Windows Analysis Report
NjjLYnPSZr.exe

Overview

General Information

Sample name: NjjLYnPSZr.exe
renamed because original name is a hash value
Original sample name: 2fc1d7f69545d2931aa3f9ce5f9cb5e038027f20200e9b416befea7465413f32.exe
Analysis ID: 1530786
MD5: 8a6aa375bc5ca6ea45711462189103cb
SHA1: dfd00591e07f55a69cb29ffdba5af54bd1a4e3ea
SHA256: 2fc1d7f69545d2931aa3f9ce5f9cb5e038027f20200e9b416befea7465413f32
Tags: exeuser-adrian__luca
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: NjjLYnPSZr.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: NjjLYnPSZr.exe ReversingLabs: Detection: 60%
Yara detected FormBook
Source: Yara match File source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: NjjLYnPSZr.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: NjjLYnPSZr.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: NjjLYnPSZr.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: compact.pdbGCTL source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.000000000091D000.00000004.00000020.00020000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000002.3604055024.0000000001108000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XFLTednCZUTqje.exe, 00000002.00000000.1894942549.0000000000B6E000.00000002.00000001.01000000.00000005.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3603415797.0000000000B6E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: wntdll.pdbUGP source: NjjLYnPSZr.exe, 00000000.00000002.1971204229.000000000118E000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1879483342.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1881085129.0000000000E40000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1972841113.0000000003633000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1971132275.0000000003487000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.000000000397E000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: NjjLYnPSZr.exe, NjjLYnPSZr.exe, 00000000.00000002.1971204229.000000000118E000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1879483342.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1881085129.0000000000E40000.00000004.00000020.00020000.00000000.sdmp, compact.exe, compact.exe, 00000005.00000002.3604665421.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1972841113.0000000003633000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1971132275.0000000003487000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.000000000397E000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: compact.pdb source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.000000000091D000.00000004.00000020.00020000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000002.3604055024.0000000001108000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030FC340 FindFirstFileW,FindNextFileW,FindClose, 5_2_030FC340
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\SysWOW64\compact.exe Code function: 4x nop then xor eax, eax 5_2_030E9B10

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49738 -> 34.120.137.41:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49736 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49754 -> 34.120.137.41:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49765 -> 34.120.137.41:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49817 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49783 -> 34.120.137.41:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49922 -> 81.88.48.71:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49938 -> 81.88.48.71:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49901 -> 81.88.48.71:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49954 -> 81.88.48.71:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49833 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49860 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50038 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50022 -> 162.0.213.72:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50023 -> 162.0.213.72:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50006 -> 162.209.189.212:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50019 -> 162.209.189.212:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 84.32.84.32:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50024 -> 162.0.213.72:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49993 -> 162.209.189.212:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50035 -> 109.234.166.180:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50039 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 84.32.84.32:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 109.234.166.180:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51587 -> 118.99.50.8:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51591 -> 23.249.190.35:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49845 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50036 -> 109.234.166.180:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51588 -> 118.99.50.8:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50020 -> 162.209.189.212:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:51590 -> 118.99.50.8:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50028 -> 104.21.21.230:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50027 -> 104.21.21.230:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 104.21.21.230:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51589 -> 118.99.50.8:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 162.0.213.72:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50034 -> 109.234.166.180:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 104.21.21.230:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51592 -> 23.249.190.35:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50031 -> 84.32.84.32:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50040 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50032 -> 84.32.84.32:80
Performs DNS queries to domains with low reputation
Source: DNS query: www.beescy.xyz
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 162.0.213.72 162.0.213.72
Source: Joe Sandbox View IP Address: 84.32.84.32 84.32.84.32
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: O2SWITCHFR O2SWITCHFR
Source: Joe Sandbox View ASN Name: ACPCA ACPCA
Source: Joe Sandbox View ASN Name: CNSERVERSUS CNSERVERSUS
Source: Joe Sandbox View ASN Name: FTG-AS-APForewinTelecomGroupLimitedISPatHK FTG-AS-APForewinTelecomGroupLimitedISPatHK
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown TCP traffic detected without corresponding DNS query: 118.99.50.8
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /dcai/?Sh=JzKwzxEjjJDs1ynMHer+TNevqF7oFKk+RBNCM6w6NpGOWZMZrcBh0esk0Vp2cdNARH8NLeIYDalhXOdQ0Ma7tvgTEF7hsrDYV+tcKJvJSVI5izhoL98hwXM=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.sacidasorte.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic HTTP traffic detected: GET /o1rp/?Sh=TBsR9lfn+qQhrzhd4VN7whgaax1SSLbEYlfYc+CfPbvAogjyvhThgxnzNfioE4F1AGXhUEA9gsdduAUKMlkxrWhulp0A29FjViMz3Iaz4UFzPouUBmhdpGY=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.yosoyemy.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic HTTP traffic detected: GET /uqfz/?Sh=mcURcygGZpi8BUAEri2LzCX8yukoHIUSB9ATV0AA66/eXSD2DbYq2fDOBcTf2y0GiA7pk1o8xA7eBrRh6Cv9Vx9YWZ7NmBQtUSw3jvSSlGdRHD15Z6r2w2o=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.go2super.appAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic HTTP traffic detected: GET /3nzp/?Sh=PglkqFvbbyb87SegldF7644R50nw13706su3sEKMhHJ419d8UFlSgmN6uEUbiABfJzkrsK6wePLWTRJFKAJP15xlx/rUOqsRMQGimgyXa3wd/uL7sq2sISc=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.corverd.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic HTTP traffic detected: GET /x35b/?Sh=fVDKJz+SStMVbfQUmkYKwfd/Kz5vW54YQ3dZU+tucUYAFBvCN7d4q6mFay3q8TR2KAYtpV66b4jE73PrL/8YW0e6Mz+digafyc3ZonBVmSzoReAw1BtBLHs=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.66hc7.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic HTTP traffic detected: GET /m4qv/?Sh=P2TusARkbEgcEs+mDyMHtP9emvoSKlJZWWEgC4tjmOg8nAhT+FFe9yeelcBnkIXwjfDCMJlqRnnZfo12xo8UG7kWIL0+yfipd64llhGw+b1VwhgkmL0TKqs=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.beescy.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic HTTP traffic detected: GET /7ug6/?f6SpQ=_n84nZ4HGta&Sh=IXJECadondWQh91fX6gMxPrxehpEbK/sXgmpgogo4Iy+9wWP8KKNSUdB/sGHFOlG3Y0hTlB2s4BH9YC5SvgzHxgsSlTs6mELWZRATho00JDOVx4L12qgKBs= HTTP/1.1Host: www.personalcaresale.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic HTTP traffic detected: GET /wzoz/?Sh=Ppcgdv6DrtqpILZ3xPy0g9msApc+gUIN/EMWlKKGCKnUGKGSiYq02Q3K9hPbzriSr907/cLUuPH0KiO46gsbjuqN2MfoymjOpxTW14iCTowXcyBnLNm1v4w=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.ainude2.cloudAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic HTTP traffic detected: GET /99um/?f6SpQ=_n84nZ4HGta&Sh=sejrBqbnhxLzIpZobXocfoJh7+Ax68vpI3pksmQcQlCqcURGXTbbLy2S/SU0nQLTr9eIuSCZyPnks+fy4cbgfRvRA7W8zuFue70e+ik0nvs8B1GRgQpORnQ= HTTP/1.1Host: www.yourtech-agency.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic HTTP traffic detected: GET /qyz6/?Sh=cO/WbHS7dDlPjWOw24pePOdtBvzI7qrstwS5E88tqn3GEGw6O6zMXAiSEd+QRtw+ArL2+ZdGEPoP/wr/W49OxjdcbcDVqf77kjZAc/w1Hn9qnxIMaTPUER4=&f6SpQ=_n84nZ4HGta HTTP/1.1Host: www.mybodyradar.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic HTTP traffic detected: GET /uj7x/?f6SpQ=_n84nZ4HGta&Sh=8o7PCltX/VPHe/nsrm2GraoW3Ln6cTBZ+TiwGxPZp0XU3O8CthtWROn8w6ZbnbkTCMdEyZnAfiGuFPjlC9agdmB/YOAJ3uSjrm6gafSyJ19b8vSngBVuvZk= HTTP/1.1Host: www.zt555.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42
Source: global traffic DNS traffic detected: DNS query: www.sacidasorte.com
Source: global traffic DNS traffic detected: DNS query: www.yosoyemy.com
Source: global traffic DNS traffic detected: DNS query: www.go2super.app
Source: global traffic DNS traffic detected: DNS query: www.corverd.store
Source: global traffic DNS traffic detected: DNS query: www.66hc7.com
Source: global traffic DNS traffic detected: DNS query: www.beescy.xyz
Source: global traffic DNS traffic detected: DNS query: www.personalcaresale.shop
Source: global traffic DNS traffic detected: DNS query: www.ainude2.cloud
Source: global traffic DNS traffic detected: DNS query: www.yourtech-agency.com
Source: global traffic DNS traffic detected: DNS query: www.mybodyradar.net
Source: global traffic DNS traffic detected: DNS query: www.zt555.shop
Source: global traffic DNS traffic detected: DNS query: www.tigun.top
Source: unknown HTTP traffic detected: POST /o1rp/ HTTP/1.1Host: www.yosoyemy.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Origin: http://www.yosoyemy.comCache-Control: max-age=0Content-Length: 199Content-Type: application/x-www-form-urlencodedConnection: closeReferer: http://www.yosoyemy.com/o1rp/User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42Data Raw: 53 68 3d 65 44 45 78 2b 53 6a 57 2f 35 38 61 6a 32 31 61 68 31 59 68 2f 31 73 2f 41 67 67 46 5a 71 48 51 64 6c 6e 36 41 2b 4b 43 5a 6f 37 79 70 32 76 74 6b 6a 4c 38 74 69 50 50 53 2b 53 47 51 4b 70 70 51 68 6d 7a 51 6c 6f 2f 6c 4e 52 51 35 7a 4e 77 41 6d 74 49 6d 47 4e 63 6c 36 38 77 2b 5a 73 37 66 77 38 42 36 5a 72 54 2f 32 49 31 5a 4c 65 75 44 30 52 79 6a 41 67 71 7a 6e 6d 7a 6b 4c 44 7a 49 49 51 42 43 51 70 69 6f 41 34 57 46 6d 35 4d 4e 57 49 2b 79 37 4a 42 37 6b 34 33 44 6f 37 47 69 4f 61 57 42 76 46 43 6c 6e 48 4b 56 62 77 51 38 31 56 32 2f 4f 73 75 6c 73 63 71 41 68 38 54 6e 51 3d 3d Data Ascii: Sh=eDEx+SjW/58aj21ah1Yh/1s/AggFZqHQdln6A+KCZo7yp2vtkjL8tiPPS+SGQKppQhmzQlo/lNRQ5zNwAmtImGNcl68w+Zs7fw8B6ZrT/2I1ZLeuD0RyjAgqznmzkLDzIIQBCQpioA4WFm5MNWI+y7JB7k43Do7GiOaWBvFClnHKVbwQ81V2/OsulscqAh8TnQ==
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:46:49 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:46:52 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:46:54 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:46:57 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 6e 7a 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3nzp/ was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:17 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:19 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:22 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:24 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 16026X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SrkouYgbFSvjyNm4ghpwvDtClIQMVGiqnIP4Ibf3zogZf0fJFZ6Ld8ghu4yZ4HZMDw7An2%2BeK7Lal2ZIyGQCHGbj%2BFN2QZZTeYrZTgE4SYTlc8MLLHkxc4dDV6wYHd%2FnIoQgJn%2B7fvYmdjhe"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d06b827aa7242c0-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tzRCHBFuAmixsbqmUDwArSs9qCY9i27FUN5LkJCPXcbvdLi6uMcMxY465hNXOHzZ3IE33BZ0IGk%2Bo2DutnibkEMi9AH7CBnlMGEzjIycRy%2ByGlg3Idlxk81jluvlAmfGpLrhf%2FiIhZBLYlXm"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d06b8376dc98c87-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7qZmIIrcoC1kQovUaKDpvVpJ80SSS%2BCaKD%2FPzBTnCYwOzSTKNBPcSRoH0rxxllNFJiWNu6aAhg6hUW8QvzY1Rz5lEE1NfCqYSgd0FEmRaAXwK3Ag%2B%2BrJIe%2BdAM3A8XN4xkvNcQmArX4iXbOw"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d06b8478dce443e-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7qZmIIrcoC1kQovUaKDpvVpJ80SSS%2BCaKD%2FPzBTnCYwOzSTKNBPcSRoH0rxxllNFJiWNu6aAhg6hUW8QvzY1Rz5lEE1NfCqYSgd0FEmRaAXwK3Ag%2B%2BrJIe%2BdAM3A8XN4xkvNcQmArX4iXbOw"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d06b8478dce443e-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Oct 2024 12:47:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I11BaVq1cCi1YXatJQfQr7AG4OXMehuzA5%2FBg2jQUM9QF5ePyWS9KogFmbsKF7Vog4OJSf%2FNnCOVfEFE7e9ei%2BpHfYDWiThrGArL4iJ5rY%2Faul4GD87aYAVvIVZrZY%2FU2Q1zppDWQAzxpDar"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflareCF-RAY: 8d06b8573cc37d18-EWRalt-svc: h3=":443"; ma=86400Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:48:25 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:48:27 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:48:30 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 10 Oct 2024 12:48:33 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: compact.exe, 00000005.00000002.3605554811.000000000483C000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003AFC000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://goge8opp.com:301
