01B4A9A6
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A96962 3_2_01A96962
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A89950 3_2_01A89950
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9B950 3_2_01A9B950
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A668B8 3_2_01A668B8
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A838E0 3_2_01A838E0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAE8F0 3_2_01AAE8F0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AED800 3_2_01AED800
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A82840 3_2_01A82840
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8A840 3_2_01A8A840
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9FB80 3_2_01A9FB80
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01ABDBF9 3_2_01ABDBF9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF5BF0 3_2_01AF5BF0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B36BD7 3_2_01B36BD7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3FB76 3_2_01B3FB76
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3AB40 3_2_01B3AB40
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AC5AA0 3_2_01AC5AA0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1DAAC 3_2_01B1DAAC
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7EA80 3_2_01A7EA80
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2DAC6 3_2_01B2DAC6
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF3A6C 3_2_01AF3A6C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B37A46 3_2_01B37A46
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3FA49 3_2_01B3FA49
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A98DBF 3_2_01A98DBF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7ADE0 3_2_01A7ADE0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9FDC0 3_2_01A9FDC0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8AD00 3_2_01A8AD00
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B37D73 3_2_01B37D73
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A83D40 3_2_01A83D40
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B31D5A 3_2_01B31D5A
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20CB5 3_2_01B20CB5
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3FCF2 3_2_01B3FCF2
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A70CF2 3_2_01A70CF2
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF9C32 3_2_01AF9C32
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A80C00 3_2_01A80C00
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3FFB1 3_2_01B3FFB1
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AFEFA0 3_2_01AFEFA0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81F92 3_2_01A81F92
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8CFE0 3_2_01A8CFE0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A72FC8 3_2_01A72FC8
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AC2F28 3_2_01AC2F28
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA0F30 3_2_01AA0F30
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3FF09 3_2_01B3FF09
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF4F40 3_2_01AF4F40
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A89EB0 3_2_01A89EB0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3CE93 3_2_01B3CE93
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A92E90 3_2_01A92E90
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3EEDB 3_2_01B3EEDB
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3EE26 3_2_01B3EE26
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A80E59 3_2_01A80E59
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: String function: 01AEEA12 appears 86 times
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: String function: 01AB5130 appears 36 times
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: String function: 01A6B970 appears 268 times
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: String function: 01AFF290 appears 105 times
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: String function: 01AC7E54 appears 96 times
Sample file is different than original file name gathered from version info
Source: SPA-198-2024.exe, 00000000.00000002.2181939617.000000000B2C0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs SPA-198-2024.exe
Source: SPA-198-2024.exe, 00000000.00000000.2139402540.000000000051C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameoybO.exe( vs SPA-198-2024.exe
Source: SPA-198-2024.exe, 00000000.00000002.2174558261.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs SPA-198-2024.exe
Source: SPA-198-2024.exe, 00000003.00000002.2283692332.0000000001B6D000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs SPA-198-2024.exe
Source: SPA-198-2024.exe Binary or memory string: OriginalFilenameoybO.exe( vs SPA-198-2024.exe
Uses 32bit PE files
Source: SPA-198-2024.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SPA-198-2024.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, mGaZqb0uhBVCNQDgWe.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, adeKN0qSDhwrLpRHG8.cs Security API names: _0020.SetAccessControl
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, adeKN0qSDhwrLpRHG8.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, adeKN0qSDhwrLpRHG8.cs Security API names: _0020.AddAccessRule
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, mGaZqb0uhBVCNQDgWe.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, adeKN0qSDhwrLpRHG8.cs Security API names: _0020.SetAccessControl
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, adeKN0qSDhwrLpRHG8.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, adeKN0qSDhwrLpRHG8.cs Security API names: _0020.AddAccessRule
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, adeKN0qSDhwrLpRHG8.cs Security API names: _0020.SetAccessControl
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, adeKN0qSDhwrLpRHG8.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, adeKN0qSDhwrLpRHG8.cs Security API names: _0020.AddAccessRule
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, mGaZqb0uhBVCNQDgWe.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: classification engine Classification label: mal80.troj.evad.winEXE@3/1@0/0
Source: C:\Users\user\Desktop\SPA-198-2024.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SPA-198-2024.exe.log Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Mutant created: NULL
Source: SPA-198-2024.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SPA-198-2024.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\SPA-198-2024.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SPA-198-2024.exe ReversingLabs: Detection: 57%
Source: unknown Process created: C:\Users\user\Desktop\SPA-198-2024.exe "C:\Users\user\Desktop\SPA-198-2024.exe"
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process created: C:\Users\user\Desktop\SPA-198-2024.exe "C:\Users\user\Desktop\SPA-198-2024.exe"
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process created: C:\Users\user\Desktop\SPA-198-2024.exe "C:\Users\user\Desktop\SPA-198-2024.exe" Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: SPA-198-2024.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: SPA-198-2024.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: SPA-198-2024.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: oybO.pdb source: SPA-198-2024.exe
Source: Binary string: wntdll.pdbUGP source: SPA-198-2024.exe, 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: SPA-198-2024.exe, SPA-198-2024.exe, 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: oybO.pdbSHA256s source: SPA-198-2024.exe

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, adeKN0qSDhwrLpRHG8.cs .Net Code: bxV3LGxu8r System.Reflection.Assembly.Load(byte[])
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, adeKN0qSDhwrLpRHG8.cs .Net Code: bxV3LGxu8r System.Reflection.Assembly.Load(byte[])
Source: 0.2.SPA-198-2024.exe.54b0000.3.raw.unpack, Uo.cs .Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, adeKN0qSDhwrLpRHG8.cs .Net Code: bxV3LGxu8r System.Reflection.Assembly.Load(byte[])
Source: 0.2.SPA-198-2024.exe.3990b90.2.raw.unpack, Uo.cs .Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00406155 push ss; retf 3_2_00406160
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00403270 push eax; ret 3_2_00403272
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_0040227F pushad ; retf 3_2_00402280
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_0040BB30 push eax; ret 3_2_0040BB31
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_0041F3C9 push ss; retf 3_2_0041F3CB