Source: compact.exe, 00000005.00000002.3605554811.0000000004386000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003646000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.yosoyemy.com/o1rp?Sh=TBsR9lfn
Source: XFLTednCZUTqje.exe, 00000006.00000002.3606411027.0000000005578000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.zt555.shop
Source: XFLTednCZUTqje.exe, 00000006.00000002.3606411027.0000000005578000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.zt555.shop/uj7x/
Source: compact.exe, 00000005.00000002.3605554811.0000000004E84000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000004144000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://yourtech-agency.com/99um/?f6SpQ=_n84nZ4HGta&Sh=sejrBqbnhxLzIpZobXocfoJh7
Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: compact.exe, 00000005.00000002.3605554811.00000000049CE000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003C8E000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/3.1.1/gsap.min.js
Source: compact.exe, 00000005.00000002.3605554811.00000000049CE000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003C8E000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
Source: compact.exe, 00000005.00000002.3605554811.00000000049CE000.00000004.10000000.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3604847217.0000000003C8E000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css
Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: compact.exe, 00000005.00000002.3603499562.0000000003274000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: compact.exe, 00000005.00000002.3603499562.0000000003274000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: compact.exe, 00000005.00000002.3603499562.0000000003274000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: compact.exe, 00000005.00000002.3603499562.0000000003274000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: compact.exe, 00000005.00000002.3603499562.0000000003274000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: compact.exe, 00000005.00000003.2149956057.0000000008024000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: compact.exe, 00000005.00000003.2159904469.000000000330C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Contains functionality to call native functions
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00E1C4A3 NtClose, 0_2_00E1C4A3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062B60 NtClose,LdrInitializeThunk, 0_2_01062B60
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062DF0 NtQuerySystemInformation,LdrInitializeThunk, 0_2_01062DF0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062C70 NtFreeVirtualMemory,LdrInitializeThunk, 0_2_01062C70
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010635C0 NtCreateMutant,LdrInitializeThunk, 0_2_010635C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01064340 NtSetContextThread, 0_2_01064340
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01064650 NtSuspendThread, 0_2_01064650
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062B80 NtQueryInformationFile, 0_2_01062B80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062BA0 NtEnumerateValueKey, 0_2_01062BA0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062BE0 NtQueryValueKey, 0_2_01062BE0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062BF0 NtAllocateVirtualMemory, 0_2_01062BF0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062AB0 NtWaitForSingleObject, 0_2_01062AB0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062AD0 NtReadFile, 0_2_01062AD0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062AF0 NtWriteFile, 0_2_01062AF0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062D00 NtSetInformationFile, 0_2_01062D00
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062D10 NtMapViewOfSection, 0_2_01062D10
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062D30 NtUnmapViewOfSection, 0_2_01062D30
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062DB0 NtEnumerateKey, 0_2_01062DB0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062DD0 NtDelayExecution, 0_2_01062DD0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062C00 NtQueryInformationProcess, 0_2_01062C00
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062C60 NtCreateKey, 0_2_01062C60
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062CA0 NtQueryInformationToken, 0_2_01062CA0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062CC0 NtQueryVirtualMemory, 0_2_01062CC0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062CF0 NtOpenProcess, 0_2_01062CF0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062F30 NtCreateSection, 0_2_01062F30
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062F60 NtCreateProcessEx, 0_2_01062F60
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062F90 NtProtectVirtualMemory, 0_2_01062F90
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062FA0 NtQuerySection, 0_2_01062FA0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062FB0 NtResumeThread, 0_2_01062FB0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062FE0 NtCreateFile, 0_2_01062FE0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062E30 NtWriteVirtualMemory, 0_2_01062E30
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062E80 NtReadVirtualMemory, 0_2_01062E80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062EA0 NtAdjustPrivilegesToken, 0_2_01062EA0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062EE0 NtQueueApcThread, 0_2_01062EE0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01063010 NtOpenDirectoryObject, 0_2_01063010
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01063090 NtSetValueKey, 0_2_01063090
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010639B0 NtGetContextThread, 0_2_010639B0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01063D10 NtOpenProcessToken, 0_2_01063D10
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01063D70 NtOpenThread, 0_2_01063D70
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03854340 NtSetContextThread,LdrInitializeThunk, 5_2_03854340
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03854650 NtSuspendThread,LdrInitializeThunk, 5_2_03854650
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852BA0 NtEnumerateValueKey,LdrInitializeThunk, 5_2_03852BA0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852BE0 NtQueryValueKey,LdrInitializeThunk, 5_2_03852BE0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852BF0 NtAllocateVirtualMemory,LdrInitializeThunk, 5_2_03852BF0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852B60 NtClose,LdrInitializeThunk, 5_2_03852B60
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852AD0 NtReadFile,LdrInitializeThunk, 5_2_03852AD0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852AF0 NtWriteFile,LdrInitializeThunk, 5_2_03852AF0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852FB0 NtResumeThread,LdrInitializeThunk, 5_2_03852FB0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852FE0 NtCreateFile,LdrInitializeThunk, 5_2_03852FE0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852F30 NtCreateSection,LdrInitializeThunk, 5_2_03852F30
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852E80 NtReadVirtualMemory,LdrInitializeThunk, 5_2_03852E80
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852EE0 NtQueueApcThread,LdrInitializeThunk, 5_2_03852EE0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852DD0 NtDelayExecution,LdrInitializeThunk, 5_2_03852DD0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852DF0 NtQuerySystemInformation,LdrInitializeThunk, 5_2_03852DF0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852D10 NtMapViewOfSection,LdrInitializeThunk, 5_2_03852D10
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852D30 NtUnmapViewOfSection,LdrInitializeThunk, 5_2_03852D30
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852CA0 NtQueryInformationToken,LdrInitializeThunk, 5_2_03852CA0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852C60 NtCreateKey,LdrInitializeThunk, 5_2_03852C60
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852C70 NtFreeVirtualMemory,LdrInitializeThunk, 5_2_03852C70
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038535C0 NtCreateMutant,LdrInitializeThunk, 5_2_038535C0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038539B0 NtGetContextThread,LdrInitializeThunk, 5_2_038539B0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852B80 NtQueryInformationFile, 5_2_03852B80
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852AB0 NtWaitForSingleObject, 5_2_03852AB0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852F90 NtProtectVirtualMemory, 5_2_03852F90
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852FA0 NtQuerySection, 5_2_03852FA0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852F60 NtCreateProcessEx, 5_2_03852F60
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852EA0 NtAdjustPrivilegesToken, 5_2_03852EA0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852E30 NtWriteVirtualMemory, 5_2_03852E30
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852DB0 NtEnumerateKey, 5_2_03852DB0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852D00 NtSetInformationFile, 5_2_03852D00
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852CC0 NtQueryVirtualMemory, 5_2_03852CC0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852CF0 NtOpenProcess, 5_2_03852CF0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03852C00 NtQueryInformationProcess, 5_2_03852C00
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03853090 NtSetValueKey, 5_2_03853090
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03853010 NtOpenDirectoryObject, 5_2_03853010
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03853D10 NtOpenProcessToken, 5_2_03853D10
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03853D70 NtOpenThread, 5_2_03853D70
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03108F40 NtReadFile, 5_2_03108F40
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03108DD0 NtCreateFile, 5_2_03108DD0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03109230 NtAllocateVirtualMemory, 5_2_03109230
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03109030 NtDeleteFile, 5_2_03109030
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_031090D0 NtClose, 5_2_031090D0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_036FF901 NtClose, 5_2_036FF901
Detected potential crypto function
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00E08493 0_2_00E08493
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF28E0 0_2_00DF28E0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF3150 0_2_00DF3150
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF1140 0_2_00DF1140
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF113B 0_2_00DF113B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF12F0 0_2_00DF12F0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00E1EA83 0_2_00E1EA83
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DFFCFE 0_2_00DFFCFE
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF2CF3 0_2_00DF2CF3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DFFD03 0_2_00DFFD03
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF2D00 0_2_00DF2D00
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00E0666E 0_2_00E0666E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00E06673 0_2_00E06673
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DFDF9B 0_2_00DFDF9B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DFDFA3 0_2_00DFDFA3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DFFF23 0_2_00DFFF23
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01020100 0_2_01020100
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CA118 0_2_010CA118
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B8158 0_2_010B8158
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F01AA 0_2_010F01AA
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E41A2 0_2_010E41A2
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E81CC 0_2_010E81CC
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C2000 0_2_010C2000
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EA352 0_2_010EA352
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F03E6 0_2_010F03E6
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103E3F0 0_2_0103E3F0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B02C0 0_2_010B02C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030535 0_2_01030535
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F0591 0_2_010F0591
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D4420 0_2_010D4420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E2446 0_2_010E2446
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010DE4F6 0_2_010DE4F6
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01054750 0_2_01054750
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102C7C0 0_2_0102C7C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104C6E0 0_2_0104C6E0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01046962 0_2_01046962
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010FA9A6 0_2_010FA9A6
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103A840 0_2_0103A840
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01032840 0_2_01032840
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010168B8 0_2_010168B8
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E8F0 0_2_0105E8F0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EAB40 0_2_010EAB40
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E6BD7 0_2_010E6BD7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102EA80 0_2_0102EA80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103AD00 0_2_0103AD00
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CCD1F 0_2_010CCD1F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01048DBF 0_2_01048DBF
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102ADE0 0_2_0102ADE0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030C00 0_2_01030C00
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0CB5 0_2_010D0CB5
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01020CF2 0_2_01020CF2
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01072F28 0_2_01072F28
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01050F30 0_2_01050F30
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D2F30 0_2_010D2F30
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A4F40 0_2_010A4F40
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AEFA0 0_2_010AEFA0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01022FC8 0_2_01022FC8
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EEE26 0_2_010EEE26
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030E59 0_2_01030E59
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01042E90 0_2_01042E90
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010ECE93 0_2_010ECE93
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EEEDB 0_2_010EEEDB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010FB16B 0_2_010FB16B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0106516C 0_2_0106516C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101F172 0_2_0101F172
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103B1B0 0_2_0103B1B0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010DF0CC 0_2_010DF0CC
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010370C0 0_2_010370C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E70E9 0_2_010E70E9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EF0E0 0_2_010EF0E0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E132D 0_2_010E132D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101D34C 0_2_0101D34C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0107739A 0_2_0107739A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010352A0 0_2_010352A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104B2C0 0_2_0104B2C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D12ED 0_2_010D12ED
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104D2F0 0_2_0104D2F0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E7571 0_2_010E7571
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CD5B0 0_2_010CD5B0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EF43F 0_2_010EF43F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01021460 0_2_01021460
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EF7B0 0_2_010EF7B0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E16CC 0_2_010E16CC
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C5910 0_2_010C5910
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01039950 0_2_01039950
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104B950 0_2_0104B950
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109D800 0_2_0109D800
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010338E0 0_2_010338E0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EFB76 0_2_010EFB76
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104FB80 0_2_0104FB80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A5BF0 0_2_010A5BF0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0106DBF9 0_2_0106DBF9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EFA49 0_2_010EFA49
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E7A46 0_2_010E7A46
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A3A6C 0_2_010A3A6C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CDAAC 0_2_010CDAAC
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01075AA0 0_2_01075AA0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D1AA3 0_2_010D1AA3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010DDAC6 0_2_010DDAC6
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01033D40 0_2_01033D40
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E1D5A 0_2_010E1D5A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E7D73 0_2_010E7D73
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104FDC0 0_2_0104FDC0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A9C32 0_2_010A9C32
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EFCF2 0_2_010EFCF2
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EFF09 0_2_010EFF09
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01031F92 0_2_01031F92
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EFFB1 0_2_010EFFB1
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01039EB0 0_2_01039EB0
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034F4B77 2_2_034F4B77
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034F4B72 2_2_034F4B72
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034EE207 2_2_034EE207
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034EE202 2_2_034EE202
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034F6997 2_2_034F6997
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_0350CF87 2_2_0350CF87
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034EE427 2_2_034EE427
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034EC49F 2_2_034EC49F
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034EC4A7 2_2_034EC4A7
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038E03E6 5_2_038E03E6
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0382E3F0 5_2_0382E3F0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DA352 5_2_038DA352
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038A02C0 5_2_038A02C0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038C0274 5_2_038C0274
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038E01AA 5_2_038E01AA
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D41A2 5_2_038D41A2
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D81CC 5_2_038D81CC
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03810100 5_2_03810100
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038BA118 5_2_038BA118
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038A8158 5_2_038A8158
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038B2000 5_2_038B2000
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0381C7C0 5_2_0381C7C0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03844750 5_2_03844750
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03820770 5_2_03820770
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0383C6E0 5_2_0383C6E0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038E0591 5_2_038E0591
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03820535 5_2_03820535
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038CE4F6 5_2_038CE4F6
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038C4420 5_2_038C4420
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D2446 5_2_038D2446
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D6BD7 5_2_038D6BD7
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DAB40 5_2_038DAB40
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0381EA80 5_2_0381EA80
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038229A0 5_2_038229A0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038EA9A6 5_2_038EA9A6
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03836962 5_2_03836962
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038068B8 5_2_038068B8
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0384E8F0 5_2_0384E8F0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03822840 5_2_03822840
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0382A840 5_2_0382A840
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0389EFA0 5_2_0389EFA0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03812FC8 5_2_03812FC8
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03862F28 5_2_03862F28
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03840F30 5_2_03840F30
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038C2F30 5_2_038C2F30
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03894F40 5_2_03894F40
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03832E90 5_2_03832E90
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DCE93 5_2_038DCE93
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DEEDB 5_2_038DEEDB
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DEE26 5_2_038DEE26
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03820E59 5_2_03820E59
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03838DBF 5_2_03838DBF
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0381ADE0 5_2_0381ADE0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0382AD00 5_2_0382AD00
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038BCD1F 5_2_038BCD1F
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038C0CB5 5_2_038C0CB5
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03810CF2 5_2_03810CF2
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03820C00 5_2_03820C00
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0386739A 5_2_0386739A
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D132D 5_2_038D132D
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0380D34C 5_2_0380D34C
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038252A0 5_2_038252A0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0383B2C0 5_2_0383B2C0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038C12ED 5_2_038C12ED
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0383D2F0 5_2_0383D2F0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0382B1B0 5_2_0382B1B0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038EB16B 5_2_038EB16B
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0385516C 5_2_0385516C
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0380F172 5_2_0380F172
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038CF0CC 5_2_038CF0CC
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038270C0 5_2_038270C0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D70E9 5_2_038D70E9
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DF0E0 5_2_038DF0E0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DF7B0 5_2_038DF7B0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D16CC 5_2_038D16CC
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03865630 5_2_03865630
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038BD5B0 5_2_038BD5B0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038E95C3 5_2_038E95C3
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D7571 5_2_038D7571
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DF43F 5_2_038DF43F
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03811460 5_2_03811460
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0383FB80 5_2_0383FB80
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03895BF0 5_2_03895BF0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0385DBF9 5_2_0385DBF9
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DFB76 5_2_038DFB76
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03865AA0 5_2_03865AA0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038BDAAC 5_2_038BDAAC
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038C1AA3 5_2_038C1AA3
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038CDAC6 5_2_038CDAC6
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DFA49 5_2_038DFA49
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D7A46 5_2_038D7A46
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03893A6C 5_2_03893A6C
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038B5910 5_2_038B5910
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03829950 5_2_03829950
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0383B950 5_2_0383B950
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038238E0 5_2_038238E0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0388D800 5_2_0388D800
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03821F92 5_2_03821F92
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DFFB1 5_2_038DFFB1
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DFF09 5_2_038DFF09
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03829EB0 5_2_03829EB0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0383FDC0 5_2_0383FDC0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03823D40 5_2_03823D40
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D1D5A 5_2_038D1D5A
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038D7D73 5_2_038D7D73
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038DFCF2 5_2_038DFCF2
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_03899C32 5_2_03899C32
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030F1A30 5_2_030F1A30
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030ECB50 5_2_030ECB50
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030EABC8 5_2_030EABC8