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00404DCD push ebx; iretd 3_2_00404DD8
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_004066BD push edx; iretd 3_2_004066BF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00413F7E pushad ; retf 3_2_00414025
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00413FC5 pushad ; retf 3_2_00414025
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A709AD push ecx; mov dword ptr [esp], ecx 3_2_01A709B6
Source: SPA-198-2024.exe Static PE information: section name: .text entropy: 7.916051940850805
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, Re1omydSctGUoJBUTr.cs High entropy of concatenated method names: 'oF0XE0lTK4', 'tj6XGTQsiw', 'vZqXd84GrD', 'FR9XrYt50S', 'jDTXUiPuYc', 'hy5Xjvfhc8', 'm87XBWHgyQ', 'K7jXK2KJsE', 'Q1MX9dfj8u', 'GsKXe4kn97'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, adeKN0qSDhwrLpRHG8.cs High entropy of concatenated method names: 'gM9PInwr4k', 'd78PDs4PdZ', 'DyiP6PO99i', 'NfTPFxu96L', 'WKVPfSmpi0', 'NgYPHo85sU', 'aXfP5FY6wY', 'hKgPqFa3HH', 'LsiP2SEwlL', 'E1YP1Nsr4H'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, K70SETcjOUOWydl3Vi.cs High entropy of concatenated method names: 'uf0O1wl0mj', 'OKuOAR7L9V', 'ToString', 'lnZODRAqv8', 'aJ8O6GVhEm', 'KD8OFXTY3n', 'Vw5Of3GMmY', 'E8sOHLUK3g', 'xo3O5UiKT0', 'CjjOqBOHoi'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, MyL9WQbPBN5pLHgCkbI.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PsIWdueJsa', 'hSHWrBtsw1', 'y6iWMpEAV3', 'tHtWcWQWAE', 'r0aWRZZGbL', 'T3GWZHaG92', 'b7IWpQyIkb'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, GP8oxI64VGuiEsQl3Q.cs High entropy of concatenated method names: 'Dispose', 'g35bNYmMlA', 'Tj1nUPXy45', 'HXOSSQxpXv', 'coKburSNuw', 'WFEbzVd4ZJ', 'ProcessDialogKey', 'UHqn4CPwtg', 'DcSnbPGQmo', 'wwLnnnGD1b'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, Nqwn7Melarenpb2IX6.cs High entropy of concatenated method names: 'QvQ5DZTDRm', 'Bil5FtuEil', 'MpN5HYC8tC', 'MdEHuViEXf', 'e36HzYS93K', 'oIL54H2hQO', 'swN5b0wm7G', 'LNH5n4jYai', 'Nhb5P8tQ0k', 'Ak753u96QL'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, IxP4DcxZUc3QqEdMfP.cs High entropy of concatenated method names: 'ApP5lLOQ3N', 'yGl5Qg44ly', 'FPy5LhdrMZ', 'bll5vT9Lns', 'GI45CYYYpd', 'Be95i9kKsI', 'iXW5TnhJGV', 'kI250GONrs', 'Tof5JAcgU0', 'xPf5yqsEnk'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, kESCURzqi2SloBB49j.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JHKao0jhNc', 'RfqaXvNrwK', 'l6Sahlu5tP', 'aEraOqWxbd', 'juUamoAZKT', 'hkPaammi7G', 'zKQaWMC4sf'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, cGD1bju1VOVDr5g9UU.cs High entropy of concatenated method names: 'lfJab8LxR6', 'k1FaPns2II', 'Ihra3DwrJh', 'iIoaDPaskM', 'TLOa6GybSv', 'o5Jaf77di1', 'B8JaHOFEZ0', 'dZOmpJmFJi', 'pnSm7csINt', 'MramNe0jWA'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, oKrSNu7w7FEVd4ZJRH.cs High entropy of concatenated method names: 'Vx1mDHcWjr', 'v5em6o5I3w', 'iFFmFIx85b', 'lDRmfe5hmH', 'vZamHrknPF', 'dRJm5drGxL', 'PZbmqq044j', 'a4Cm2knbie', 'Nd0m1RE0Wf', 'zosmAd87sS'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, cTckQWytkSX4SW88bk.cs High entropy of concatenated method names: 'q9GfC9qvIO', 'soZfTTnSag', 'wP2FjXdapm', 'EHfFB2BDaq', 'mVLFK1tNC9', 'GV1F9kZX9n', 'AA0FeIUplk', 'gjwF8krIXt', 'WEpFxLPNwO', 'b37FEjYLMO'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, t46aQgU4PkBHV7amt9.cs High entropy of concatenated method names: 'VaavotbZctiRlC12Z5q', 's5Xx9XbM2YNCF1wHGtP', 'lbZHmwgEOC', 'FJDHap79A0', 'U7QHWOunhM', 'vQYvETbP8dsKV46xesf', 'QHNMmkbLV0SKbCKSJon'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, V4xNdPZPVblcHfeyJp.cs High entropy of concatenated method names: 'z6oO7LiLhn', 'v3GOu0FJme', 'Jvnm4QLLeg', 'TjCmb5Uy4p', 'gaPOVOXXX6', 'DKpOGUwdQP', 'qfGOs237wJ', 'EHwOdrbEMb', 'jHNOrXaLWp', 'u0iOMuCuyI'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, AhqsMis2eqf6v1KUZp.cs High entropy of concatenated method names: 'Etgo0F4o8C', 'lOQoJd8NLD', 'RCmowmE1lL', 'FjQoURm7dT', 'K56oBxgioB', 'o9NoKSCuLG', 'bvXoehAq2y', 'VP4o8nAjtG', 'enyoE2s91Q', 'lU9oVnQ7xY'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, nk7v2hwfmx0qv2PaRH.cs High entropy of concatenated method names: 'G9RHIBT9QJ', 'T3FH6weUL5', 'q4dHf3gxie', 'jBmH5EhCdr', 'WIlHq6Hqt5', 'VNBfRVVCur', 'FMxfZNqIFv', 'L5BfpBABsd', 'F1Df7yIcbN', 'jKYfN7Y2ja'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, mGaZqb0uhBVCNQDgWe.cs High entropy of concatenated method names: 'v856djA5XX', 'Cph6rd429i', 'afa6MCiAhh', 'dFi6cTdeeR', 'htd6R1AARq', 'yh86ZB91DR', 'DYh6pS1olK', 'YGr67MYhCA', 'V7x6NMmFb9', 'q6t6ufNNxT'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, cpYI863Frku2NWsY9W.cs High entropy of concatenated method names: 'kxAb5GaZqb', 'YhBbqVCNQD', 'wOub15ud8W', 'qyJbAbPTck', 's88bXbkok7', 'A2hbhfmx0q', 'XaVnv1t55qIhwt3yin', 'Ot71uIBr6IH1n93od3', 'IQabbLXZEc', 'hGxbPpd9Ck'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, kCPwtgNTcSPGQmokwL.cs High entropy of concatenated method names: 'DgMmwNpmbv', 'ymvmUuiyuH', 'LixmjZaba6', 'io0mBdWoFD', 'BoHmdO94eC', 'PVomKZVVKD', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, faTxQkJOu5ud8WOyJb.cs High entropy of concatenated method names: 'TmSFvtcSty', 'xXsFiEoO9u', 'j9LF0qZQvj', 'BPXFJR0j2k', 'Eh9FXypLha', 'bfYFhJqVht', 'LDFFOkPyo5', 'y3gFma7FaU', 'sMFFaU52HR', 'fF6FW9MIiG'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, cJsmM1bbh41fVe4qCxs.cs High entropy of concatenated method names: 'ToString', 'MHuWPD7JSC', 'R0AW3yv9SL', 'eowWIdZfmj', 'RNpWDMIBfQ', 'N8uW6Ev219', 'aqdWFfSrBY', 'M5GWfV7tHb', 'qYPRPZcDAm4wHYZpfth', 'SYrKxwcH7Vs0WSAX8it'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, n1AbHOb4AASn9qP5Zkv.cs High entropy of concatenated method names: 'ENZalDLhIq', 'ynoaQbS0ym', 'KeMaLBiTmW', 'l5LavYfg9c', 'txGaCc79Ow', 'slBaiR5veS', 'VjmaTFdPTs', 'b2Xa0LMhBK', 'RSMaJCBgea', 'gq6ayOMFf1'
Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, G70LPtnkfwrBUWNJQC.cs High entropy of concatenated method names: 'ivvLODTq0', 'UXDv04SAa', 'qX8iLS0Pk', 'kIVTUhqur', 'dGkJVLE2v', 'pGiyOM85c', 'gsibitOleIfFm4VVfa', 'o4SpU9DhCktk9D9Wge', 'dFSJ6DHdFnHtIg3KwI', 'Tmbm9iLG4'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, Re1omydSctGUoJBUTr.cs High entropy of concatenated method names: 'oF0XE0lTK4', 'tj6XGTQsiw', 'vZqXd84GrD', 'FR9XrYt50S', 'jDTXUiPuYc', 'hy5Xjvfhc8', 'm87XBWHgyQ', 'K7jXK2KJsE', 'Q1MX9dfj8u', 'GsKXe4kn97'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, adeKN0qSDhwrLpRHG8.cs High entropy of concatenated method names: 'gM9PInwr4k', 'd78PDs4PdZ', 'DyiP6PO99i', 'NfTPFxu96L', 'WKVPfSmpi0', 'NgYPHo85sU', 'aXfP5FY6wY', 'hKgPqFa3HH', 'LsiP2SEwlL', 'E1YP1Nsr4H'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, K70SETcjOUOWydl3Vi.cs High entropy of concatenated method names: 'uf0O1wl0mj', 'OKuOAR7L9V', 'ToString', 'lnZODRAqv8', 'aJ8O6GVhEm', 'KD8OFXTY3n', 'Vw5Of3GMmY', 'E8sOHLUK3g', 'xo3O5UiKT0', 'CjjOqBOHoi'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, MyL9WQbPBN5pLHgCkbI.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PsIWdueJsa', 'hSHWrBtsw1', 'y6iWMpEAV3', 'tHtWcWQWAE', 'r0aWRZZGbL', 'T3GWZHaG92', 'b7IWpQyIkb'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, GP8oxI64VGuiEsQl3Q.cs High entropy of concatenated method names: 'Dispose', 'g35bNYmMlA', 'Tj1nUPXy45', 'HXOSSQxpXv', 'coKburSNuw', 'WFEbzVd4ZJ', 'ProcessDialogKey', 'UHqn4CPwtg', 'DcSnbPGQmo', 'wwLnnnGD1b'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, Nqwn7Melarenpb2IX6.cs High entropy of concatenated method names: 'QvQ5DZTDRm', 'Bil5FtuEil', 'MpN5HYC8tC', 'MdEHuViEXf', 'e36HzYS93K', 'oIL54H2hQO', 'swN5b0wm7G', 'LNH5n4jYai', 'Nhb5P8tQ0k', 'Ak753u96QL'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, IxP4DcxZUc3QqEdMfP.cs High entropy of concatenated method names: 'ApP5lLOQ3N', 'yGl5Qg44ly', 'FPy5LhdrMZ', 'bll5vT9Lns', 'GI45CYYYpd', 'Be95i9kKsI', 'iXW5TnhJGV', 'kI250GONrs', 'Tof5JAcgU0', 'xPf5yqsEnk'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, kESCURzqi2SloBB49j.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JHKao0jhNc', 'RfqaXvNrwK', 'l6Sahlu5tP', 'aEraOqWxbd', 'juUamoAZKT', 'hkPaammi7G', 'zKQaWMC4sf'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, cGD1bju1VOVDr5g9UU.cs High entropy of concatenated method names: 'lfJab8LxR6', 'k1FaPns2II', 'Ihra3DwrJh', 'iIoaDPaskM', 'TLOa6GybSv', 'o5Jaf77di1', 'B8JaHOFEZ0', 'dZOmpJmFJi', 'pnSm7csINt', 'MramNe0jWA'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, oKrSNu7w7FEVd4ZJRH.cs High entropy of concatenated method names: 'Vx1mDHcWjr', 'v5em6o5I3w', 'iFFmFIx85b', 'lDRmfe5hmH', 'vZamHrknPF', 'dRJm5drGxL', 'PZbmqq044j', 'a4Cm2knbie', 'Nd0m1RE0Wf', 'zosmAd87sS'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, cTckQWytkSX4SW88bk.cs High entropy of concatenated method names: 'q9GfC9qvIO', 'soZfTTnSag', 'wP2FjXdapm', 'EHfFB2BDaq', 'mVLFK1tNC9', 'GV1F9kZX9n', 'AA0FeIUplk', 'gjwF8krIXt', 'WEpFxLPNwO', 'b37FEjYLMO'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, t46aQgU4PkBHV7amt9.cs High entropy of concatenated method names: 'VaavotbZctiRlC12Z5q', 's5Xx9XbM2YNCF1wHGtP', 'lbZHmwgEOC', 'FJDHap79A0', 'U7QHWOunhM', 'vQYvETbP8dsKV46xesf', 'QHNMmkbLV0SKbCKSJon'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, V4xNdPZPVblcHfeyJp.cs High entropy of concatenated method names: 'z6oO7LiLhn', 'v3GOu0FJme', 'Jvnm4QLLeg', 'TjCmb5Uy4p', 'gaPOVOXXX6', 'DKpOGUwdQP', 'qfGOs237wJ', 'EHwOdrbEMb', 'jHNOrXaLWp', 'u0iOMuCuyI'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, AhqsMis2eqf6v1KUZp.cs High entropy of concatenated method names: 'Etgo0F4o8C', 'lOQoJd8NLD', 'RCmowmE1lL', 'FjQoURm7dT', 'K56oBxgioB', 'o9NoKSCuLG', 'bvXoehAq2y', 'VP4o8nAjtG', 'enyoE2s91Q', 'lU9oVnQ7xY'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, nk7v2hwfmx0qv2PaRH.cs High entropy of concatenated method names: 'G9RHIBT9QJ', 'T3FH6weUL5', 'q4dHf3gxie', 'jBmH5EhCdr', 'WIlHq6Hqt5', 'VNBfRVVCur', 'FMxfZNqIFv', 'L5BfpBABsd', 'F1Df7yIcbN', 'jKYfN7Y2ja'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, mGaZqb0uhBVCNQDgWe.cs High entropy of concatenated method names: 'v856djA5XX', 'Cph6rd429i', 'afa6MCiAhh', 'dFi6cTdeeR', 'htd6R1AARq', 'yh86ZB91DR', 'DYh6pS1olK', 'YGr67MYhCA', 'V7x6NMmFb9', 'q6t6ufNNxT'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, cpYI863Frku2NWsY9W.cs High entropy of concatenated method names: 'kxAb5GaZqb', 'YhBbqVCNQD', 'wOub15ud8W', 'qyJbAbPTck', 's88bXbkok7', 'A2hbhfmx0q', 'XaVnv1t55qIhwt3yin', 'Ot71uIBr6IH1n93od3', 'IQabbLXZEc', 'hGxbPpd9Ck'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, kCPwtgNTcSPGQmokwL.cs High entropy of concatenated method names: 'DgMmwNpmbv', 'ymvmUuiyuH', 'LixmjZaba6', 'io0mBdWoFD', 'BoHmdO94eC', 'PVomKZVVKD', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, faTxQkJOu5ud8WOyJb.cs High entropy of concatenated method names: 'TmSFvtcSty', 'xXsFiEoO9u', 'j9LF0qZQvj', 'BPXFJR0j2k', 'Eh9FXypLha', 'bfYFhJqVht', 'LDFFOkPyo5', 'y3gFma7FaU', 'sMFFaU52HR', 'fF6FW9MIiG'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, cJsmM1bbh41fVe4qCxs.cs High entropy of concatenated method names: 'ToString', 'MHuWPD7JSC', 'R0AW3yv9SL', 'eowWIdZfmj', 'RNpWDMIBfQ', 'N8uW6Ev219', 'aqdWFfSrBY', 'M5GWfV7tHb', 'qYPRPZcDAm4wHYZpfth', 'SYrKxwcH7Vs0WSAX8it'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, n1AbHOb4AASn9qP5Zkv.cs High entropy of concatenated method names: 'ENZalDLhIq', 'ynoaQbS0ym', 'KeMaLBiTmW', 'l5LavYfg9c', 'txGaCc79Ow', 'slBaiR5veS', 'VjmaTFdPTs', 'b2Xa0LMhBK', 'RSMaJCBgea', 'gq6ayOMFf1'
Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, G70LPtnkfwrBUWNJQC.cs High entropy of concatenated method names: 'ivvLODTq0', 'UXDv04SAa', 'qX8iLS0Pk', 'kIVTUhqur', 'dGkJVLE2v', 'pGiyOM85c', 'gsibitOleIfFm4VVfa', 'o4SpU9DhCktk9D9Wge', 'dFSJ6DHdFnHtIg3KwI', 'Tmbm9iLG4'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, Re1omydSctGUoJBUTr.cs High entropy of concatenated method names: 'oF0XE0lTK4', 'tj6XGTQsiw', 'vZqXd84GrD', 'FR9XrYt50S', 'jDTXUiPuYc', 'hy5Xjvfhc8', 'm87XBWHgyQ', 'K7jXK2KJsE', 'Q1MX9dfj8u', 'GsKXe4kn97'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, adeKN0qSDhwrLpRHG8.cs High entropy of concatenated method names: 'gM9PInwr4k', 'd78PDs4PdZ', 'DyiP6PO99i', 'NfTPFxu96L', 'WKVPfSmpi0', 'NgYPHo85sU', 'aXfP5FY6wY', 'hKgPqFa3HH', 'LsiP2SEwlL', 'E1YP1Nsr4H'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, K70SETcjOUOWydl3Vi.cs High entropy of concatenated method names: 'uf0O1wl0mj', 'OKuOAR7L9V', 'ToString', 'lnZODRAqv8', 'aJ8O6GVhEm', 'KD8OFXTY3n', 'Vw5Of3GMmY', 'E8sOHLUK3g', 'xo3O5UiKT0', 'CjjOqBOHoi'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, MyL9WQbPBN5pLHgCkbI.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PsIWdueJsa', 'hSHWrBtsw1', 'y6iWMpEAV3', 'tHtWcWQWAE', 'r0aWRZZGbL', 'T3GWZHaG92', 'b7IWpQyIkb'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, GP8oxI64VGuiEsQl3Q.cs High entropy of concatenated method names: 'Dispose', 'g35bNYmMlA', 'Tj1nUPXy45', 'HXOSSQxpXv', 'coKburSNuw', 'WFEbzVd4ZJ', 'ProcessDialogKey', 'UHqn4CPwtg', 'DcSnbPGQmo', 'wwLnnnGD1b'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, Nqwn7Melarenpb2IX6.cs High entropy of concatenated method names: 'QvQ5DZTDRm', 'Bil5FtuEil', 'MpN5HYC8tC', 'MdEHuViEXf', 'e36HzYS93K', 'oIL54H2hQO', 'swN5b0wm7G', 'LNH5n4jYai', 'Nhb5P8tQ0k', 'Ak753u96QL'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, IxP4DcxZUc3QqEdMfP.cs High entropy of concatenated method names: 'ApP5lLOQ3N', 'yGl5Qg44ly', 'FPy5LhdrMZ', 'bll5vT9Lns', 'GI45CYYYpd', 'Be95i9kKsI', 'iXW5TnhJGV', 'kI250GONrs', 'Tof5JAcgU0', 'xPf5yqsEnk'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, kESCURzqi2SloBB49j.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JHKao0jhNc', 'RfqaXvNrwK', 'l6Sahlu5tP', 'aEraOqWxbd', 'juUamoAZKT', 'hkPaammi7G', 'zKQaWMC4sf'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, cGD1bju1VOVDr5g9UU.cs High entropy of concatenated method names: 'lfJab8LxR6', 'k1FaPns2II', 'Ihra3DwrJh', 'iIoaDPaskM', 'TLOa6GybSv', 'o5Jaf77di1', 'B8JaHOFEZ0', 'dZOmpJmFJi', 'pnSm7csINt', 'MramNe0jWA'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, oKrSNu7w7FEVd4ZJRH.cs High entropy of concatenated method names: 'Vx1mDHcWjr', 'v5em6o5I3w', 'iFFmFIx85b', 'lDRmfe5hmH', 'vZamHrknPF', 'dRJm5drGxL', 'PZbmqq044j', 'a4Cm2knbie', 'Nd0m1RE0Wf', 'zosmAd87sS'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, cTckQWytkSX4SW88bk.cs High entropy of concatenated method names: 'q9GfC9qvIO', 'soZfTTnSag', 'wP2FjXdapm', 'EHfFB2BDaq', 'mVLFK1tNC9', 'GV1F9kZX9n', 'AA0FeIUplk', 'gjwF8krIXt', 'WEpFxLPNwO', 'b37FEjYLMO'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, t46aQgU4PkBHV7amt9.cs High entropy of concatenated method names: 'VaavotbZctiRlC12Z5q', 's5Xx9XbM2YNCF1wHGtP', 'lbZHmwgEOC', 'FJDHap79A0', 'U7QHWOunhM', 'vQYvETbP8dsKV46xesf', 'QHNMmkbLV0SKbCKSJon'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, V4xNdPZPVblcHfeyJp.cs High entropy of concatenated method names: 'z6oO7LiLhn', 'v3GOu0FJme', 'Jvnm4QLLeg', 'TjCmb5Uy4p', 'gaPOVOXXX6', 'DKpOGUwdQP', 'qfGOs237wJ', 'EHwOdrbEMb', 'jHNOrXaLWp', 'u0iOMuCuyI'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, AhqsMis2eqf6v1KUZp.cs High entropy of concatenated method names: 'Etgo0F4o8C', 'lOQoJd8NLD', 'RCmowmE1lL', 'FjQoURm7dT', 'K56oBxgioB', 'o9NoKSCuLG', 'bvXoehAq2y', 'VP4o8nAjtG', 'enyoE2s91Q', 'lU9oVnQ7xY'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, nk7v2hwfmx0qv2PaRH.cs High entropy of concatenated method names: 'G9RHIBT9QJ', 'T3FH6weUL5', 'q4dHf3gxie', 'jBmH5EhCdr', 'WIlHq6Hqt5', 'VNBfRVVCur', 'FMxfZNqIFv', 'L5BfpBABsd', 'F1Df7yIcbN', 'jKYfN7Y2ja'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, mGaZqb0uhBVCNQDgWe.cs High entropy of concatenated method names: 'v856djA5XX', 'Cph6rd429i', 'afa6MCiAhh', 'dFi6cTdeeR', 'htd6R1AARq', 'yh86ZB91DR', 'DYh6pS1olK', 'YGr67MYhCA', 'V7x6NMmFb9', 'q6t6ufNNxT'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, cpYI863Frku2NWsY9W.cs High entropy of concatenated method names: 'kxAb5GaZqb', 'YhBbqVCNQD', 'wOub15ud8W', 'qyJbAbPTck', 's88bXbkok7', 'A2hbhfmx0q', 'XaVnv1t55qIhwt3yin', 'Ot71uIBr6IH1n93od3', 'IQabbLXZEc', 'hGxbPpd9Ck'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, kCPwtgNTcSPGQmokwL.cs High entropy of concatenated method names: 'DgMmwNpmbv', 'ymvmUuiyuH', 'LixmjZaba6', 'io0mBdWoFD', 'BoHmdO94eC', 'PVomKZVVKD', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, faTxQkJOu5ud8WOyJb.cs High entropy of concatenated method names: 'TmSFvtcSty', 'xXsFiEoO9u', 'j9LF0qZQvj', 'BPXFJR0j2k', 'Eh9FXypLha', 'bfYFhJqVht', 'LDFFOkPyo5', 'y3gFma7FaU', 'sMFFaU52HR', 'fF6FW9MIiG'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, cJsmM1bbh41fVe4qCxs.cs High entropy of concatenated method names: 'ToString', 'MHuWPD7JSC', 'R0AW3yv9SL', 'eowWIdZfmj', 'RNpWDMIBfQ', 'N8uW6Ev219', 'aqdWFfSrBY', 'M5GWfV7tHb', 'qYPRPZcDAm4wHYZpfth', 'SYrKxwcH7Vs0WSAX8it'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, n1AbHOb4AASn9qP5Zkv.cs High entropy of concatenated method names: 'ENZalDLhIq', 'ynoaQbS0ym', 'KeMaLBiTmW', 'l5LavYfg9c', 'txGaCc79Ow', 'slBaiR5veS', 'VjmaTFdPTs', 'b2Xa0LMhBK', 'RSMaJCBgea', 'gq6ayOMFf1'
Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, G70LPtnkfwrBUWNJQC.cs High entropy of concatenated method names: 'ivvLODTq0', 'UXDv04SAa', 'qX8iLS0Pk', 'kIVTUhqur', 'dGkJVLE2v', 'pGiyOM85c', 'gsibitOleIfFm4VVfa', 'o4SpU9DhCktk9D9Wge', 'dFSJ6DHdFnHtIg3KwI', 'Tmbm9iLG4'
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: SPA-198-2024.exe PID: 6228, type: MEMORYSTR
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory allocated: EA0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory allocated: 2970000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory allocated: 27A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory allocated: 88F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory allocated: 6DF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory allocated: 98F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory allocated: A8F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory allocated: B350000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory allocated: C350000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AED1C0 rdtsc 3_2_01AED1C0
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\SPA-198-2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SPA-198-2024.exe API coverage: 0.7 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\SPA-198-2024.exe TID: 5768 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe TID: 5140 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AED1C0 rdtsc 3_2_01AED1C0
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_00417563 LdrLoadDll, 3_2_00417563
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B211A4 mov eax, dword ptr fs:[00000030h] 3_2_01B211A4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B211A4 mov eax, dword ptr fs:[00000030h] 3_2_01B211A4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B211A4 mov eax, dword ptr fs:[00000030h] 3_2_01B211A4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B211A4 mov eax, dword ptr fs:[00000030h] 3_2_01B211A4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8B1B0 mov eax, dword ptr fs:[00000030h] 3_2_01A8B1B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB0185 mov eax, dword ptr fs:[00000030h] 3_2_01AB0185
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF019F mov eax, dword ptr fs:[00000030h] 3_2_01AF019F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF019F mov eax, dword ptr fs:[00000030h] 3_2_01AF019F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF019F mov eax, dword ptr fs:[00000030h] 3_2_01AF019F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF019F mov eax, dword ptr fs:[00000030h] 3_2_01AF019F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6A197 mov eax, dword ptr fs:[00000030h] 3_2_01A6A197
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6A197 mov eax, dword ptr fs:[00000030h] 3_2_01A6A197
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6A197 mov eax, dword ptr fs:[00000030h] 3_2_01A6A197
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2C188 mov eax, dword ptr fs:[00000030h] 3_2_01B2C188
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2C188 mov eax, dword ptr fs:[00000030h] 3_2_01B2C188
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AC7190 mov eax, dword ptr fs:[00000030h] 3_2_01AC7190
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h] 3_2_01A951EF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B171F9 mov esi, dword ptr fs:[00000030h] 3_2_01B171F9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A751ED mov eax, dword ptr fs:[00000030h] 3_2_01A751ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B461E5 mov eax, dword ptr fs:[00000030h] 3_2_01B461E5
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA01F8 mov eax, dword ptr fs:[00000030h] 3_2_01AA01F8
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B361C3 mov eax, dword ptr fs:[00000030h] 3_2_01B361C3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B361C3 mov eax, dword ptr fs:[00000030h] 3_2_01B361C3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAD1D0 mov eax, dword ptr fs:[00000030h] 3_2_01AAD1D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAD1D0 mov ecx, dword ptr fs:[00000030h] 3_2_01AAD1D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AEE1D0 mov eax, dword ptr fs:[00000030h] 3_2_01AEE1D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AEE1D0 mov eax, dword ptr fs:[00000030h] 3_2_01AEE1D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AEE1D0 mov ecx, dword ptr fs:[00000030h] 3_2_01AEE1D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AEE1D0 mov eax, dword ptr fs:[00000030h] 3_2_01AEE1D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AEE1D0 mov eax, dword ptr fs:[00000030h] 3_2_01AEE1D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B451CB mov eax, dword ptr fs:[00000030h] 3_2_01B451CB
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA0124 mov eax, dword ptr fs:[00000030h] 3_2_01AA0124
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6B136 mov eax, dword ptr fs:[00000030h] 3_2_01A6B136
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6B136 mov eax, dword ptr fs:[00000030h] 3_2_01A6B136
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6B136 mov eax, dword ptr fs:[00000030h] 3_2_01A6B136
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6B136 mov eax, dword ptr fs:[00000030h] 3_2_01A6B136
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A71131 mov eax, dword ptr fs:[00000030h] 3_2_01A71131
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A71131 mov eax, dword ptr fs:[00000030h] 3_2_01A71131
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B30115 mov eax, dword ptr fs:[00000030h] 3_2_01B30115
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1A118 mov ecx, dword ptr fs:[00000030h] 3_2_01B1A118
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1A118 mov eax, dword ptr fs:[00000030h] 3_2_01B1A118
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1A118 mov eax, dword ptr fs:[00000030h] 3_2_01B1A118
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1A118 mov eax, dword ptr fs:[00000030h] 3_2_01B1A118
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B09179 mov eax, dword ptr fs:[00000030h] 3_2_01B09179
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h] 3_2_01A6F172
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B45152 mov eax, dword ptr fs:[00000030h] 3_2_01B45152
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B08158 mov eax, dword ptr fs:[00000030h] 3_2_01B08158
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A69148 mov eax, dword ptr fs:[00000030h] 3_2_01A69148
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A69148 mov eax, dword ptr fs:[00000030h] 3_2_01A69148
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A69148 mov eax, dword ptr fs:[00000030h] 3_2_01A69148
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A69148 mov eax, dword ptr fs:[00000030h] 3_2_01A69148
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6C156 mov eax, dword ptr fs:[00000030h] 3_2_01A6C156
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B03140 mov eax, dword ptr fs:[00000030h] 3_2_01B03140
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B03140 mov eax, dword ptr fs:[00000030h] 3_2_01B03140
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B03140 mov eax, dword ptr fs:[00000030h] 3_2_01B03140
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A76154 mov eax, dword ptr fs:[00000030h] 3_2_01A76154
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A76154 mov eax, dword ptr fs:[00000030h] 3_2_01A76154
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B04144 mov eax, dword ptr fs:[00000030h] 3_2_01B04144
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B04144 mov eax, dword ptr fs:[00000030h] 3_2_01B04144
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B04144 mov ecx, dword ptr fs:[00000030h] 3_2_01B04144
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B04144 mov eax, dword ptr fs:[00000030h] 3_2_01B04144
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B04144 mov eax, dword ptr fs:[00000030h] 3_2_01B04144
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A77152 mov eax, dword ptr fs:[00000030h] 3_2_01A77152
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B360B8 mov eax, dword ptr fs:[00000030h] 3_2_01B360B8
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B360B8 mov ecx, dword ptr fs:[00000030h] 3_2_01B360B8