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030EABD0 5_2_030EABD0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030EC92B 5_2_030EC92B
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030EC930 5_2_030EC930
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030F329B 5_2_030F329B
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030F32A0 5_2_030F32A0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030F50C0 5_2_030F50C0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_0310B6B0 5_2_0310B6B0
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_036FE385 5_2_036FE385
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_036FE1DC 5_2_036FE1DC
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_036FE723 5_2_036FE723
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_036FD788 5_2_036FD788
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_036FCA33 5_2_036FCA33
Found potential string decryption / allocating functions
Source: C:\Windows\SysWOW64\compact.exe Code function: String function: 0388EA12 appears 86 times
Source: C:\Windows\SysWOW64\compact.exe Code function: String function: 0380B970 appears 262 times
Source: C:\Windows\SysWOW64\compact.exe Code function: String function: 03867E54 appears 107 times
Source: C:\Windows\SysWOW64\compact.exe Code function: String function: 03855130 appears 58 times
Source: C:\Windows\SysWOW64\compact.exe Code function: String function: 0389F290 appears 103 times
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: String function: 01065130 appears 58 times
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: String function: 01077E54 appears 99 times
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: String function: 0101B970 appears 262 times
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: String function: 0109EA12 appears 86 times
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: String function: 010AF290 appears 103 times
PE file does not import any functions
Source: NjjLYnPSZr.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: NjjLYnPSZr.exe, 00000000.00000003.1881085129.0000000000F6D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs NjjLYnPSZr.exe
Source: NjjLYnPSZr.exe, 00000000.00000002.1971204229.00000000012C1000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs NjjLYnPSZr.exe
Source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.0000000000934000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCOMPACT.EXEj% vs NjjLYnPSZr.exe
Source: NjjLYnPSZr.exe, 00000000.00000003.1879483342.0000000000BFA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs NjjLYnPSZr.exe
Source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.000000000091D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCOMPACT.EXEj% vs NjjLYnPSZr.exe
Uses 32bit PE files
Source: NjjLYnPSZr.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: NjjLYnPSZr.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: NjjLYnPSZr.exe Static PE information: Section .text
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@5/1@13/9
Source: C:\Windows\SysWOW64\compact.exe File created: C:\Users\user\AppData\Local\Temp\s1951-LPl Jump to behavior
Source: NjjLYnPSZr.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Program Files\Mozilla Firefox\firefox.exe File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: compact.exe, 00000005.00000002.3603499562.00000000032D9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: NjjLYnPSZr.exe ReversingLabs: Detection: 60%
Source: unknown Process created: C:\Users\user\Desktop\NjjLYnPSZr.exe "C:\Users\user\Desktop\NjjLYnPSZr.exe"
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Process created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
Source: C:\Windows\SysWOW64\compact.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Process created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe" Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: winsqlite3.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: NjjLYnPSZr.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: compact.pdbGCTL source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.000000000091D000.00000004.00000020.00020000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000002.3604055024.0000000001108000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XFLTednCZUTqje.exe, 00000002.00000000.1894942549.0000000000B6E000.00000002.00000001.01000000.00000005.sdmp, XFLTednCZUTqje.exe, 00000006.00000002.3603415797.0000000000B6E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: wntdll.pdbUGP source: NjjLYnPSZr.exe, 00000000.00000002.1971204229.000000000118E000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1879483342.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1881085129.0000000000E40000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1972841113.0000000003633000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1971132275.0000000003487000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.000000000397E000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: NjjLYnPSZr.exe, NjjLYnPSZr.exe, 00000000.00000002.1971204229.000000000118E000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000002.1971204229.0000000000FF0000.00000040.00001000.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1879483342.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, NjjLYnPSZr.exe, 00000000.00000003.1881085129.0000000000E40000.00000004.00000020.00020000.00000000.sdmp, compact.exe, compact.exe, 00000005.00000002.3604665421.00000000037E0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1972841113.0000000003633000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000003.1971132275.0000000003487000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 00000005.00000002.3604665421.000000000397E000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: compact.pdb source: NjjLYnPSZr.exe, 00000000.00000003.1970894978.000000000091D000.00000004.00000020.00020000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000002.3604055024.0000000001108000.00000004.00000020.00020000.00000000.sdmp
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00E080F3 pushfd ; iretd 0_2_00E080F4
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF18FB push ebx; iretd 0_2_00DF18FE
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DFD227 pushfd ; retf 0_2_00DFD22A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF33D0 push eax; ret 0_2_00DF33D2
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF531E push ebp; ret 0_2_00DF5337
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF8415 push ebp; ret 0_2_00DF8416
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF1590 push ebx; iretd 0_2_00DF165C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF165F push ebx; iretd 0_2_00DF165C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF1663 push ebx; iretd 0_2_00DF165C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF1663 push ebx; iretd 0_2_00DF168A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF1786 push ebx; iretd 0_2_00DF1788
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00DF1728 push ebx; iretd 0_2_00DF1759
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010209AD push ecx; mov dword ptr [esp], ecx 0_2_010209B6
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034E6919 push ebp; ret 2_2_034E691A
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034E3822 push ebp; ret 2_2_034E383B
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034EB72B pushfd ; retf 2_2_034EB72E
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Code function: 2_2_034F65F7 pushfd ; iretd 2_2_034F65F8
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_038109AD push ecx; mov dword ptr [esp], ecx 5_2_038109B6
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030F8401 push edx; ret 5_2_030F8402
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030F4D20 pushfd ; iretd 5_2_030F4D21
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030E5042 push ebp; ret 5_2_030E5043
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030FD714 push esi; retf 5_2_030FD6CB
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030FD72D pushfd ; iretd 5_2_030FD74F
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030FD6B4 push esi; retf 5_2_030FD6CB
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030FD6C0 push esi; retf 5_2_030FD6CB
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030FD6DF push esi; retf 5_2_030FD6CB
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030E1F4B push ebp; ret 5_2_030E1F64
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_036FF3AD push esi; ret 5_2_036FF3AE
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_036FC381 pushad ; ret 5_2_036FC382
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_036FA29B push ecx; iretd 5_2_036FA29D
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_036F5761 pushfd ; ret 5_2_036F585F
Source: NjjLYnPSZr.exe Static PE information: section name: .text entropy: 7.995793913523369
Source: C:\Windows\SysWOW64\compact.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Switches to a custom stack to bypass stack traces
Source: C:\Windows\SysWOW64\compact.exe API/Special instruction interceptor: Address: 7FFE2220D324
Source: C:\Windows\SysWOW64\compact.exe API/Special instruction interceptor: Address: 7FFE2220D7E4
Source: C:\Windows\SysWOW64\compact.exe API/Special instruction interceptor: Address: 7FFE2220D944
Source: C:\Windows\SysWOW64\compact.exe API/Special instruction interceptor: Address: 7FFE2220D504
Source: C:\Windows\SysWOW64\compact.exe API/Special instruction interceptor: Address: 7FFE2220D544
Source: C:\Windows\SysWOW64\compact.exe API/Special instruction interceptor: Address: 7FFE2220D1E4
Source: C:\Windows\SysWOW64\compact.exe API/Special instruction interceptor: Address: 7FFE22210154
Source: C:\Windows\SysWOW64\compact.exe API/Special instruction interceptor: Address: 7FFE2220DA44
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0106096E rdtsc 0_2_0106096E
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\compact.exe Window / User API: threadDelayed 934 Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Window / User API: threadDelayed 9039 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe API coverage: 0.7 %
Source: C:\Windows\SysWOW64\compact.exe API coverage: 2.6 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\SysWOW64\compact.exe TID: 7936 Thread sleep count: 934 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 7936 Thread sleep time: -1868000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 7936 Thread sleep count: 9039 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe TID: 7936 Thread sleep time: -18078000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe TID: 7952 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe TID: 7952 Thread sleep time: -43500s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\SysWOW64\compact.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\compact.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\compact.exe Code function: 5_2_030FC340 FindFirstFileW,FindNextFileW,FindClose, 5_2_030FC340
Source: compact.exe, 00000005.00000002.3603499562.000000000321D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.2269930168.000001D7E660C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: XFLTednCZUTqje.exe, 00000006.00000002.3604274339.000000000122F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllc
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0106096E rdtsc 0_2_0106096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_00E07623 LdrLoadDll, 0_2_00E07623
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h] 0_2_010CE10E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE10E mov ecx, dword ptr fs:[00000030h] 0_2_010CE10E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h] 0_2_010CE10E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h] 0_2_010CE10E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE10E mov ecx, dword ptr fs:[00000030h] 0_2_010CE10E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h] 0_2_010CE10E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h] 0_2_010CE10E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE10E mov ecx, dword ptr fs:[00000030h] 0_2_010CE10E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE10E mov eax, dword ptr fs:[00000030h] 0_2_010CE10E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE10E mov ecx, dword ptr fs:[00000030h] 0_2_010CE10E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CA118 mov ecx, dword ptr fs:[00000030h] 0_2_010CA118
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CA118 mov eax, dword ptr fs:[00000030h] 0_2_010CA118
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CA118 mov eax, dword ptr fs:[00000030h] 0_2_010CA118
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CA118 mov eax, dword ptr fs:[00000030h] 0_2_010CA118
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E0115 mov eax, dword ptr fs:[00000030h] 0_2_010E0115
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01050124 mov eax, dword ptr fs:[00000030h] 0_2_01050124
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B4144 mov eax, dword ptr fs:[00000030h] 0_2_010B4144
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B4144 mov eax, dword ptr fs:[00000030h] 0_2_010B4144
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B4144 mov ecx, dword ptr fs:[00000030h] 0_2_010B4144
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B4144 mov eax, dword ptr fs:[00000030h] 0_2_010B4144
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B4144 mov eax, dword ptr fs:[00000030h] 0_2_010B4144
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B8158 mov eax, dword ptr fs:[00000030h] 0_2_010B8158
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01026154 mov eax, dword ptr fs:[00000030h] 0_2_01026154
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01026154 mov eax, dword ptr fs:[00000030h] 0_2_01026154
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101C156 mov eax, dword ptr fs:[00000030h] 0_2_0101C156
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01060185 mov eax, dword ptr fs:[00000030h] 0_2_01060185
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010DC188 mov eax, dword ptr fs:[00000030h] 0_2_010DC188
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010DC188 mov eax, dword ptr fs:[00000030h] 0_2_010DC188
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C4180 mov eax, dword ptr fs:[00000030h] 0_2_010C4180
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C4180 mov eax, dword ptr fs:[00000030h] 0_2_010C4180
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A019F mov eax, dword ptr fs:[00000030h] 0_2_010A019F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A019F mov eax, dword ptr fs:[00000030h] 0_2_010A019F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A019F mov eax, dword ptr fs:[00000030h] 0_2_010A019F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A019F mov eax, dword ptr fs:[00000030h] 0_2_010A019F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101A197 mov eax, dword ptr fs:[00000030h] 0_2_0101A197
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101A197 mov eax, dword ptr fs:[00000030h] 0_2_0101A197
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101A197 mov eax, dword ptr fs:[00000030h] 0_2_0101A197
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E61C3 mov eax, dword ptr fs:[00000030h] 0_2_010E61C3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E61C3 mov eax, dword ptr fs:[00000030h] 0_2_010E61C3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0109E1D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0109E1D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E1D0 mov ecx, dword ptr fs:[00000030h] 0_2_0109E1D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0109E1D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0109E1D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F61E5 mov eax, dword ptr fs:[00000030h] 0_2_010F61E5
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010501F8 mov eax, dword ptr fs:[00000030h] 0_2_010501F8
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A4000 mov ecx, dword ptr fs:[00000030h] 0_2_010A4000
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h] 0_2_010C2000
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h] 0_2_010C2000
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h] 0_2_010C2000
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h] 0_2_010C2000
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h] 0_2_010C2000
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h] 0_2_010C2000
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h] 0_2_010C2000
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C2000 mov eax, dword ptr fs:[00000030h] 0_2_010C2000
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103E016 mov eax, dword ptr fs:[00000030h] 0_2_0103E016
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103E016 mov eax, dword ptr fs:[00000030h] 0_2_0103E016
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103E016 mov eax, dword ptr fs:[00000030h] 0_2_0103E016
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103E016 mov eax, dword ptr fs:[00000030h] 0_2_0103E016
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101A020 mov eax, dword ptr fs:[00000030h] 0_2_0101A020
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101C020 mov eax, dword ptr fs:[00000030h] 0_2_0101C020
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B6030 mov eax, dword ptr fs:[00000030h] 0_2_010B6030
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01022050 mov eax, dword ptr fs:[00000030h] 0_2_01022050
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A6050 mov eax, dword ptr fs:[00000030h] 0_2_010A6050
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104C073 mov eax, dword ptr fs:[00000030h] 0_2_0104C073
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102208A mov eax, dword ptr fs:[00000030h] 0_2_0102208A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B80A8 mov eax, dword ptr fs:[00000030h] 0_2_010B80A8
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E60B8 mov eax, dword ptr fs:[00000030h] 0_2_010E60B8
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E60B8 mov ecx, dword ptr fs:[00000030h] 0_2_010E60B8
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A20DE mov eax, dword ptr fs:[00000030h] 0_2_010A20DE
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101A0E3 mov ecx, dword ptr fs:[00000030h] 0_2_0101A0E3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A60E0 mov eax, dword ptr fs:[00000030h] 0_2_010A60E0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010280E9 mov eax, dword ptr fs:[00000030h] 0_2_010280E9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101C0F0 mov eax, dword ptr fs:[00000030h] 0_2_0101C0F0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010620F0 mov ecx, dword ptr fs:[00000030h] 0_2_010620F0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105A30B mov eax, dword ptr fs:[00000030h] 0_2_0105A30B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105A30B mov eax, dword ptr fs:[00000030h] 0_2_0105A30B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105A30B mov eax, dword ptr fs:[00000030h] 0_2_0105A30B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101C310 mov ecx, dword ptr fs:[00000030h] 0_2_0101C310
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01040310 mov ecx, dword ptr fs:[00000030h] 0_2_01040310
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A2349 mov eax, dword ptr fs:[00000030h] 0_2_010A2349
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A035C mov eax, dword ptr fs:[00000030h] 0_2_010A035C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A035C mov eax, dword ptr fs:[00000030h] 0_2_010A035C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A035C mov eax, dword ptr fs:[00000030h] 0_2_010A035C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A035C mov ecx, dword ptr fs:[00000030h] 0_2_010A035C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A035C mov eax, dword ptr fs:[00000030h] 0_2_010A035C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A035C mov eax, dword ptr fs:[00000030h] 0_2_010A035C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EA352 mov eax, dword ptr fs:[00000030h] 0_2_010EA352
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C8350 mov ecx, dword ptr fs:[00000030h] 0_2_010C8350
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C437C mov eax, dword ptr fs:[00000030h] 0_2_010C437C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101E388 mov eax, dword ptr fs:[00000030h] 0_2_0101E388
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101E388 mov eax, dword ptr fs:[00000030h] 0_2_0101E388
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101E388 mov eax, dword ptr fs:[00000030h] 0_2_0101E388
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104438F mov eax, dword ptr fs:[00000030h] 0_2_0104438F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104438F mov eax, dword ptr fs:[00000030h] 0_2_0104438F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01018397 mov eax, dword ptr fs:[00000030h] 0_2_01018397
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01018397 mov eax, dword ptr fs:[00000030h] 0_2_01018397
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01018397 mov eax, dword ptr fs:[00000030h] 0_2_01018397
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010DC3CD mov eax, dword ptr fs:[00000030h] 0_2_010DC3CD
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0102A3C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0102A3C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0102A3C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0102A3C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0102A3C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0102A3C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010283C0 mov eax, dword ptr fs:[00000030h] 0_2_010283C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010283C0 mov eax, dword ptr fs:[00000030h] 0_2_010283C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010283C0 mov eax, dword ptr fs:[00000030h] 0_2_010283C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010283C0 mov eax, dword ptr fs:[00000030h] 0_2_010283C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A63C0 mov eax, dword ptr fs:[00000030h] 0_2_010A63C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE3DB mov eax, dword ptr fs:[00000030h] 0_2_010CE3DB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE3DB mov eax, dword ptr fs:[00000030h] 0_2_010CE3DB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE3DB mov ecx, dword ptr fs:[00000030h] 0_2_010CE3DB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CE3DB mov eax, dword ptr fs:[00000030h] 0_2_010CE3DB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C43D4 mov eax, dword ptr fs:[00000030h] 0_2_010C43D4
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C43D4 mov eax, dword ptr fs:[00000030h] 0_2_010C43D4
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h] 0_2_010303E9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h] 0_2_010303E9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h] 0_2_010303E9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h] 0_2_010303E9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h] 0_2_010303E9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h] 0_2_010303E9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h] 0_2_010303E9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010303E9 mov eax, dword ptr fs:[00000030h] 0_2_010303E9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103E3F0 mov eax, dword ptr fs:[00000030h] 0_2_0103E3F0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103E3F0 mov eax, dword ptr fs:[00000030h] 0_2_0103E3F0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103E3F0 mov eax, dword ptr fs:[00000030h] 0_2_0103E3F0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010563FF mov eax, dword ptr fs:[00000030h] 0_2_010563FF
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101823B mov eax, dword ptr fs:[00000030h] 0_2_0101823B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A8243 mov eax, dword ptr fs:[00000030h] 0_2_010A8243
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A8243 mov ecx, dword ptr fs:[00000030h] 0_2_010A8243
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101A250 mov eax, dword ptr fs:[00000030h] 0_2_0101A250
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01026259 mov eax, dword ptr fs:[00000030h] 0_2_01026259
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010DA250 mov eax, dword ptr fs:[00000030h] 0_2_010DA250
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010DA250 mov eax, dword ptr fs:[00000030h] 0_2_010DA250
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01024260 mov eax, dword ptr fs:[00000030h] 0_2_01024260
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01024260 mov eax, dword ptr fs:[00000030h] 0_2_01024260
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01024260 mov eax, dword ptr fs:[00000030h] 0_2_01024260
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101826B mov eax, dword ptr fs:[00000030h] 0_2_0101826B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D0274 mov eax, dword ptr fs:[00000030h] 0_2_010D0274
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E284 mov eax, dword ptr fs:[00000030h] 0_2_0105E284
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E284 mov eax, dword ptr fs:[00000030h] 0_2_0105E284
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A0283 mov eax, dword ptr fs:[00000030h] 0_2_010A0283
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A0283 mov eax, dword ptr fs:[00000030h] 0_2_010A0283
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A0283 mov eax, dword ptr fs:[00000030h] 0_2_010A0283
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010302A0 mov eax, dword ptr fs:[00000030h] 0_2_010302A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010302A0 mov eax, dword ptr fs:[00000030h] 0_2_010302A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B62A0 mov eax, dword ptr fs:[00000030h] 0_2_010B62A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B62A0 mov ecx, dword ptr fs:[00000030h] 0_2_010B62A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B62A0 mov eax, dword ptr fs:[00000030h] 0_2_010B62A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B62A0 mov eax, dword ptr fs:[00000030h] 0_2_010B62A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B62A0 mov eax, dword ptr fs:[00000030h] 0_2_010B62A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B62A0 mov eax, dword ptr fs:[00000030h] 0_2_010B62A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A2C3 mov eax, dword ptr fs:[00000030h] 0_2_0102A2C3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A2C3 mov eax, dword ptr fs:[00000030h] 0_2_0102A2C3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A2C3 mov eax, dword ptr fs:[00000030h] 0_2_0102A2C3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A2C3 mov eax, dword ptr fs:[00000030h] 0_2_0102A2C3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A2C3 mov eax, dword ptr fs:[00000030h] 0_2_0102A2C3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010302E1 mov eax, dword ptr fs:[00000030h] 0_2_010302E1