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B080A8 mov eax, dword ptr fs:[00000030h] 3_2_01B080A8
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6D08D mov eax, dword ptr fs:[00000030h] 3_2_01A6D08D
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7208A mov eax, dword ptr fs:[00000030h] 3_2_01A7208A
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AFD080 mov eax, dword ptr fs:[00000030h] 3_2_01AFD080
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AFD080 mov eax, dword ptr fs:[00000030h] 3_2_01AFD080
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A75096 mov eax, dword ptr fs:[00000030h] 3_2_01A75096
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA909C mov eax, dword ptr fs:[00000030h] 3_2_01AA909C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9D090 mov eax, dword ptr fs:[00000030h] 3_2_01A9D090
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9D090 mov eax, dword ptr fs:[00000030h] 3_2_01A9D090
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6A0E3 mov ecx, dword ptr fs:[00000030h] 3_2_01A6A0E3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A950E4 mov eax, dword ptr fs:[00000030h] 3_2_01A950E4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A950E4 mov ecx, dword ptr fs:[00000030h] 3_2_01A950E4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A780E9 mov eax, dword ptr fs:[00000030h] 3_2_01A780E9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF60E0 mov eax, dword ptr fs:[00000030h] 3_2_01AF60E0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6C0F0 mov eax, dword ptr fs:[00000030h] 3_2_01A6C0F0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB20F0 mov ecx, dword ptr fs:[00000030h] 3_2_01AB20F0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov ecx, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov ecx, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov ecx, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov ecx, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h] 3_2_01A870C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B450D9 mov eax, dword ptr fs:[00000030h] 3_2_01B450D9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AED0C0 mov eax, dword ptr fs:[00000030h] 3_2_01AED0C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AED0C0 mov eax, dword ptr fs:[00000030h] 3_2_01AED0C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF20DE mov eax, dword ptr fs:[00000030h] 3_2_01AF20DE
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A990DB mov eax, dword ptr fs:[00000030h] 3_2_01A990DB
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6A020 mov eax, dword ptr fs:[00000030h] 3_2_01A6A020
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6C020 mov eax, dword ptr fs:[00000030h] 3_2_01A6C020
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3903E mov eax, dword ptr fs:[00000030h] 3_2_01B3903E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3903E mov eax, dword ptr fs:[00000030h] 3_2_01B3903E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3903E mov eax, dword ptr fs:[00000030h] 3_2_01B3903E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3903E mov eax, dword ptr fs:[00000030h] 3_2_01B3903E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF4000 mov ecx, dword ptr fs:[00000030h] 3_2_01AF4000
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8E016 mov eax, dword ptr fs:[00000030h] 3_2_01A8E016
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8E016 mov eax, dword ptr fs:[00000030h] 3_2_01A8E016
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8E016 mov eax, dword ptr fs:[00000030h] 3_2_01A8E016
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8E016 mov eax, dword ptr fs:[00000030h] 3_2_01A8E016
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF106E mov eax, dword ptr fs:[00000030h] 3_2_01AF106E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B45060 mov eax, dword ptr fs:[00000030h] 3_2_01B45060
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov ecx, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h] 3_2_01A81070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9C073 mov eax, dword ptr fs:[00000030h] 3_2_01A9C073
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AED070 mov ecx, dword ptr fs:[00000030h] 3_2_01AED070
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1705E mov ebx, dword ptr fs:[00000030h] 3_2_01B1705E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1705E mov eax, dword ptr fs:[00000030h] 3_2_01B1705E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A72050 mov eax, dword ptr fs:[00000030h] 3_2_01A72050
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9B052 mov eax, dword ptr fs:[00000030h] 3_2_01A9B052
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF6050 mov eax, dword ptr fs:[00000030h] 3_2_01AF6050
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA33A0 mov eax, dword ptr fs:[00000030h] 3_2_01AA33A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA33A0 mov eax, dword ptr fs:[00000030h] 3_2_01AA33A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A933A5 mov eax, dword ptr fs:[00000030h] 3_2_01A933A5
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9438F mov eax, dword ptr fs:[00000030h] 3_2_01A9438F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9438F mov eax, dword ptr fs:[00000030h] 3_2_01A9438F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B4539D mov eax, dword ptr fs:[00000030h] 3_2_01B4539D
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6E388 mov eax, dword ptr fs:[00000030h] 3_2_01A6E388
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6E388 mov eax, dword ptr fs:[00000030h] 3_2_01A6E388
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6E388 mov eax, dword ptr fs:[00000030h] 3_2_01A6E388
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A68397 mov eax, dword ptr fs:[00000030h] 3_2_01A68397
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A68397 mov eax, dword ptr fs:[00000030h] 3_2_01A68397
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A68397 mov eax, dword ptr fs:[00000030h] 3_2_01A68397
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AC739A mov eax, dword ptr fs:[00000030h] 3_2_01AC739A
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AC739A mov eax, dword ptr fs:[00000030h] 3_2_01AC739A
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h] 3_2_01A803E9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h] 3_2_01A803E9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h] 3_2_01A803E9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h] 3_2_01A803E9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h] 3_2_01A803E9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h] 3_2_01A803E9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h] 3_2_01A803E9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h] 3_2_01A803E9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B453FC mov eax, dword ptr fs:[00000030h] 3_2_01B453FC
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2F3E6 mov eax, dword ptr fs:[00000030h] 3_2_01B2F3E6
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA63FF mov eax, dword ptr fs:[00000030h] 3_2_01AA63FF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8E3F0 mov eax, dword ptr fs:[00000030h] 3_2_01A8E3F0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8E3F0 mov eax, dword ptr fs:[00000030h] 3_2_01A8E3F0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8E3F0 mov eax, dword ptr fs:[00000030h] 3_2_01A8E3F0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2B3D0 mov ecx, dword ptr fs:[00000030h] 3_2_01B2B3D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_01A7A3C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_01A7A3C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_01A7A3C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_01A7A3C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_01A7A3C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h] 3_2_01A7A3C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A783C0 mov eax, dword ptr fs:[00000030h] 3_2_01A783C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A783C0 mov eax, dword ptr fs:[00000030h] 3_2_01A783C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A783C0 mov eax, dword ptr fs:[00000030h] 3_2_01A783C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A783C0 mov eax, dword ptr fs:[00000030h] 3_2_01A783C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF63C0 mov eax, dword ptr fs:[00000030h] 3_2_01AF63C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2C3CD mov eax, dword ptr fs:[00000030h] 3_2_01B2C3CD