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010302E1 mov eax, dword ptr fs:[00000030h] 0_2_010302E1
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010302E1 mov eax, dword ptr fs:[00000030h] 0_2_010302E1
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B6500 mov eax, dword ptr fs:[00000030h] 0_2_010B6500
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h] 0_2_010F4500
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h] 0_2_010F4500
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h] 0_2_010F4500
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h] 0_2_010F4500
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h] 0_2_010F4500
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h] 0_2_010F4500
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F4500 mov eax, dword ptr fs:[00000030h] 0_2_010F4500
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030535 mov eax, dword ptr fs:[00000030h] 0_2_01030535
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030535 mov eax, dword ptr fs:[00000030h] 0_2_01030535
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030535 mov eax, dword ptr fs:[00000030h] 0_2_01030535
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030535 mov eax, dword ptr fs:[00000030h] 0_2_01030535
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030535 mov eax, dword ptr fs:[00000030h] 0_2_01030535
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030535 mov eax, dword ptr fs:[00000030h] 0_2_01030535
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E53E mov eax, dword ptr fs:[00000030h] 0_2_0104E53E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E53E mov eax, dword ptr fs:[00000030h] 0_2_0104E53E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E53E mov eax, dword ptr fs:[00000030h] 0_2_0104E53E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E53E mov eax, dword ptr fs:[00000030h] 0_2_0104E53E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E53E mov eax, dword ptr fs:[00000030h] 0_2_0104E53E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01028550 mov eax, dword ptr fs:[00000030h] 0_2_01028550
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01028550 mov eax, dword ptr fs:[00000030h] 0_2_01028550
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105656A mov eax, dword ptr fs:[00000030h] 0_2_0105656A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105656A mov eax, dword ptr fs:[00000030h] 0_2_0105656A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105656A mov eax, dword ptr fs:[00000030h] 0_2_0105656A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01022582 mov eax, dword ptr fs:[00000030h] 0_2_01022582
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01022582 mov ecx, dword ptr fs:[00000030h] 0_2_01022582
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01054588 mov eax, dword ptr fs:[00000030h] 0_2_01054588
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E59C mov eax, dword ptr fs:[00000030h] 0_2_0105E59C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A05A7 mov eax, dword ptr fs:[00000030h] 0_2_010A05A7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A05A7 mov eax, dword ptr fs:[00000030h] 0_2_010A05A7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A05A7 mov eax, dword ptr fs:[00000030h] 0_2_010A05A7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010445B1 mov eax, dword ptr fs:[00000030h] 0_2_010445B1
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010445B1 mov eax, dword ptr fs:[00000030h] 0_2_010445B1
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E5CF mov eax, dword ptr fs:[00000030h] 0_2_0105E5CF
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E5CF mov eax, dword ptr fs:[00000030h] 0_2_0105E5CF
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010265D0 mov eax, dword ptr fs:[00000030h] 0_2_010265D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105A5D0 mov eax, dword ptr fs:[00000030h] 0_2_0105A5D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105A5D0 mov eax, dword ptr fs:[00000030h] 0_2_0105A5D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010225E0 mov eax, dword ptr fs:[00000030h] 0_2_010225E0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0104E5E7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0104E5E7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0104E5E7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0104E5E7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0104E5E7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0104E5E7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0104E5E7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0104E5E7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105C5ED mov eax, dword ptr fs:[00000030h] 0_2_0105C5ED
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105C5ED mov eax, dword ptr fs:[00000030h] 0_2_0105C5ED
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01058402 mov eax, dword ptr fs:[00000030h] 0_2_01058402
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01058402 mov eax, dword ptr fs:[00000030h] 0_2_01058402
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01058402 mov eax, dword ptr fs:[00000030h] 0_2_01058402
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101E420 mov eax, dword ptr fs:[00000030h] 0_2_0101E420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101E420 mov eax, dword ptr fs:[00000030h] 0_2_0101E420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101E420 mov eax, dword ptr fs:[00000030h] 0_2_0101E420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101C427 mov eax, dword ptr fs:[00000030h] 0_2_0101C427
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h] 0_2_010A6420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h] 0_2_010A6420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h] 0_2_010A6420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h] 0_2_010A6420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h] 0_2_010A6420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h] 0_2_010A6420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A6420 mov eax, dword ptr fs:[00000030h] 0_2_010A6420
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h] 0_2_0105E443
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h] 0_2_0105E443
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h] 0_2_0105E443
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h] 0_2_0105E443
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h] 0_2_0105E443
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h] 0_2_0105E443
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h] 0_2_0105E443
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105E443 mov eax, dword ptr fs:[00000030h] 0_2_0105E443
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010DA456 mov eax, dword ptr fs:[00000030h] 0_2_010DA456
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101645D mov eax, dword ptr fs:[00000030h] 0_2_0101645D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104245A mov eax, dword ptr fs:[00000030h] 0_2_0104245A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AC460 mov ecx, dword ptr fs:[00000030h] 0_2_010AC460
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104A470 mov eax, dword ptr fs:[00000030h] 0_2_0104A470
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104A470 mov eax, dword ptr fs:[00000030h] 0_2_0104A470
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104A470 mov eax, dword ptr fs:[00000030h] 0_2_0104A470
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010DA49A mov eax, dword ptr fs:[00000030h] 0_2_010DA49A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010264AB mov eax, dword ptr fs:[00000030h] 0_2_010264AB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010544B0 mov ecx, dword ptr fs:[00000030h] 0_2_010544B0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AA4B0 mov eax, dword ptr fs:[00000030h] 0_2_010AA4B0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010204E5 mov ecx, dword ptr fs:[00000030h] 0_2_010204E5
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105C700 mov eax, dword ptr fs:[00000030h] 0_2_0105C700
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01020710 mov eax, dword ptr fs:[00000030h] 0_2_01020710
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01050710 mov eax, dword ptr fs:[00000030h] 0_2_01050710
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105C720 mov eax, dword ptr fs:[00000030h] 0_2_0105C720
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105C720 mov eax, dword ptr fs:[00000030h] 0_2_0105C720
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105273C mov eax, dword ptr fs:[00000030h] 0_2_0105273C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105273C mov ecx, dword ptr fs:[00000030h] 0_2_0105273C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105273C mov eax, dword ptr fs:[00000030h] 0_2_0105273C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109C730 mov eax, dword ptr fs:[00000030h] 0_2_0109C730
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105674D mov esi, dword ptr fs:[00000030h] 0_2_0105674D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105674D mov eax, dword ptr fs:[00000030h] 0_2_0105674D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105674D mov eax, dword ptr fs:[00000030h] 0_2_0105674D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01020750 mov eax, dword ptr fs:[00000030h] 0_2_01020750
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062750 mov eax, dword ptr fs:[00000030h] 0_2_01062750
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062750 mov eax, dword ptr fs:[00000030h] 0_2_01062750
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AE75D mov eax, dword ptr fs:[00000030h] 0_2_010AE75D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A4755 mov eax, dword ptr fs:[00000030h] 0_2_010A4755
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01028770 mov eax, dword ptr fs:[00000030h] 0_2_01028770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030770 mov eax, dword ptr fs:[00000030h] 0_2_01030770
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C678E mov eax, dword ptr fs:[00000030h] 0_2_010C678E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010207AF mov eax, dword ptr fs:[00000030h] 0_2_010207AF
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D47A0 mov eax, dword ptr fs:[00000030h] 0_2_010D47A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102C7C0 mov eax, dword ptr fs:[00000030h] 0_2_0102C7C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A07C3 mov eax, dword ptr fs:[00000030h] 0_2_010A07C3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010427ED mov eax, dword ptr fs:[00000030h] 0_2_010427ED
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010427ED mov eax, dword ptr fs:[00000030h] 0_2_010427ED
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010427ED mov eax, dword ptr fs:[00000030h] 0_2_010427ED
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AE7E1 mov eax, dword ptr fs:[00000030h] 0_2_010AE7E1
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010247FB mov eax, dword ptr fs:[00000030h] 0_2_010247FB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010247FB mov eax, dword ptr fs:[00000030h] 0_2_010247FB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E609 mov eax, dword ptr fs:[00000030h] 0_2_0109E609
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103260B mov eax, dword ptr fs:[00000030h] 0_2_0103260B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103260B mov eax, dword ptr fs:[00000030h] 0_2_0103260B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103260B mov eax, dword ptr fs:[00000030h] 0_2_0103260B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103260B mov eax, dword ptr fs:[00000030h] 0_2_0103260B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103260B mov eax, dword ptr fs:[00000030h] 0_2_0103260B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103260B mov eax, dword ptr fs:[00000030h] 0_2_0103260B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103260B mov eax, dword ptr fs:[00000030h] 0_2_0103260B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01062619 mov eax, dword ptr fs:[00000030h] 0_2_01062619
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103E627 mov eax, dword ptr fs:[00000030h] 0_2_0103E627
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01056620 mov eax, dword ptr fs:[00000030h] 0_2_01056620
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01058620 mov eax, dword ptr fs:[00000030h] 0_2_01058620
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102262C mov eax, dword ptr fs:[00000030h] 0_2_0102262C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103C640 mov eax, dword ptr fs:[00000030h] 0_2_0103C640
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E866E mov eax, dword ptr fs:[00000030h] 0_2_010E866E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E866E mov eax, dword ptr fs:[00000030h] 0_2_010E866E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105A660 mov eax, dword ptr fs:[00000030h] 0_2_0105A660
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105A660 mov eax, dword ptr fs:[00000030h] 0_2_0105A660
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01052674 mov eax, dword ptr fs:[00000030h] 0_2_01052674
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01024690 mov eax, dword ptr fs:[00000030h] 0_2_01024690
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01024690 mov eax, dword ptr fs:[00000030h] 0_2_01024690
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105C6A6 mov eax, dword ptr fs:[00000030h] 0_2_0105C6A6
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010566B0 mov eax, dword ptr fs:[00000030h] 0_2_010566B0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105A6C7 mov ebx, dword ptr fs:[00000030h] 0_2_0105A6C7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105A6C7 mov eax, dword ptr fs:[00000030h] 0_2_0105A6C7
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0109E6F2
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0109E6F2
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0109E6F2
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0109E6F2
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A06F1 mov eax, dword ptr fs:[00000030h] 0_2_010A06F1
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A06F1 mov eax, dword ptr fs:[00000030h] 0_2_010A06F1
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E908 mov eax, dword ptr fs:[00000030h] 0_2_0109E908
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109E908 mov eax, dword ptr fs:[00000030h] 0_2_0109E908
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AC912 mov eax, dword ptr fs:[00000030h] 0_2_010AC912
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01018918 mov eax, dword ptr fs:[00000030h] 0_2_01018918
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01018918 mov eax, dword ptr fs:[00000030h] 0_2_01018918
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A892A mov eax, dword ptr fs:[00000030h] 0_2_010A892A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B892B mov eax, dword ptr fs:[00000030h] 0_2_010B892B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A0946 mov eax, dword ptr fs:[00000030h] 0_2_010A0946
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01046962 mov eax, dword ptr fs:[00000030h] 0_2_01046962
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01046962 mov eax, dword ptr fs:[00000030h] 0_2_01046962
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01046962 mov eax, dword ptr fs:[00000030h] 0_2_01046962
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0106096E mov eax, dword ptr fs:[00000030h] 0_2_0106096E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0106096E mov edx, dword ptr fs:[00000030h] 0_2_0106096E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0106096E mov eax, dword ptr fs:[00000030h] 0_2_0106096E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C4978 mov eax, dword ptr fs:[00000030h] 0_2_010C4978
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C4978 mov eax, dword ptr fs:[00000030h] 0_2_010C4978
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AC97C mov eax, dword ptr fs:[00000030h] 0_2_010AC97C
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010329A0 mov eax, dword ptr fs:[00000030h] 0_2_010329A0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010209AD mov eax, dword ptr fs:[00000030h] 0_2_010209AD
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010209AD mov eax, dword ptr fs:[00000030h] 0_2_010209AD
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A89B3 mov esi, dword ptr fs:[00000030h] 0_2_010A89B3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A89B3 mov eax, dword ptr fs:[00000030h] 0_2_010A89B3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010A89B3 mov eax, dword ptr fs:[00000030h] 0_2_010A89B3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B69C0 mov eax, dword ptr fs:[00000030h] 0_2_010B69C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0102A9D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0102A9D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0102A9D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0102A9D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0102A9D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0102A9D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010549D0 mov eax, dword ptr fs:[00000030h] 0_2_010549D0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EA9D3 mov eax, dword ptr fs:[00000030h] 0_2_010EA9D3
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AE9E0 mov eax, dword ptr fs:[00000030h] 0_2_010AE9E0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010529F9 mov eax, dword ptr fs:[00000030h] 0_2_010529F9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010529F9 mov eax, dword ptr fs:[00000030h] 0_2_010529F9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AC810 mov eax, dword ptr fs:[00000030h] 0_2_010AC810
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01042835 mov eax, dword ptr fs:[00000030h] 0_2_01042835
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01042835 mov eax, dword ptr fs:[00000030h] 0_2_01042835
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01042835 mov eax, dword ptr fs:[00000030h] 0_2_01042835
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01042835 mov ecx, dword ptr fs:[00000030h] 0_2_01042835
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01042835 mov eax, dword ptr fs:[00000030h] 0_2_01042835
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01042835 mov eax, dword ptr fs:[00000030h] 0_2_01042835
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105A830 mov eax, dword ptr fs:[00000030h] 0_2_0105A830
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C483A mov eax, dword ptr fs:[00000030h] 0_2_010C483A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C483A mov eax, dword ptr fs:[00000030h] 0_2_010C483A
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01032840 mov ecx, dword ptr fs:[00000030h] 0_2_01032840
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01050854 mov eax, dword ptr fs:[00000030h] 0_2_01050854
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01024859 mov eax, dword ptr fs:[00000030h] 0_2_01024859
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01024859 mov eax, dword ptr fs:[00000030h] 0_2_01024859
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AE872 mov eax, dword ptr fs:[00000030h] 0_2_010AE872
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AE872 mov eax, dword ptr fs:[00000030h] 0_2_010AE872
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B6870 mov eax, dword ptr fs:[00000030h] 0_2_010B6870
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B6870 mov eax, dword ptr fs:[00000030h] 0_2_010B6870
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01020887 mov eax, dword ptr fs:[00000030h] 0_2_01020887
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010AC89D mov eax, dword ptr fs:[00000030h] 0_2_010AC89D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104E8C0 mov eax, dword ptr fs:[00000030h] 0_2_0104E8C0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EA8E4 mov eax, dword ptr fs:[00000030h] 0_2_010EA8E4
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105C8F9 mov eax, dword ptr fs:[00000030h] 0_2_0105C8F9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105C8F9 mov eax, dword ptr fs:[00000030h] 0_2_0105C8F9
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h] 0_2_0109EB1D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h] 0_2_0109EB1D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h] 0_2_0109EB1D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h] 0_2_0109EB1D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h] 0_2_0109EB1D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h] 0_2_0109EB1D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h] 0_2_0109EB1D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h] 0_2_0109EB1D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109EB1D mov eax, dword ptr fs:[00000030h] 0_2_0109EB1D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104EB20 mov eax, dword ptr fs:[00000030h] 0_2_0104EB20
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104EB20 mov eax, dword ptr fs:[00000030h] 0_2_0104EB20
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E8B28 mov eax, dword ptr fs:[00000030h] 0_2_010E8B28
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010E8B28 mov eax, dword ptr fs:[00000030h] 0_2_010E8B28
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D4B4B mov eax, dword ptr fs:[00000030h] 0_2_010D4B4B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D4B4B mov eax, dword ptr fs:[00000030h] 0_2_010D4B4B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B6B40 mov eax, dword ptr fs:[00000030h] 0_2_010B6B40
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010B6B40 mov eax, dword ptr fs:[00000030h] 0_2_010B6B40
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010EAB40 mov eax, dword ptr fs:[00000030h] 0_2_010EAB40
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010C8B42 mov eax, dword ptr fs:[00000030h] 0_2_010C8B42
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CEB50 mov eax, dword ptr fs:[00000030h] 0_2_010CEB50
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0101CB7E mov eax, dword ptr fs:[00000030h] 0_2_0101CB7E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030BBE mov eax, dword ptr fs:[00000030h] 0_2_01030BBE
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030BBE mov eax, dword ptr fs:[00000030h] 0_2_01030BBE
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D4BB0 mov eax, dword ptr fs:[00000030h] 0_2_010D4BB0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D4BB0 mov eax, dword ptr fs:[00000030h] 0_2_010D4BB0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01040BCB mov eax, dword ptr fs:[00000030h] 0_2_01040BCB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01040BCB mov eax, dword ptr fs:[00000030h] 0_2_01040BCB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01040BCB mov eax, dword ptr fs:[00000030h] 0_2_01040BCB
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01020BCD mov eax, dword ptr fs:[00000030h] 0_2_01020BCD
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01020BCD mov eax, dword ptr fs:[00000030h] 0_2_01020BCD
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01020BCD mov eax, dword ptr fs:[00000030h] 0_2_01020BCD
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CEBD0 mov eax, dword ptr fs:[00000030h] 0_2_010CEBD0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01028BF0 mov eax, dword ptr fs:[00000030h] 0_2_01028BF0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01028BF0 mov eax, dword ptr fs:[00000030h] 0_2_01028BF0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01028BF0 mov eax, dword ptr fs:[00000030h] 0_2_01028BF0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104EBFC mov eax, dword ptr fs:[00000030h] 0_2_0104EBFC
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010ACBF0 mov eax, dword ptr fs:[00000030h] 0_2_010ACBF0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010ACA11 mov eax, dword ptr fs:[00000030h] 0_2_010ACA11
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105CA24 mov eax, dword ptr fs:[00000030h] 0_2_0105CA24
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0104EA2E mov eax, dword ptr fs:[00000030h] 0_2_0104EA2E
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01044A35 mov eax, dword ptr fs:[00000030h] 0_2_01044A35
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01044A35 mov eax, dword ptr fs:[00000030h] 0_2_01044A35
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h] 0_2_01026A50
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h] 0_2_01026A50
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h] 0_2_01026A50
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h] 0_2_01026A50
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h] 0_2_01026A50
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h] 0_2_01026A50
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01026A50 mov eax, dword ptr fs:[00000030h] 0_2_01026A50
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030A5B mov eax, dword ptr fs:[00000030h] 0_2_01030A5B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01030A5B mov eax, dword ptr fs:[00000030h] 0_2_01030A5B
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105CA6F mov eax, dword ptr fs:[00000030h] 0_2_0105CA6F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105CA6F mov eax, dword ptr fs:[00000030h] 0_2_0105CA6F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105CA6F mov eax, dword ptr fs:[00000030h] 0_2_0105CA6F
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010CEA60 mov eax, dword ptr fs:[00000030h] 0_2_010CEA60
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109CA72 mov eax, dword ptr fs:[00000030h] 0_2_0109CA72
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0109CA72 mov eax, dword ptr fs:[00000030h] 0_2_0109CA72
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h] 0_2_0102EA80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h] 0_2_0102EA80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h] 0_2_0102EA80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h] 0_2_0102EA80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h] 0_2_0102EA80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h] 0_2_0102EA80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h] 0_2_0102EA80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h] 0_2_0102EA80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0102EA80 mov eax, dword ptr fs:[00000030h] 0_2_0102EA80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010F4A80 mov eax, dword ptr fs:[00000030h] 0_2_010F4A80
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01058A90 mov edx, dword ptr fs:[00000030h] 0_2_01058A90
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01028AA0 mov eax, dword ptr fs:[00000030h] 0_2_01028AA0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01028AA0 mov eax, dword ptr fs:[00000030h] 0_2_01028AA0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01076AA4 mov eax, dword ptr fs:[00000030h] 0_2_01076AA4