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F32A mov eax, dword ptr fs:[00000030h] 3_2_01A9F32A
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A67330 mov eax, dword ptr fs:[00000030h] 3_2_01A67330
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3132D mov eax, dword ptr fs:[00000030h] 3_2_01B3132D
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3132D mov eax, dword ptr fs:[00000030h] 3_2_01B3132D
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAA30B mov eax, dword ptr fs:[00000030h] 3_2_01AAA30B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAA30B mov eax, dword ptr fs:[00000030h] 3_2_01AAA30B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAA30B mov eax, dword ptr fs:[00000030h] 3_2_01AAA30B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF930B mov eax, dword ptr fs:[00000030h] 3_2_01AF930B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF930B mov eax, dword ptr fs:[00000030h] 3_2_01AF930B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF930B mov eax, dword ptr fs:[00000030h] 3_2_01AF930B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6C310 mov ecx, dword ptr fs:[00000030h] 3_2_01A6C310
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A90310 mov ecx, dword ptr fs:[00000030h] 3_2_01A90310
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1437C mov eax, dword ptr fs:[00000030h] 3_2_01B1437C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2F367 mov eax, dword ptr fs:[00000030h] 3_2_01B2F367
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A77370 mov eax, dword ptr fs:[00000030h] 3_2_01A77370
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A77370 mov eax, dword ptr fs:[00000030h] 3_2_01A77370
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A77370 mov eax, dword ptr fs:[00000030h] 3_2_01A77370
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3A352 mov eax, dword ptr fs:[00000030h] 3_2_01B3A352
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h] 3_2_01AF2349
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6D34C mov eax, dword ptr fs:[00000030h] 3_2_01A6D34C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6D34C mov eax, dword ptr fs:[00000030h] 3_2_01A6D34C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF035C mov eax, dword ptr fs:[00000030h] 3_2_01AF035C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF035C mov eax, dword ptr fs:[00000030h] 3_2_01AF035C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF035C mov eax, dword ptr fs:[00000030h] 3_2_01AF035C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF035C mov ecx, dword ptr fs:[00000030h] 3_2_01AF035C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF035C mov eax, dword ptr fs:[00000030h] 3_2_01AF035C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF035C mov eax, dword ptr fs:[00000030h] 3_2_01AF035C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B45341 mov eax, dword ptr fs:[00000030h] 3_2_01B45341
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A69353 mov eax, dword ptr fs:[00000030h] 3_2_01A69353
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A69353 mov eax, dword ptr fs:[00000030h] 3_2_01A69353
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A852A0 mov eax, dword ptr fs:[00000030h] 3_2_01A852A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A852A0 mov eax, dword ptr fs:[00000030h] 3_2_01A852A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A852A0 mov eax, dword ptr fs:[00000030h] 3_2_01A852A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A852A0 mov eax, dword ptr fs:[00000030h] 3_2_01A852A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B072A0 mov eax, dword ptr fs:[00000030h] 3_2_01B072A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B072A0 mov eax, dword ptr fs:[00000030h] 3_2_01B072A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B062A0 mov eax, dword ptr fs:[00000030h] 3_2_01B062A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B062A0 mov ecx, dword ptr fs:[00000030h] 3_2_01B062A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B062A0 mov eax, dword ptr fs:[00000030h] 3_2_01B062A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B062A0 mov eax, dword ptr fs:[00000030h] 3_2_01B062A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B062A0 mov eax, dword ptr fs:[00000030h] 3_2_01B062A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B062A0 mov eax, dword ptr fs:[00000030h] 3_2_01B062A0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF92BC mov eax, dword ptr fs:[00000030h] 3_2_01AF92BC
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF92BC mov eax, dword ptr fs:[00000030h] 3_2_01AF92BC
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF92BC mov ecx, dword ptr fs:[00000030h] 3_2_01AF92BC
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF92BC mov ecx, dword ptr fs:[00000030h] 3_2_01AF92BC
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B392A6 mov eax, dword ptr fs:[00000030h] 3_2_01B392A6
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B392A6 mov eax, dword ptr fs:[00000030h] 3_2_01B392A6
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B392A6 mov eax, dword ptr fs:[00000030h] 3_2_01B392A6
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B392A6 mov eax, dword ptr fs:[00000030h] 3_2_01B392A6
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF0283 mov eax, dword ptr fs:[00000030h] 3_2_01AF0283
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF0283 mov eax, dword ptr fs:[00000030h] 3_2_01AF0283
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF0283 mov eax, dword ptr fs:[00000030h] 3_2_01AF0283
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAE284 mov eax, dword ptr fs:[00000030h] 3_2_01AAE284
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAE284 mov eax, dword ptr fs:[00000030h] 3_2_01AAE284
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA329E mov eax, dword ptr fs:[00000030h] 3_2_01AA329E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA329E mov eax, dword ptr fs:[00000030h] 3_2_01AA329E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B45283 mov eax, dword ptr fs:[00000030h] 3_2_01B45283
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A802E1 mov eax, dword ptr fs:[00000030h] 3_2_01A802E1
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A802E1 mov eax, dword ptr fs:[00000030h] 3_2_01A802E1
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A802E1 mov eax, dword ptr fs:[00000030h] 3_2_01A802E1
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2F2F8 mov eax, dword ptr fs:[00000030h] 3_2_01B2F2F8
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B452E2 mov eax, dword ptr fs:[00000030h] 3_2_01B452E2
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A692FF mov eax, dword ptr fs:[00000030h] 3_2_01A692FF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h] 3_2_01B212ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A792C5 mov eax, dword ptr fs:[00000030h] 3_2_01A792C5
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A792C5 mov eax, dword ptr fs:[00000030h] 3_2_01A792C5
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A2C3 mov eax, dword ptr fs:[00000030h] 3_2_01A7A2C3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A2C3 mov eax, dword ptr fs:[00000030h] 3_2_01A7A2C3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A2C3 mov eax, dword ptr fs:[00000030h] 3_2_01A7A2C3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A2C3 mov eax, dword ptr fs:[00000030h] 3_2_01A7A2C3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7A2C3 mov eax, dword ptr fs:[00000030h] 3_2_01A7A2C3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A9B2C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A9B2C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A9B2C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A9B2C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A9B2C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A9B2C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A9B2C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6B2D3 mov eax, dword ptr fs:[00000030h] 3_2_01A6B2D3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6B2D3 mov eax, dword ptr fs:[00000030h] 3_2_01A6B2D3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6B2D3 mov eax, dword ptr fs:[00000030h] 3_2_01A6B2D3
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F2D0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F2D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F2D0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F2D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B45227 mov eax, dword ptr fs:[00000030h] 3_2_01B45227