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01076ACC mov eax, dword ptr fs:[00000030h] 0_2_01076ACC
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01076ACC mov eax, dword ptr fs:[00000030h] 0_2_01076ACC
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01076ACC mov eax, dword ptr fs:[00000030h] 0_2_01076ACC
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01020AD0 mov eax, dword ptr fs:[00000030h] 0_2_01020AD0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01054AD0 mov eax, dword ptr fs:[00000030h] 0_2_01054AD0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01054AD0 mov eax, dword ptr fs:[00000030h] 0_2_01054AD0
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105AAEE mov eax, dword ptr fs:[00000030h] 0_2_0105AAEE
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0105AAEE mov eax, dword ptr fs:[00000030h] 0_2_0105AAEE
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103AD00 mov eax, dword ptr fs:[00000030h] 0_2_0103AD00
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103AD00 mov eax, dword ptr fs:[00000030h] 0_2_0103AD00
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_0103AD00 mov eax, dword ptr fs:[00000030h] 0_2_0103AD00
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01016D10 mov eax, dword ptr fs:[00000030h] 0_2_01016D10
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01016D10 mov eax, dword ptr fs:[00000030h] 0_2_01016D10
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01016D10 mov eax, dword ptr fs:[00000030h] 0_2_01016D10
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_01054D1D mov eax, dword ptr fs:[00000030h] 0_2_01054D1D
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D8D10 mov eax, dword ptr fs:[00000030h] 0_2_010D8D10
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Code function: 0_2_010D8D10 mov eax, dword ptr fs:[00000030h] 0_2_010D8D10

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtWriteVirtualMemory: Direct from: 0x76F0490C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtAllocateVirtualMemory: Direct from: 0x76F03C9C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtReadVirtualMemory: Direct from: 0x76F02E8C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtCreateKey: Direct from: 0x76F02C6C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtSetInformationThread: Direct from: 0x76F02B4C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtQueryAttributesFile: Direct from: 0x76F02E6C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtAllocateVirtualMemory: Direct from: 0x76F048EC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtQuerySystemInformation: Direct from: 0x76F048CC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtQueryVolumeInformationFile: Direct from: 0x76F02F2C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtOpenSection: Direct from: 0x76F02E0C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtSetInformationThread: Direct from: 0x76EF63F9 Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtDeviceIoControlFile: Direct from: 0x76F02AEC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtAllocateVirtualMemory: Direct from: 0x76F02BEC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtCreateFile: Direct from: 0x76F02FEC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtOpenFile: Direct from: 0x76F02DCC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtQueryInformationToken: Direct from: 0x76F02CAC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtTerminateThread: Direct from: 0x76F02FCC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtProtectVirtualMemory: Direct from: 0x76EF7B2E Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtOpenKeyEx: Direct from: 0x76F02B9C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtProtectVirtualMemory: Direct from: 0x76F02F9C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtSetInformationProcess: Direct from: 0x76F02C5C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtNotifyChangeKey: Direct from: 0x76F03C2C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtCreateMutant: Direct from: 0x76F035CC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtWriteVirtualMemory: Direct from: 0x76F02E3C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtMapViewOfSection: Direct from: 0x76F02D1C Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtResumeThread: Direct from: 0x76F036AC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtAllocateVirtualMemory: Direct from: 0x76F02BFC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtReadFile: Direct from: 0x76F02ADC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtQuerySystemInformation: Direct from: 0x76F02DFC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtDelayExecution: Direct from: 0x76F02DDC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtQueryInformationProcess: Direct from: 0x76F02C26 Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtResumeThread: Direct from: 0x76F02FBC Jump to behavior
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe NtCreateUserProcess: Direct from: 0x76F0371C Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Section loaded: NULL target: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\NjjLYnPSZr.exe Section loaded: NULL target: C:\Windows\SysWOW64\compact.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: NULL target: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: NULL target: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Windows\SysWOW64\compact.exe Thread register set: target process: 8012 Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Windows\SysWOW64\compact.exe Thread APC queued: target process: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Program Files (x86)\GgYqMgcqoXPMXvtyiyEZaESyRKxvUmwsKaYTNWNknbnRFLfF\XFLTednCZUTqje.exe Process created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe" Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: XFLTednCZUTqje.exe, 00000002.00000002.3604301729.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000000.1895438945.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000000.2039209024.00000000016A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: XFLTednCZUTqje.exe, 00000002.00000002.3604301729.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000000.1895438945.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000000.2039209024.00000000016A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: XFLTednCZUTqje.exe, 00000002.00000002.3604301729.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000000.1895438945.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000000.2039209024.00000000016A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: XFLTednCZUTqje.exe, 00000002.00000002.3604301729.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000002.00000000.1895438945.0000000001591000.00000002.00000001.00040000.00000000.sdmp, XFLTednCZUTqje.exe, 00000006.00000000.2039209024.00000000016A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: }Program Manager

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\compact.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State Jump to behavior
Source: C:\Windows\SysWOW64\compact.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\SysWOW64\compact.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 0.2.NjjLYnPSZr.exe.df0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000002.3604353824.00000000035A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.3606411027.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.3604571155.0000000003490000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971161309.0000000000DF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.3604458798.00000000035F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971118603.0000000000D60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1971533263.0000000001E70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.3603288385.00000000030E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1530786 Sample: NjjLYnPSZr.exe Startdate: 10/10/2024 Architecture: WINDOWS Score: 100 24 www.beescy.xyz 2->24 26 yourtech-agency.com 2->26 28 18 other IPs or domains 2->28 36 Suricata IDS alerts for network traffic 2->36 38 Malicious sample detected (through community Yara rule) 2->38 40 Antivirus / Scanner detection for submitted sample 2->40 44 4 other signatures 2->44 9 NjjLYnPSZr.exe 2->9         started        signatures3 42 Performs DNS queries to domains with low reputation 24->42 process4 signatures5 48 Maps a DLL or memory area into another process 9->48 12 XFLTednCZUTqje.exe 9->12 injected process6 signatures7 50 Found direct / indirect Syscall (likely to bypass EDR) 12->50 15 compact.exe 13 12->15         started        process8 signatures9 52 Tries to steal Mail credentials (via file / registry access) 15->52 54 Tries to harvest and steal browser information (history, passwords, etc) 15->54 56 Modifies the context of a thread in another process (thread injection) 15->56 58 3 other signatures 15->58 18 XFLTednCZUTqje.exe 15->18 injected 22 firefox.exe 15->22         started        process10 dnsIp11 30 corverd.store 81.88.48.71, 49901, 49922, 49938 REGISTER-ASIT Italy 18->30 32 yourtech-agency.com 109.234.166.180, 50033, 50034, 50035 O2SWITCHFR France 18->32 34 7 other IPs or domains 18->34 46 Found direct / indirect Syscall (likely to bypass EDR) 18->46 signatures12
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
109.234.166.180
 yourtech-agency.com France
50474 O2SWITCHFR true
162.0.213.72
 www.beescy.xyz Canada
35893 ACPCA true
34.120.137.41
 connect.hostinger.com United States
15169 GOOGLEUS false
162.209.189.212
 kloeti.pc205kopl.com United States
40065 CNSERVERSUS true
118.99.50.8
 unknown Hong Kong
38186 FTG-AS-APForewinTelecomGroupLimitedISPatHK true
84.32.84.32
 ainude2.cloud Lithuania
33922 NTT-LT-ASLT true
104.21.21.230
 www.personalcaresale.shop United States
13335 CLOUDFLARENETUS true
3.33.130.190
 sacidasorte.com United States
8987 AMAZONEXPANSIONGB true
81.88.48.71
 corverd.store Italy
39729 REGISTER-ASIT true

Contacted Domains

Name IP Active
sacidasorte.com 3.33.130.190 true
kloeti.pc205kopl.com 162.209.189.212 true
www.tigun.top 23.249.190.35 true
www.beescy.xyz 162.0.213.72 true
go2super.app 3.33.130.190 true
corverd.store 81.88.48.71 true
www.personalcaresale.shop 104.21.21.230 true
yourtech-agency.com 109.234.166.180 true
connect.hostinger.com 34.120.137.41 true
mybodyradar.net 3.33.130.190 true
ainude2.cloud 84.32.84.32 true
www.ainude2.cloud unknown unknown
www.zt555.shop unknown unknown
www.sacidasorte.com unknown unknown
www.go2super.app unknown unknown
www.yourtech-agency.com unknown unknown
www.66hc7.com unknown unknown
www.mybodyradar.net unknown unknown
www.yosoyemy.com unknown unknown
www.corverd.store unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.mybodyradar.net/qyz6/?Sh=cO/WbHS7dDlPjWOw24pePOdtBvzI7qrstwS5E88tqn3GEGw6O6zMXAiSEd+QRtw+ArL2+ZdGEPoP/wr/W49OxjdcbcDVqf77kjZAc/w1Hn9qnxIMaTPUER4=&f6SpQ=_n84nZ4HGta true
    		unknown
    http://www.sacidasorte.com/dcai/?Sh=JzKwzxEjjJDs1ynMHer+TNevqF7oFKk+RBNCM6w6NpGOWZMZrcBh0esk0Vp2cdNARH8NLeIYDalhXOdQ0Ma7tvgTEF7hsrDYV+tcKJvJSVI5izhoL98hwXM=&f6SpQ=_n84nZ4HGta true
      		unknown
      http://www.beescy.xyz/m4qv/ true
        		unknown
        http://www.yosoyemy.com/o1rp/?Sh=TBsR9lfn+qQhrzhd4VN7whgaax1SSLbEYlfYc+CfPbvAogjyvhThgxnzNfioE4F1AGXhUEA9gsdduAUKMlkxrWhulp0A29FjViMz3Iaz4UFzPouUBmhdpGY=&f6SpQ=_n84nZ4HGta false
          		unknown
          http://www.66hc7.com/x35b/?Sh=fVDKJz+SStMVbfQUmkYKwfd/Kz5vW54YQ3dZU+tucUYAFBvCN7d4q6mFay3q8TR2KAYtpV66b4jE73PrL/8YW0e6Mz+digafyc3ZonBVmSzoReAw1BtBLHs=&f6SpQ=_n84nZ4HGta true
            		unknown
            http://www.beescy.xyz/m4qv/?Sh=P2TusARkbEgcEs+mDyMHtP9emvoSKlJZWWEgC4tjmOg8nAhT+FFe9yeelcBnkIXwjfDCMJlqRnnZfo12xo8UG7kWIL0+yfipd64llhGw+b1VwhgkmL0TKqs=&f6SpQ=_n84nZ4HGta true
              		unknown
              http://www.go2super.app/uqfz/?Sh=mcURcygGZpi8BUAEri2LzCX8yukoHIUSB9ATV0AA66/eXSD2DbYq2fDOBcTf2y0GiA7pk1o8xA7eBrRh6Cv9Vx9YWZ7NmBQtUSw3jvSSlGdRHD15Z6r2w2o=&f6SpQ=_n84nZ4HGta true
                		unknown
                http://www.personalcaresale.shop/7ug6/ true
                  		unknown
                  http://www.66hc7.com/x35b/ true
                    		unknown
                    http://www.zt555.shop/uj7x/ true
                      		unknown
                      http://www.yosoyemy.com/o1rp/ false
                        		unknown
                        http://www.corverd.store/3nzp/ true
                          		unknown
                          http://www.mybodyradar.net/qyz6/ true
                            		unknown
                            http://www.ainude2.cloud/wzoz/ true
                              		unknown
                              http://www.yourtech-agency.com/99um/?f6SpQ=_n84nZ4HGta&Sh=sejrBqbnhxLzIpZobXocfoJh7+Ax68vpI3pksmQcQlCqcURGXTbbLy2S/SU0nQLTr9eIuSCZyPnks+fy4cbgfRvRA7W8zuFue70e+ik0nvs8B1GRgQpORnQ= true
                                		unknown
                                http://www.go2super.app/uqfz/ true
                                  		unknown
                                  http://www.corverd.store/3nzp/?Sh=PglkqFvbbyb87SegldF7644R50nw13706su3sEKMhHJ419d8UFlSgmN6uEUbiABfJzkrsK6wePLWTRJFKAJP15xlx/rUOqsRMQGimgyXa3wd/uL7sq2sISc=&f6SpQ=_n84nZ4HGta true
                                    		unknown
                                    http://www.yourtech-agency.com/99um/ true
                                      		unknown