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6823B mov eax, dword ptr fs:[00000030h] 3_2_01A6823B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA7208 mov eax, dword ptr fs:[00000030h] 3_2_01AA7208
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA7208 mov eax, dword ptr fs:[00000030h] 3_2_01AA7208
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h] 3_2_01B20274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A74260 mov eax, dword ptr fs:[00000030h] 3_2_01A74260
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A74260 mov eax, dword ptr fs:[00000030h] 3_2_01A74260
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A74260 mov eax, dword ptr fs:[00000030h] 3_2_01A74260
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6826B mov eax, dword ptr fs:[00000030h] 3_2_01A6826B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3D26B mov eax, dword ptr fs:[00000030h] 3_2_01B3D26B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B3D26B mov eax, dword ptr fs:[00000030h] 3_2_01B3D26B
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB1270 mov eax, dword ptr fs:[00000030h] 3_2_01AB1270
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AB1270 mov eax, dword ptr fs:[00000030h] 3_2_01AB1270
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A99274 mov eax, dword ptr fs:[00000030h] 3_2_01A99274
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2B256 mov eax, dword ptr fs:[00000030h] 3_2_01B2B256
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2B256 mov eax, dword ptr fs:[00000030h] 3_2_01B2B256
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A69240 mov eax, dword ptr fs:[00000030h] 3_2_01A69240
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A69240 mov eax, dword ptr fs:[00000030h] 3_2_01A69240
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA724D mov eax, dword ptr fs:[00000030h] 3_2_01AA724D
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF8243 mov eax, dword ptr fs:[00000030h] 3_2_01AF8243
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF8243 mov ecx, dword ptr fs:[00000030h] 3_2_01AF8243
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6A250 mov eax, dword ptr fs:[00000030h] 3_2_01A6A250
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A76259 mov eax, dword ptr fs:[00000030h] 3_2_01A76259
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AFD250 mov ecx, dword ptr fs:[00000030h] 3_2_01AFD250
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915A9 mov eax, dword ptr fs:[00000030h] 3_2_01A915A9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915A9 mov eax, dword ptr fs:[00000030h] 3_2_01A915A9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915A9 mov eax, dword ptr fs:[00000030h] 3_2_01A915A9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915A9 mov eax, dword ptr fs:[00000030h] 3_2_01A915A9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915A9 mov eax, dword ptr fs:[00000030h] 3_2_01A915A9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF05A7 mov eax, dword ptr fs:[00000030h] 3_2_01AF05A7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF05A7 mov eax, dword ptr fs:[00000030h] 3_2_01AF05A7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF05A7 mov eax, dword ptr fs:[00000030h] 3_2_01AF05A7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B035BA mov eax, dword ptr fs:[00000030h] 3_2_01B035BA
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B035BA mov eax, dword ptr fs:[00000030h] 3_2_01B035BA
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B035BA mov eax, dword ptr fs:[00000030h] 3_2_01B035BA
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B035BA mov eax, dword ptr fs:[00000030h] 3_2_01B035BA
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2F5BE mov eax, dword ptr fs:[00000030h] 3_2_01B2F5BE
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A945B1 mov eax, dword ptr fs:[00000030h] 3_2_01A945B1
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A945B1 mov eax, dword ptr fs:[00000030h] 3_2_01A945B1
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F5B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F5B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F5B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F5B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F5B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F5B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F5B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F5B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A9F5B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA4588 mov eax, dword ptr fs:[00000030h] 3_2_01AA4588
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A72582 mov eax, dword ptr fs:[00000030h] 3_2_01A72582
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A72582 mov ecx, dword ptr fs:[00000030h] 3_2_01A72582
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6758F mov eax, dword ptr fs:[00000030h] 3_2_01A6758F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6758F mov eax, dword ptr fs:[00000030h] 3_2_01A6758F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6758F mov eax, dword ptr fs:[00000030h] 3_2_01A6758F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAE59C mov eax, dword ptr fs:[00000030h] 3_2_01AAE59C
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AFB594 mov eax, dword ptr fs:[00000030h] 3_2_01AFB594
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AFB594 mov eax, dword ptr fs:[00000030h] 3_2_01AFB594
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAC5ED mov eax, dword ptr fs:[00000030h] 3_2_01AAC5ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAC5ED mov eax, dword ptr fs:[00000030h] 3_2_01AAC5ED
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A725E0 mov eax, dword ptr fs:[00000030h] 3_2_01A725E0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A9E5E7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A9E5E7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A9E5E7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A9E5E7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A9E5E7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A9E5E7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A9E5E7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A9E5E7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h] 3_2_01A915F4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h] 3_2_01A915F4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h] 3_2_01A915F4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h] 3_2_01A915F4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h] 3_2_01A915F4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h] 3_2_01A915F4
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B435D7 mov eax, dword ptr fs:[00000030h] 3_2_01B435D7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B435D7 mov eax, dword ptr fs:[00000030h] 3_2_01B435D7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B435D7 mov eax, dword ptr fs:[00000030h] 3_2_01B435D7
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAE5CF mov eax, dword ptr fs:[00000030h] 3_2_01AAE5CF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAE5CF mov eax, dword ptr fs:[00000030h] 3_2_01AAE5CF
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA55C0 mov eax, dword ptr fs:[00000030h] 3_2_01AA55C0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A995DA mov eax, dword ptr fs:[00000030h] 3_2_01A995DA
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A765D0 mov eax, dword ptr fs:[00000030h] 3_2_01A765D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAA5D0 mov eax, dword ptr fs:[00000030h] 3_2_01AAA5D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAA5D0 mov eax, dword ptr fs:[00000030h] 3_2_01AAA5D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B455C9 mov eax, dword ptr fs:[00000030h] 3_2_01B455C9
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AED5D0 mov eax, dword ptr fs:[00000030h] 3_2_01AED5D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AED5D0 mov ecx, dword ptr fs:[00000030h] 3_2_01AED5D0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B45537 mov eax, dword ptr fs:[00000030h] 3_2_01B45537
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h] 3_2_01A7D534
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h] 3_2_01A7D534
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h] 3_2_01A7D534
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h] 3_2_01A7D534
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h] 3_2_01A7D534
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h] 3_2_01A7D534
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h] 3_2_01B1F525
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h] 3_2_01B1F525
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h] 3_2_01B1F525
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h] 3_2_01B1F525
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h] 3_2_01B1F525
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h] 3_2_01B1F525
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h] 3_2_01B1F525
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E53E mov eax, dword ptr fs:[00000030h] 3_2_01A9E53E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E53E mov eax, dword ptr fs:[00000030h] 3_2_01A9E53E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E53E mov eax, dword ptr fs:[00000030h] 3_2_01A9E53E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E53E mov eax, dword ptr fs:[00000030h] 3_2_01A9E53E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9E53E mov eax, dword ptr fs:[00000030h] 3_2_01A9E53E
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAD530 mov eax, dword ptr fs:[00000030h] 3_2_01AAD530
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAD530 mov eax, dword ptr fs:[00000030h] 3_2_01AAD530
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B2B52F mov eax, dword ptr fs:[00000030h] 3_2_01B2B52F
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h] 3_2_01A80535
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h] 3_2_01A80535
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h] 3_2_01A80535
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h] 3_2_01A80535
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h] 3_2_01A80535
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h] 3_2_01A80535
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA7505 mov eax, dword ptr fs:[00000030h] 3_2_01AA7505
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA7505 mov ecx, dword ptr fs:[00000030h] 3_2_01AA7505
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h] 3_2_01B44500
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h] 3_2_01B44500
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h] 3_2_01B44500
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h] 3_2_01B44500
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h] 3_2_01B44500
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h] 3_2_01B44500
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h] 3_2_01B44500
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA656A mov eax, dword ptr fs:[00000030h] 3_2_01AA656A
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA656A mov eax, dword ptr fs:[00000030h] 3_2_01AA656A
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA656A mov eax, dword ptr fs:[00000030h] 3_2_01AA656A
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6B562 mov eax, dword ptr fs:[00000030h] 3_2_01A6B562
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAB570 mov eax, dword ptr fs:[00000030h] 3_2_01AAB570
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAB570 mov eax, dword ptr fs:[00000030h] 3_2_01AAB570
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A78550 mov eax, dword ptr fs:[00000030h] 3_2_01A78550
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A78550 mov eax, dword ptr fs:[00000030h] 3_2_01A78550
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A764AB mov eax, dword ptr fs:[00000030h] 3_2_01A764AB
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA34B0 mov eax, dword ptr fs:[00000030h] 3_2_01AA34B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA44B0 mov ecx, dword ptr fs:[00000030h] 3_2_01AA44B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AFA4B0 mov eax, dword ptr fs:[00000030h] 3_2_01AFA4B0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A79486 mov eax, dword ptr fs:[00000030h] 3_2_01A79486
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A79486 mov eax, dword ptr fs:[00000030h] 3_2_01A79486
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6B480 mov eax, dword ptr fs:[00000030h] 3_2_01A6B480
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A704E5 mov ecx, dword ptr fs:[00000030h] 3_2_01A704E5
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B194E0 mov eax, dword ptr fs:[00000030h] 3_2_01B194E0
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01B454DB mov eax, dword ptr fs:[00000030h] 3_2_01B454DB
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6C427 mov eax, dword ptr fs:[00000030h] 3_2_01A6C427
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6E420 mov eax, dword ptr fs:[00000030h] 3_2_01A6E420
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6E420 mov eax, dword ptr fs:[00000030h] 3_2_01A6E420
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A6E420 mov eax, dword ptr fs:[00000030h] 3_2_01A6E420
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h] 3_2_01AF6420
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h] 3_2_01AF6420
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h] 3_2_01AF6420
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h] 3_2_01AF6420
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h] 3_2_01AF6420
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h] 3_2_01AF6420
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h] 3_2_01AF6420
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AAA430 mov eax, dword ptr fs:[00000030h] 3_2_01AAA430
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A9340D mov eax, dword ptr fs:[00000030h] 3_2_01A9340D
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA8402 mov eax, dword ptr fs:[00000030h] 3_2_01AA8402
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA8402 mov eax, dword ptr fs:[00000030h] 3_2_01AA8402
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AA8402 mov eax, dword ptr fs:[00000030h] 3_2_01AA8402
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01AF7410 mov eax, dword ptr fs:[00000030h] 3_2_01AF7410
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A71460 mov eax, dword ptr fs:[00000030h] 3_2_01A71460
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A71460 mov eax, dword ptr fs:[00000030h] 3_2_01A71460
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A71460 mov eax, dword ptr fs:[00000030h] 3_2_01A71460
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A71460 mov eax, dword ptr fs:[00000030h] 3_2_01A71460
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A71460 mov eax, dword ptr fs:[00000030h] 3_2_01A71460
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8F460 mov eax, dword ptr fs:[00000030h] 3_2_01A8F460
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8F460 mov eax, dword ptr fs:[00000030h] 3_2_01A8F460
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8F460 mov eax, dword ptr fs:[00000030h] 3_2_01A8F460
Source: C:\Users\user\Desktop\SPA-198-2024.exe Code function: 3_2_01A8F460 mov eax, dword ptr fs:[00000030h] 3_2_01A8F460
Enables debug privileges
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\SPA-198-2024.exe Memory written: C:\Users\user\Desktop\SPA-198-2024.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SPA-198-2024.exe Process created: C:\Users\user\Desktop\SPA-198-2024.exe "C:\Users\user\Desktop\SPA-198-2024.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\SPA-198-2024.exe Queries volume information: C:\Users\user\Desktop\SPA-198-2024.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\SPA-198-2024.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.SPA-198-2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.SPA-198-2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2284492644.0000000001D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.SPA-198-2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.SPA-198-2024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2284492644.0000000001D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1544859 Sample: SPA-198-2024.exe Startdate: 29/10/2024 Architecture: WINDOWS Score: 80 14 Multi AV Scanner detection for submitted file 2->14 16 Yara detected FormBook 2->16 18 Yara detected AntiVM3 2->18 20 3 other signatures 2->20 6 SPA-198-2024.exe 3 2->6         started        process3 file4 12 C:\Users\user\...\SPA-198-2024.exe.log, ASCII 6->12 dropped 22 Injects a PE file into a foreign processes 6->22 10 SPA-198-2024.exe 6->10         started        signatures5 process6
No contacted IP infos